Interpol, Nigerian law enforcement agencies and security firm Group-IB have collectively uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. Three suspected members have been arrested in Nigeria.
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.
Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements. Rackspace tells customers it plans to fix the problem soon.
The U.K. NCSC responded to over 700 cyber incidents over a 12-month period, 200 of which were related to the COVID-19 pandemic, according to the cyber agency's annual report. NCSC also notes that's it's preparing to step-up its response to cyber incidents involving the NHS and vaccine development.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
A recently uncovered business email compromise scam that's targeting executives' Microsoft Office 365 accounts has hit over 150 organizations worldwide so far and netted the scammers about $15 million, according to incident response firm Mitiga.
The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.
A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro.
The day after President Trump issued executive orders to ban Chinese-owned social media apps TikTok and WeChat, Sanjay Virmani of the FBI's San Francisco office shared insights on the Chinese cyberthreat, election security and crime trends in the wake of COVID-19.
The U.S. Secret Service is combining its electronic and financial crime units into a single task force that will focus on investigating cyber-related financial crimes, such as BEC schemes and ransomware attacks. The move comes as lawmakers push for the Secret Service to take a more active role in fighting cybercrime.
Addressing digital payment security challenges requires having good identity verification capabilities as well as a strong authentication process that's friction-free for consumers, says Singapore-based Gautam Aggarwal, senior vice president and regional chief technology officer, Asia Pacific, at Mastercard.