On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old a…
Tag: A Little Sunshine
Europe, Global Security News, North America
Meet the Administrators of the RSOCKS Proxy Botnet
by BrianKrebs •
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicio…
Europe, Global Security News, North America
Why Paper Receipts are Money at the Drive-Thru
by BrianKrebs •
Check out the handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened.
The post Why Paper Receipts are Money at the Drive-Thru appear…
Europe, Global Security News, North America
Ransomware Group Debuts Searchable Victim Data
by BrianKrebs •
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ra…
Europe, Global Security News, North America
Adconion Execs Plead Guilty in Federal Anti-Spam Case
by BrianKrebs •
On the eve of their federal criminal trial for allegedly stealing vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct have agreed to plead guilty t…
Europe, Global Security News, North America
What Counts as “Good Faith Security Research?”
by BrianKrebs •
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines sta…
Europe, Global Security News, North America
Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
by BrianKrebs •
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ran…
Europe, Global Security News, North America
Senators Urge FTC to Probe ID.me Over Selfie Data
by BrianKrebs •
Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognit…
Europe, Global Security News, North America
Your Phone May Soon Replace Many of Your Passwords
by BrianKrebs •
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say …
Europe, Global Security News, North America
Russia to Rent Tech-Savvy Prisoners to Corporate IT?
by BrianKrebs •
Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people wit…
Europe, Global Security News, North America
Fighting Fake EDRs With ‘Credit Ratings’ for Police
by BrianKrebs •
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called i…
Europe, Global Security News, North America
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
by BrianKrebs •
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in …
Europe, Global Security News, North America
Conti’s Ransomware Toll on the Healthcare Industry
by BrianKrebs •
Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a …
Europe, Global Security News, North America
RaidForums Gets Raided, Alleged Admin Arrested
by BrianKrebs •
The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s large…
Europe, Global Security News, North America
Double-Your-Crypto Scams Share Crypto Scam Host
by BrianKrebs •
Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud a…
Europe, Global Security News, North America
The Original APT: Advanced Persistent Teenagers
by BrianKrebs •
Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breac…
Europe, Global Security News, North America
Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill
by BrianKrebs •
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s…
Europe, Global Security News, North America
A Closer Look at the LAPSUS$ Data Extortion Group
by BrianKrebs •
Microsoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish the information unless a ransom deman…
Europe, Global Security News, North America
Conti Ransomware Group Diaries, Part IV: Cryptocrime
by BrianKrebs •
Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and inte…
Europe, Global Security News, North America
Conti Ransomware Group Diaries, Part III: Weaponry
by BrianKrebs •
Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Today’s Part I…
Europe, Global Security News, North America
IRS: Selfies Now Optional, Biometric Data to Be Deleted
by BrianKrebs •
The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, …
Europe, Global Security News, North America
Report: Missouri Governor’s Office Responsible for Teacher Data Leak
by BrianKrebs •
Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say…
Europe, Global Security News, North America
Wazawaka Goes Waka Waka
by BrianKrebs •
In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a…
Europe, Global Security News, North America
IRS To Ditch Biometric Requirement for Online Access
by BrianKrebs •
The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the…
Europe, Global Security News, North America
Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams
by BrianKrebs •
Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who’s tricked dozens of start-ups into giving him tens of millions of dollars. Bernard’s latest victim — a Norwegian start…
Europe, Global Security News, North America
Who Wrote the ALPHV/BlackCat Ransomware Strain?
by BrianKrebs •
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat”), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we’ll…
Europe, Global Security News, North America
Scary Fraud Ensues When ID Theft & Usury Collide
by BrianKrebs •
What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One rea…
Europe, Global Security News, North America
Crime Shop Sells Hacked Logins to Other Crime Shops
by BrianKrebs •
Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming too…
Europe, Global Security News, North America
IRS Will Soon Require Selfies for Online Access
by BrianKrebs •
If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be …
Europe, Global Security News, North America
500M Avira Antivirus Users Introduced to Cryptomining
by BrianKrebs •
Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which ha…
Europe, Global Security News, North America
Norton 360 Now Comes With a Cryptominer
by BrianKrebs •
Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and enables customers to…
Europe, Global Security News, North America
Inside Ireland’s Public Healthcare Ransomware Scare
by BrianKrebs •
The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the …
Europe, Global Security News, North America
Canada Charges Its “Most Prolific Cybercriminal”
by BrianKrebs •
A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him a…
Europe, Global Security News, North America
The Internet is Held Together With Spit & Baling Wire
by BrianKrebs •
Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s largest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the world’s…
Europe, Global Security News, North America
The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back
by BrianKrebs •
One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends…
Europe, Global Security News, North America
Hoax Email Blast Abused Poor Coding in FBI Website
by BrianKrebs •
The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsi…
Europe, Global Security News, North America
‘Tis the Season for the Wayward Package Phish
by BrianKrebs •
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam…
Europe, Global Security News, North America
The ‘Groove’ Ransomware Gang Was a Hoax
by BrianKrebs •
A number of publications in September warned about the emergence of “Groove,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed…
Europe, Global Security News, North America
Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018
by BrianKrebs •
In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nea…
Europe, Global Security News, North America
KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”
by BrianKrebs •
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks …