Author: rescue@crimefire.in

AUSTIN – A newly unsealed federal grand jury indictment charges Mark Sokolovsky, 26, a Ukrainian national, for his alleged role in an international cybercrime operation known as Raccoon Infostealer, which infected millions of computers around the world with malware.
According to court documents, Sokolovsky, who is currently being held in the Netherlands pursuant to an extradition request by the United States, conspired to operate the Raccoon Infostealer as a malware-as-a-service or “MaaS.” Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency. These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims. Raccoon Infostealer then stole personal data from victim computers, including log-in credentials, financial information, and other personal records. Stolen information was used to commit financial crimes or was sold to others on cybercrime forums. 
In March 2022, concurrent with Sokolovsky’s arrest by Dutch authorities, the FBI and law enforcement partners in Italy and the Netherlands dismantled the digital infrastructure supporting the Raccoon Infostealer, taking its then existing version offline.
Through various investigative steps, the FBI has collected data stolen from many computers that cyber criminals infected with Raccoon Infostealer. While an exact number has yet to be verified, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world. The credentials appear to include over four million email addresses. The United States does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate.
The FBI has created a website where anyone can input their email address to determine whether it is contained within the U.S. government’s repository of Raccoon Infostealer stolen data. The website is raccoon.ic3.gov. If the email address is within the data, the FBI will send an email to that address notifying the user.  Potential victims are encouraged to fill out a detailed complaint and share any financial or other harm experienced from their information being stolen at FBI’s Internet Crime Complaint Center (IC3) at ic3.gov/Home/FileComplaint.
“This case highlights the importance of the international cooperation that the Department of Justice and our partners use to dismantle modern cyber threats,” said Deputy Attorney General Lisa O. Monaco. “As reflected in the number of potential victims and global breadth of this attack, cyber threats do not respect borders, which makes international cooperation all the more critical. I urge anyone who thinks they could be a victim to follow the FBI’s guidance on how to report your potential exposure.”
“I applaud the hard work of the agents and prosecutors involved in this case as well as our international partners for their efforts to disrupt the Raccoon Infostealer and gather the evidence necessary for indictment and notification to potential victims,” U.S. Attorney Ashley C. Hoff said. “This type of malware feeds the cybercrime ecosystem, harvesting valuable information and allowing cyber criminals to steal from innocent Americans and citizens around the world. I urge the public to visit the FBI’s Raccoon Infostealer website, find out if their email is within the stolen data, and file a victim complaint through the FBI’s IC3 website.”
“Today’s case is a further reminder the FBI will relentlessly pursue and bring to justice cyber criminals who seek to steal from the American public,” said FBI Deputy Director Paul Abbate. “We have once again leveraged our unique authorities, world-class capabilities, and enduring international partnerships to maximize impact against cyber threats. We will continue to use all available resources to disrupt these attacks and protect American citizens. If you believe you’re a victim of this cybercrime, we urge you to visit raccoon.ic3.gov.”
“This case highlights the FBI’s unwavering commitment to work closely with our law enforcement and private sector partners around the world to hold cybercriminals accountable for their actions and protect the American people from cybercrime,” said FBI Special Agent in Charge Oliver E. Rich Jr. “This case also serves as a reminder to public and private sector organizations of the importance to report internet crime and cyber threats to law enforcement as soon as possible. Working together is the only way we’re going to stay ahead of rapidly changing cyber threats.”
“This indictment demonstrates the resolve and close cooperation of the Army Criminal Investigation Division and the FBI working jointly to protect and defend the United States,” stated Special Agent in Charge Marc Martin, Army CID’s Cyber Field Office. “Army CID would also like to thank our law enforcement partners in Italy and the Netherlands.”   
Sokolovsky is charged with one count of conspiracy to commit computer fraud and related activity in connection with computers; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft. The Amsterdam District Court issued a decision on September 13, 2022, granting the defendant’s extradition to the United States. Sokolovsky has appealed that decision.
If convicted, Sokolovsky faces a maximum penalty of 20 years in prison for the wire fraud and money laundering offenses, five years for the conspiracy to commit computer fraud charge, and a mandatory consecutive two-year term for the aggravated identity theft offense. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
The FBI’s Austin Cyber Task Force, with the assistance of the Department of the Army Criminal Investigation Division (Army CID), is investigating the case. The FBI Austin Cyber Task Force is supported by Army CID, Austin Police Department, the Naval Criminal Investigative Service, the Round Rock Police Department and the Texas Department of Public Safety.
Victims of the Raccoon Infostealer can find more information at www.justice.gov/usao-wdtx/victim-assistance-raccoon-infostealer. Assistant U.S. Attorneys Michael C. Galdo and G. Karthik Srinivasan are prosecuting the case. The Department of Justice’s Office of International Affairs is assisting with foreign evidence requests and the extradition request.
U.S. Attorney Hoff and Special Agent in Charge Rich would also like to thank the FBI Legal Attachés in Rome, The Hague, and Warsaw for their assistance in the investigation and disruption of the Raccoon Infostealer, along with the following foreign partners: Ministry of Justice of Italy; Special Unit for the Protection of Privacy and Technological Fraud of the Italian Guardia di Finanza; Procura della Repubblica di Brescia; the Netherlands Ministry of Justice and Security; Netherlands Police; and Netherlands Public Prosecution Service.
An indictment is merely an allegation and the defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
###
 
Our nation-wide commitment to reducing gun crime in America
 
Report a Crime
Employment/Law Interns
Locate a Prison, Inmate, or Sex Offender
Apply for a Grant
Submit a Complaint
Report Waste, Fraud, Abuse or Misconduct to the Inspector General
Find Sales of Seized Property
Find Help and Information for Crime Victims
Register, Apply for Permits, or Request Records
Identify Our Most Wanted Fugitives
Find a Form
Report and Identify Missing Persons
Voluntary Self-Disclosure Policy
Monitor Selection for Corporate Criminal Enforcement
Contact Us

source

An official website of the United States government
Here’s how you know
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
 
 
 
Share
CMS Notifying Potentially Involved Beneficiaries and Providing Information on Free Credit Monitoring
The Centers for Medicare & Medicaid Services (CMS) is responding to a data breach at Healthcare Management Solutions, LLC (HMS), a subcontractor of ASRC Federal Data Solutions, LLC (ASRC Federal), that may involve Medicare beneficiaries’ personally identifiable information (PII) and/or protected health information (PHI). No CMS systems were breached and no Medicare claims data were involved. Initial information indicates that HMS acted in violation of its obligations to CMS and that the incident involving HMS has the potential to impact up to 254,000 Medicare beneficiaries’ personally identifiable information out of the over 64 million beneficiaries that CMS serves. This week, CMS is mailing beneficiaries that have been potentially impacted a letter from CMS notifying them directly of the breach.  A copy of that letter can be found below.
“The safeguarding and security of beneficiary information is of the utmost importance to this Agency,” said CMS Administrator Chiquita Brooks-LaSure. “We continue to assess the impact of the breach involving the subcontractor, facilitate support to individuals potentially affected by the incident, and will take all necessary actions needed to safeguard the information entrusted to CMS.”
The services provided to CMS under the contract with ASRC Federal include resolving system errors related to Medicare beneficiary entitlement and premium payment records. The contractors’ services also support the collection of Medicare premiums from the direct-paying beneficiary population. The contractor does not handle Medicare claims information.
CMS is notifying Medicare beneficiaries whose PII and/or PHI may have been put at risk as a result of the breach that they will receive an updated Medicare card with a new Medicare Beneficiary Identifier, be offered free-of-charge credit monitoring services, and will provide additional information about the incident.  
Sample letter to potentially affected beneficiaries:
[CMS LOGO]
 
Dear <<BENEFICIARY>>
We are writing to inform you of a potential privacy incident involving your personal information related to Medicare entitlement and premium payment records. The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages the Medicare program, is sending you this letter so that you can understand more about this incident, how we are addressing it, and additional steps you can take to protect your privacy. We will issue you a new Medicare card with a new Medicare Number and have provided information with this notice on free credit monitoring services. This does not impact your Medicare benefits or coverage.
What Happened?
 On October 8, 2022, Healthcare Management Solutions (HMS), LLC, a CMS subcontractor, was subject to a ransomware attack on its corporate network. HMS handles CMS data as part of processing Medicare eligibility and entitlement records, in addition to premium payments. Initial information indicates that HMS acted in violation of its obligations to CMS, and CMS continues to investigate the incident. No CMS systems were breached, and no Medicare claims data were involved. On October 9, 2022, CMS was notified that the subcontractor’s systems had been subject to a cybersecurity incident but CMS systems were not involved. As more information became available, on October 18, 2022, CMS determined with high confidence that the incident potentially included personally identifiable information and protected health information for some Medicare enrollees. Since then, CMS has been working diligently with the contractor to determine what information and which individuals may have been impacted.
What Information Was Involved?
After careful review, we have determined that your personal and Medicare information may have been compromised. This information may have included the following:
No claims data were involved in this incident.
What We Are Doing
When the incident was reported, we immediately started an investigation, working with the contractor and cybersecurity experts to identify what personal information, if any, might have been compromised. CMS is continuing to investigate this incident and will continue to take all appropriate actions to safeguard the information entrusted to CMS.
What You Can Do
At this time, we’re not aware of any reports of identity fraud or improper use of your information as a direct result of this incident. However, out of an abundance of caution we are issuing you a new Medicare card with a new number. CMS will mail the new card to your address in the coming weeks. In the meantime, you can continue to use your existing Medicare card. After you get your new card, you should:
1. Follow the instructions in the letter that comes with your new card.
2. Destroy your old Medicare card.
3. Inform your providers that you have a new Medicare Number.
While we continue to investigate what, if any, banking information may have been compromised, if you have concerns, please contact your financial institution and let them know your banking information may have been compromised. Additionally, you can enroll in free Equifax Complete Premier credit monitoring service. You do not need to use your credit card to enroll in the service. To activate your free credit monitoring:
For questions about the credit monitoring service or to enroll in Equifax Complete Premier over the phone, please call Equifax’s customer care team by (insert date) at <<xxx-xxx-xxxx>>.
We have enclosed additional information about other steps you can take to further protect your privacy.
For More Information
We take the privacy and security of your personal information very seriously. We apologize for the inconvenience this privacy incident has caused. 
If you have any further questions regarding this incident, please call the Equifax dedicated and confidential toll-free response line at <<xxx.xxx.xxxx>>. This response line is staffed with professionals familiar with this incident who know what you can do to protect against misuse of your information. The response line is available Monday through Friday, <<X>>am to <<X>>pm Eastern. You can also call 1-800-MEDICARE (1-800-633-4227) with any general questions or concerns about Medicare.
###
CMS News and Media Group
Catherine Howden, Director

Media Inquiries Form
202-690-6145
Sign up to get the latest information about your choice of CMS topics in your inbox. Also, you can decide how often you want to get updates.
A federal government website managed and paid for by the U.S. Centers for Medicare & Medicaid Services.
7500 Security Boulevard, Baltimore, MD 21244

source

Several large-scale data breaches impacted millions of Australians’ personal information in the second half of 2022, as part of a 26% increase in breaches overall, according to the latest Notifiable data breaches report released today.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said cyber security incidents in particular can have significant impacts on individuals, and organisations need to be alert to the risks.
“We saw a significant increase in data breaches that impacted a larger number of Australians in the second half of 2022,” she said.
“Cyber security incidents continue to have a significant impact on the community and were the cause of the majority of large-scale breaches.”
Thirty-three of the 40 breaches that affected over 5,000 Australians were the result of cyber security incidents.
“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Commissioner Falk said.
“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”
Commissioner Falk said organisations need to be vigilant as large-scale compromises of personal information may lead to further attacks.
“As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks, such as targeted social engineering, impersonation fraud and scams, can increase.
“Organisations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimise the risk of further harm to individuals,” she said.
The Office of the Australian Information Commissioner has clear expectations of best practice with regard to data breach preparation and response, to ensure individuals are protected from harm.
“In response to a breach, organisations need to provide information to individuals that is timely and accurate.
“As well as setting out the kinds of information breached, the notification must include recommendations about clear steps people should take in response,” said Commissioner Falk.
The reporting period also saw the enactment of the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022. Among other things, the Act:
“While we will continue to work with organisations to facilitate voluntary compliance, we will use these regulatory powers where required to ensure compliance with the Notifiable Data Breaches scheme,” said Commissioner Falk.
“We also welcome the further proposals to strengthen the Notifiable Data Breaches scheme in the Attorney-General’s Department’s Privacy Act review report.”
Read the Notifiable data breaches report July to December 2022.
1300 363 992
GPO Box 5288 Sydney
NSW 2001
ABN: 85 249 230 937
View all contact details here
We acknowledge the traditional custodians of Australia and their continuing connection to land, sea and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

source

In 2022, 59 percent of business in the Asia-Pacific region reported being the victim of a cyber attack, 32 percent reported being the victim of multiple cyber attacks and the region suffered a shortage of 2.1 million cyber security professionals.
This has culminated in the Asia-Pacific region being victim to a number of high-profile cyber attacks within the last 12 months. In this article, Cyber Security Hub explores seven of these attacks.
In December 2022, an IT managed service provider that supports a range of organizations across New Zealand including several within its government suffered a cyber attack, compromising access to its data and systems.
Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora (Health New Zealand), although health service delivery was not been affected. 
The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack impacted access to some coronial data. This allegedly included thousands of autopsy reports.
New Zealand’s National Cyber Security Center (NCSC) said that it was coordinating governmental response to the cyber attack, both within the Government Communication Security Bureau and alongside the New Zealand Police, CERT NZ and the Privacy Commissioner.
Lisa Fong, deputy director-general of the NCSC, said that the organization is working with the compromised third party to “understand more fully the nature of the data that has been impacted” and how the cyber attack occurred. 
On October 13, 2022, Australian health insurance provider Medibank suffered a data breach which affected 9.7 million people.
The malicious actor responsible for the breach attempted to extort the company by contacting them directly to negotiate the release of the data. Medibank refused, which led to the hacker releasing private medical information obtained in the breach on the dark web.
The hacker posted a file labelled “abortions” to a site backed by Russian ransomware group REvil on November 10, 2022, which apparently contained information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.
They also released files containing customer data called “good-list” and “naughty-list” on November 9, 2022. The so-called “naughty-list” reportedly includes details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.
The hacker added to the November 10 data leak post, saying: “Society ask us about ransom, it’s a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer.”
During question time in Australian Parliament on November 10, minister of home affairs Clare O’Neil hit back at the hackers, saying: “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming [at] you.
“I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cyber-security but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”
David Koczkar, CEO of Medibank, called the release of the data “disgraceful” and a “weaponization of people’s private information”. He also called those involved in the cyber-attack and data leak “deplorable”.
In an attempt to protect those affected by the cyber security incident and the subsequent data leaks, Medibank urged members of the public and the media to not “unnecessarily download sensitive personal data from the dark web” and to “refrain from contacting customers directly”.
On October 7, 2022, Japanese car manufacturer Toyota issued a statement and an apology after it was discovered that third parties may have gained unauthorized access to customer details between December 2017 and September 2022. 
The breach occurred because a section of the source code for T-Connect, an app which allows customers to connect their phone to their car, had been posted on source code repository GitHub in December 2017. As the source code contained an access key for the server, this may have allowed unauthorized access to customer data for five years.
Any customers who registered for the app from December 2017 to September 2022 were at risk for their data being accessed, meaning the data for a potential 296,019 customers may have been leaked. The information available for access included email addresses and customer management numbers. Personal or sensitive information including payment card information, name and address were not accessed.
Following a security investigation, Toyota said that while it “cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time [it] cannot completely deny it”.
Toyota also said that it would individually notify all those who were affected by the breach.  
Australian online retail marketplace MyDeal confirmed in October 2022 that it was the victim of a data breach that exposed the data of around 2.2 million customers.
The retailer, which is a subsidiary of supermarket chain Woolworths, said that it would be contacting all those affected by the breach via email, as well as alerting the “relevant regulatory authorities and government agencies”.
Woolworths said that the breach was caused by a malicious actor using “a compromised user credential” to gain unauthorized access to MyDeal’s Customer Relationship Management (CRM) system.
Customer information exposed during the cyber-attack included names, dates of birth, phone numbers and email addresses. For 1.2 million customers, the data exposed was limited to their email address. Confidential information like passport, payment card and drivers license details is not stored by MyDeal, and therefore was not exposed in the hack.  
A GPS tracker manufactured by Chinese company MiCODUS was been revealed to have numerous critical cyber security vulnerabilities that could allow bad actors to remotely hack a vehicle’s system in August 2022. 
At the time of the discovery, the MiCODUS MV720 GPS tracking device had been sold to customers across 169 countries and installed in more than 1.5 million devices. 
The critical cyber security issues were first discovered by cyber security startup BitSight. Following the discovery of the vulnerabilities, BitSight informed the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The CISA confirmed that “successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands and the disarming of various features (e.g. alarms)”. 
In a report on the vulnerabilities, BitSight said it had found MiCODUS devices were being used by a range of organizations including “a Fortune 50 energy company, a national military in South America, a national government and a national law enforcement organization in Western Europe, and a nuclear power plant operator”.
It was also revealed that MiCODUS has a global customer base of 420,000, with 1.5 million devices sold. However, BitSight did note that it was unable to determine the number of MiCODUS MV720 units currently in use globally, as well as the number of MiCODUS devices used for personal or businesses uses.
Australian telecommunications company Telstra revealed on Tuesday that it had been hit by a data breach that had revealed the details of 30,000 current and former employees.
The details included employee’s first and last names and email addresses, and were posted on hacking forum BreachedForums.
In a tweet, Telstra confirmed that the data leak “wasn’t a breach of any Telstra system” and that it has notified its employees and authorities first, before notifying former employees, despite “minimal risk” to them.
You may have heard about a data breach involving Telstra employee details. Here are the key facts:

👉 This wasn’t a breach of any Telstra system
👉 No customer account info was included
👉 The data includes first/last names and employee email addresses
👉 The data is from 2017


A Telstra spokesperson said the company had been “made aware of a data breach affecting a third party that included limited Telstra employee information from 2017.”
Of the information shared, 12,800 of the employees named were current employees.
Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that led to the details of 11 million customers being accessed.
The information accessed includes customers’ names, dates of birth, phone numbers, email addresses, home addresses, driver’s license and/or passport numbers and Medicare ID numbers. Payment detail and account passwords were not compromised in the breach.
Optus confirmed that it has now contacted all customers to notify them of the cyber-attack’s impact, beginning with those who had been affected by the breach and finishing with those who had not had their data accessed.
Someone claiming to be the hacker told Australian journalist Jeremy Kirk that they had “accessed an unauthenticated API endpoint” meaning that they did not have to log in to access the data and that it was “all open to internet for any one[sic] to use”.
A person claiming to be the hacker responsible for the data breach posted a small sample of the customer data stolen to the hacking forum BreachedForums on September 23. 
Using the alias optusdata, the hacker demanded that Optus pay them $1mn ransom, or they would leak the data of all 11 million customers affected by the breach. When Optus did not respond to the ransom demand, optusdata then posted a text file of 10,000 customer data records on September 26, allowing other malicious actors to use the data in their own phishing campaigns.
Victims of the breach reported on September 27 that they had been contacted with demands that they pay AU$2,000 (US$1,300) or their data will be sold to other hackers.
However, on the same day, the supposed hacker posted a new message on BreachedForums, rescinding their demand and apologizing to Optus.
The hacker said there were “too many eyes” so they will not be selling the data to anyone and claimed that they had deleted all the data from their personal drive, and that they had not made any copies. They offered an apology also to the 10,200 people who had their data exposed via their posts on BreachedForums, and to Optus itself, saying “hope all goes well with this”.
They finished by saying they “would have reported [the] exploit if [Optus] had [a] method to contact” and that while the ransom was not paid, they “dont[sic] care anymore” as it was a “mistake to scrape publish data in the first place”.

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
22 March, 2023

Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-20
10:00 AM – 11:00 AM EST
2023-04-12
10:00 AM – 11:00 AM EST
2023-04-05
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

By John P. Mello Jr.
Contributor, CSO |
An underground economy that mirrors its legitimate ecommerce counterpart is supercharging online criminal behavior, according to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing, the report notes.
It found that competition in the underground has driven down the price of malicious tools, making them affordable to anyone. In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10. A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and crypters for $1.
“As we got into the 2010s, we started to see a really big push toward commoditization,” said Michael Calce, a former hacker known as “MafiaBoy” and chairman of HP Wolf Security Advisory Board, speaking at an online “fireside chat” on the report. “These communities and hackers are looking to push these exploits out at a cheaper price. Why? Because there’s competition involved now.”
As the underground economy became more like the above-board economy, it’s had to grapple with trust. “We’re seeing a lot of mechanisms that the operators of underground markets have come up with to encourage fair dealings between buyers and sellers,” explained Alex Holland, a senior malware analyst at HP Wolf and author of the report, also speaking at the fireside chat.
Those mechanisms include vendor feedback scores—all cybercriminal marketplaces include those, according to the report. In addition, 92% of the marketplaces have some kind of third-party service for resolving disputes, 85% have escrow services, and 77% require “vendor bonds,” which must be paid before anyone can start selling in the marketplace.
“Vendor bonds discourage short-term scammers,” Holland said. “In order to sell on an underground market, you need to reach a certain threshold of revenue. If you’re a scammer, you’re never going to meet that threshold.”
Looking ahead, the report identified four trends security pros should be aware of, such as an increase in destructive data denial attacks. “We can expect to see extortion attacks using the threat of data destruction against sectors that depend on IoT devices and data in time-sensitive and critical ways,” the report predicted.
Another trend identified in the report is a continuation of the blurring of lines between criminals and nation-state threat actors, with criminals adopting techniques that require human-operated attacks harnessing a deep understanding of victims’ networks.
Meanwhile, nation-states will show a greater interest in monetizing their activity. “Nation-states not only see the internet and cybercrime as strategic tools, but also to use cybercrime as a way of generating GDP,” said Mike McGuire, a senior lecturer in criminology at the University of Surrey in the UK, speaking at the fireside chat.
The report also warned of threat actors using leading-edge technologies to power their malicious activities. Deep fakes could be used to power data integrity attacks, for example, and “cloud cracking” could become catastrophic if powered by a quantum computer.
In the future, attackers will focus less on new vulnerabilities and more on efficiently exploiting old ones, the report added. “We are likely to see attackers using AI and machine learning techniques to enable targeted spear-phishing attacks at scale.”
A world rife with cyber threats is the reality everyone has to live in, Calce observed. “We’ve decided to surround ourselves with technology,” he says. “We did not make security the core feature of this technology. Now we’re paying the price.”
John Mello writes on technology and cyber security for a number of online publications and is former managing editor of the Boston Business Journal and Boston Phoenix.
Copyright © 2022 IDG Communications, Inc.
Copyright © 2023 IDG Communications, Inc.

source

ipopba / iStock / Getty Images Plus via Getty Images
The rapid proliferation of new attack surfaces means more opportunities for threat actors than ever before, and this will only continue as new technologies are introduced, according to Vulcan Cyber’s Cyber Risk in 2022: A 360° View report.
The report, developed by the Vulcan Cyber in-house research team, Voyager18, highlights the biggest developments and underlying narratives to cyber risk in 2022 and suggests ways to improve and maintain security posture as we enter 2023. According to the report, organizations need to be aware of the following seven trends in 2023:

Security in the cloud remains immature, with default cloud services often providing inadequate essential security functions. Threat actors are keenly aware of this, and security teams must keep up with their organizations’ appetite for cloud adoption.

With around two-thirds of the world’s population using smart devices as of 2021, it is no surprise that mobile is fast emerging as a major target for threat actors. Attackers leverage easy opportunities in e-commerce, banking and online booking applications. With mobile devices not going anywhere soon, this attack surface will only continue to grow.

Expect to see more sophisticated and targeted attacks on Internet of Things (IoT) devices and a greater range of malicious actors targeting this technology in their attacks.

The healthcare sector is increasingly vulnerable with more patient data being stored online and in the cloud, and the residual impact of the COVID-19 pandemic on healthcare services.

A welcome development for 2023 will be the increased implementation of advanced machine learning and other artificial intelligence (AI) techniques in identifying and responding to threats.

An organization’s user base will remain a primary target, with threat actors leveraging phishing, social engineering, and other techniques to try to compromise the organization’s employees and their customers.

With the avenues of attack growing in number, IT security teams cannot rely on outdated methods to stay secure.
The report explores a number of ways organizations can meet the increased demands of the cyber risk landscape, including:
For more information, visit www.securitymagazine.com.

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
CISA is committed to supporting efforts to maintain safe and secure houses of worship and related facilities while sustaining an open and welcoming environment. In partnership with the Department of Homeland Security Center for Faith-Based and Neighborhood Partnerships and the Faith-Based Information Sharing and Analysis Organization, CISA provides resources that assist houses of worship in securing physical and cyber infrastructure.
CISA is a first stop for guidance and resources to inform FBO-HOW security-based decisions. Included below are numerous resources, which provide building blocks for effective safety and security programs. The resources include a guide, a self-assessment tool, trainings, exercises, and other materials focused on a wide range of man-made threats (e.g., bombing, active shooter, vehicle ramming, etc.) that could be used against the FBO-HOW community.
These resources are intended to help act as the building blocks for improving the security of an organization’s congregants and facilities.
This Paper-based Security Self-Assessment to assists personnel to understand potential vulnerabilities and identify options for consideration to mitigate them.
The guidance and resources on this page outline in-depth procedures for either bomb threats or suspicious items and will help you prepare and react appropriately during these events.
This tool is designed to guide personnel at houses of worship through a security-focused self-assessment to understand potential vulnerabilities and identify options for consideration in mitigating those vulnerabilities.
This tool is designed to guide personnel at houses of worship through a security-focused self-assessment to understand potential vulnerabilities and identify options for consideration in mitigating those vulnerabilities. 
Building a safe and secure environment for faith-based communities is no different than typical security planning. However, there are nuances pertaining to a congregation’s desire for openness and access, engagement with their congregants and visitors, and rituals that may be impacted by heightened security. 
There are several factors that must be considered when making security decisions and planning security enhancements. Knowing the factors that influence your facility’s overall security risk will provide you with focus areas and shed light on where to begin lowering risk. CISA provides a variety of resources, which, when used effectively, can help you improve your preparedness and the safety and security of your community.
Today, houses of worship face a unique set of safety and security challenges that they didn’t just a few years ago. This video was developed to inform the faith-based community about options for consideration to mitigate risk to places of worship and related facilities.
The PSA Program’s primary mission is to proactively engage with federal, state, local, tribal, and territorial government mission partners and members of the private sector stakeholder community to protect critical infrastructure.
The US Department of Homeland Security through FEMA provides nonprofit security grants, which are managed in partnership through each state’s Homeland Security Advisor’s office, to improve facility security, preparedness, and emergency planning.
A trusted community that shares timely, actionable, and relevant information with an all-hazards approach as incidents affecting the community come in the form of physical threats, cybersecurity issues, health outbreaks, and natural disasters.
A trusted network to share sensitive but unclassified information. FSLTT and private sector partners can use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to perform their duties.
If you would like more information on upcoming webinars and resources from the DHS Center for Faith-Based and Neighborhood Partnerships, please contact Partnerships@fema.dhs.gov.

source

Sign in
A newsletter briefing on cybersecurity news and policy.
with research by Aaron Schaffer
A newsletter briefing on cybersecurity news and policy.
Welcome to The Cybersecurity 202! We don’t really cover it in today’s edition, but I partly suspect one of the reasons BEC (defined below) doesn’t get as much attention as other cybercrimes is because it has a lame-sounding acronym.
Below: Records indicate that an Indian intelligence agency bought equipment from NSO Group, and an undersea cable disruption causes issues on an island. But first:
As ransomware steals the headlines, another kind of cybercrime is quietly making off with far, far more money — and there are signs it’s on the rise, too.
In “business email compromise,” or BEC, criminals pose as someone a victim trusts, such as their company’s CEO, sometimes by hacking them and taking over their email. The criminals send an urgent message to transfer money, which they then pilfer.
BEC regularly tops the FBI’s annual list of costliest internet crimes, which it collects from complaint data. In 2021, BEC accounted for approximately a third of the year’s $6.9 billion in cyber losses — around $2.4 billion. Ransomware lagged behind with just $50 million. An FBI alert from May said the amount of BEC losses and attempted theft increased as a result of the coronavirus pandemic, which forced companies to conduct more routine business virtually.
During the second quarter of this year, cybersecurity company Arctic Wolf said the rate of BEC cases it responded to doubled, from 17 percent to 34 percent. 
Adding to the risks of BEC, it’s also a kind of cybercrime that thrives on volume.
“We end up with a situation that is really death by 1,000 papercuts,” Pete Renals, principal threat researcher for Palo Alto Networks’ Unit 42, told me. (The company this year alone has aided in multiple Interpol and Nigerian Police Force operations to arrest BEC suspects.)
There are a number of reasons BEC has proven so effective for so long.
Most of what the BEC criminals do is “really easy,” and the techniques have been honed over time such that “they’re really just rinsing and repeating at this stage of BEC evolution,” Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, told me.
It’s not hard to deploy malware that steals access to accounts and sends an email to a victim from that compromised account, he said. The part that’s harder is setting up the bank accounts to move money around, he said, but gangs have figured out how to manage that, too.
The criminals also don’t have to target big companies to be effective, Kalember said.
It’s also a kind of crime that takes advantage of people’s trustworthy sensibilities, Daniel Thanos, vice president of Arctic Wolf Labs, told me. “Human nature sometimes is too trusting,” he said. “People also respond to urgency.” 
Unlike other cyber-related crimes, the victims don’t always know they’ve been hit until much later, Renals said. A ransomware attack encrypts an organization’s systems, grinding everything to a halt immediately. Law enforcement can help get ransom payments back, but by the time someone realizes they’ve been scammed by a BEC criminal, the money’s usually long gone.
BEC doesn’t get as much attention in part because of the ways it’s not like ransomware. 
It’s not destructive, like a ransomware attack can be if it shuts down a hospitals’ systems. Because it doesn’t hit key systems, it’s not treated as any kind of national security threat, Renals said. Because of the “death by 1,000 papercuts” effect, the smaller heists that add up over time are also less likely to make news, he said.
Many of the thefts might not even get reported. That’s because being the victim of a BEC scam is potentially more embarrassing than suffering a ransomware attack, Renals said.
“With ransomware, they got into a vulnerability in your network. It happens,” he said. “With business email compromise … that is a very embarrassing story to say, ‘Hey, I got an email from the CEO that told me to transfer money and I did it.’ Nobody wants to own up to that because there’s more of a human aspect there.”
BEC also isn’t interesting in a technical way that might get a ton of attention from security researchers who would make headlines presenting about it at a high-profile cyber conference, Kalember said.
Some of the ways to defend against BEC are similar to the way anyone would defend against most cyberattacks, like using multi-factor authentication to protect email accounts.
Some sound more mundane, but can make a big difference. “Have an actual process that is validated and tested for how you authorize funds to leave your company,” Renals said. “No funds should ever leave you just based off an email, right? There should be someone you call, there should be a piece of paper that has to be signed and physically handed.”
Import data shows that India’s domestic intelligence agency received a shipment of hardware from NSO Group in 2017 that matches what has been used to run Pegasus spyware, the Organized Crime and Corruption Reporting Project’s Sharad Vyas and Jurre van Bergen report. While it doesn’t conclusively show that the agency purchased Pegasus, it adds to a growing body of evidence about India and the spyware.
“The consignment included Dell computer servers, Cisco network equipment, and ‘uninterruptible power supply’ batteries, which provide power in case of outages, according to a bill of lading obtained through a global trade data platform that draws on national customs documents,” they write. “The shipment, delivered by air, was marked ‘for Defence and Military Use’ and cost $315,000. That description — and the timing of the shipment — appeared to match the account given in January by the New York Times, which reported that Pegasus and a missile system had been ‘centerpieces’ of a major 2017 arms deal between Israel and India.”
Pegasus has infected at least seven phones in India, The Post previously reported. Indian authorities said at the time that “the allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever.” It also said lawful surveillance occurs through a “well established procedure.” NSO Group denied the “false claims” in reports by The Post and its media partners.
NSO Group and the spy agency, the Intelligence Bureau. didn’t respond to OCCRP’s request for comment.
U.S. authorities seized billions of dollars in stolen cryptocurrency whose value soared after a 2016 hack, but Bitfinex and its customers could battle in court over who the rightful owners are, CNBC’s Jessi Joseph and Eamon Javers report. Bitfinex says it made its customers whole by providing them with digital tokens they could sell after the hack, but some customers say what they were given wasn’t valuable and they didn’t have another choice besides accepting the funds.
“Essentially, Bitfinex wants the bitcoins that were stolen in the 2016 hack returned to the company and it will give a portion of that back to some of their customers in cash, not in bitcoins,” Joseph and Javers write. “But some of the hack victims still assert the bitcoins belong to them. And the idea that they could lose their bitcoins not once, but twice, seems impossible.”
People and entities who claim that their money was stolen will be able to submit claims to a court that will decide how the money will be distributed, Deputy Attorney General Lisa Monaco told CNBC. But authorities are still prosecuting a couple — Heather Morgan and Ilya Lichtenstein — who they say conspired to launder the cryptocurrency, and that could hold up the process.
Scottish First Minister Nicola Sturgeon said there was an emergency situation on Shetland after the disruption of an undersea cable, the BBC reports. People on the islands were not able to use some telephones or pay with credit cards at some shops, the outlet reported.
Faroese Telecom’s head of infrastructure, Páll Vesturbú, told the BBC that the firm believes the cable disruption — and another one last week, which affected a cable connecting Shetland and Faroe — was caused by a fishing vessel.  
NATO has warned that undersea cables are vulnerable and some experts fear that Russia could target cables, which transmit most internet traffic, amid the war in Ukraine. In April, U.S. authorities in Hawaii said they had disrupted a “significant breach involving a private company’s servers associated with an undersea cable” by an “international hacking group.” They haven’t released additional information.
MercyOne says it has begun restoring systems following ransomware attack (Des Moines Register)
Twitter purges foreign network of fake accounts trying to sway Israeli elections (Haaretz)
Loeffler’s texts post-2020 election go public, raising new investigative questions (Politico)
Top DOJ official ‘pleased’ with multiagency and branch response to courts data breach (CyberScoop)
Dog slide.. 😊

🎥 IG: wim.berendsen.dtc pic.twitter.com/LhMGAWNhTC
Thanks for reading. See you next week.

source

The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cyber crime syndicate called Black Axe.
“‘Black Axe’ and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish lifestyles and other criminal activities, from drug trafficking to sexual exploitation,” the agency said.
The law enforcement effort, codenamed Operation Jackal, involved the participation of Argentina, Australia, Côte d’Ivoire, France, Germany, Ireland, Italy, Malaysia, Nigeria, Spain, South Africa, the U.A.E, the U.K., and the U.S.
Black Axe, which originated as a confraternity in Nigeria around 1977 before evolving into a mafia group, has not only been linked to killing and scamming operations, but also has been accused of infiltrating the country’s political system.
Two of the alleged online scammers, who were arrested late last month in South Africa, are believed to have orchestrated a variety of fraudulent schemes that netted them $1.8 million from victims.
The probe further led to 49 property searches, resulting in the seizure of 12,000 SIM cards and other luxury assets, including a residential property, three cars, and tens of thousands in cash. It also intercepted €1.2 million in the suspects’ bank accounts.
In October 2021, eight members of the cartel were charged by the U.S. Justice Department for engaging in “widespread internet fraud involving romance scams and advance fee schemes” from at least 2011 through 2021.
“Illicit financial funds are the lifeblood of transnational organized crime, and we have witnessed how groups like Black Axe will channel money gained from online financial scams into other crime areas, such as drugs and human trafficking,” Interpol’s Stephen Kavanagh said.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

The Home of the Security Bloggers Network
Home » Cybersecurity » Cyberlaw » The FBI Told Me: Analyzing the FBI’s Cyber Crime Report
When you are a vendor who provides a valuable service, you look for opportunities to help companies. Sometimes, a vendor’s claims can be exaggerated or even contrived. For that reason, we refer to trusted third-party data to make our point. This month we will use the FBI’s annual Internet Crime Report to show the continued rise of social engineering attacks in the US, especially through voice phishing, or as its commonly referred, vishing.
The FBI’s Internet Crime Complaint Center tracks cybercrime complaints and data each year and compares the result from the previous five years. As one might expect, both the number of complaints and the financial losses to cybercrimes has increased each year.
The report breaks down the crime types into thirty different categories including denial of service, computer intrusion and gambling. However, the majority could be considered scam or social engineering related. Among the scams, the FBI includes Romance Scams, Rental Scams and the largest category, Phishing/Vishing/SMiShing/Pharming.
This FBI report graph shows just how much the social engineering category outweighs even the next four most common crime types.
Most are aware of phishing as a malicious attack that often comes through a messaging service like email. Vishing is voice phishing, where an attacker tries to elicit sensitive information or action over the phone. SMiShing is similar to phishing but uses SMS, or text messages.
The last category, pharming, can be difficult to understand its difference from phishing, as both will often include a lookalike or fake web page that steals data. The real difference between the two is how the victim arrives at the page. With phishing, the victim will be directed to the data-stealing page by a message of some type, often an email. In a pharming attack, the victim will arrive at the page passively, such as by search results, purchased advertising, or a watering hole attack. Instead of the attack being targeted through a message like an email or text, the attack sits passively, letting interested and unaware victims walk right in.
The FBI report also includes other attack types, including Business Email Compromise (BEC) and Ransomware. These are two other attack vectors we hear about often. These are both legitimately concerning attacks for businesses and keep security practitioners awake at night. However, there is an aspect to them that is often overlooked, the initial vector to these attacks. How does an attacker send emails from inside a business executive’s mail account? How does an attacker get sufficient access to a network to install ransomware? That initial threat vector is often through social engineering.
The attackers may use a phishing email to obtain a password to a mailbox. Once they have access to the victim’s mailbox, the attackers can send trusted emails within the company. If your job is to pay invoices and the Chief Financial Officer sent you an email from their corporate account and asked you to pay an invoice, you likely would do it. If a high-level manager sends an email asking for information on employees, salaries, customers or the latest project, the recipient will trust that email and respond. This is how a BEC can be devastating to a company.
Malware and ransomware also will often find a foothold through social engineering. Attackers may try to attach the malware to an email, but modern email filters are doing a much better job of blocking those attacks. Another vector is to load the malware from a web site after the victim clicks on a link.
A third method attackers use is through what the FBI refers to as Tech Support Fraud (TSF). Over the last five years, the FBI has reported a huge increase in TSF financial losses from $14 million in 2017 to more than $347 million in 2021. The way that TSF can play a role in malware and ransomware infections is the attacker calls employees as a trusted member of the IT department and gets the employee to install remote access software on their computer. Once the software is installed, the attacker has full access to the workstation, the same access as if they were sitting in the employee’s seat. The attacker can then install the ransomware, force it to propagate through the network, locking up vital resources within the company.
We know that cybersecurity intrusions are a problem, and this FBI report indicates they are increasing. Where problems of past years have been in the software and lack of updates and patching, now they are more human-based. IT departments have done an outstanding job of hardening their networks to technical attacks. However, companies now need to be more focused on the employees. Companies need to focus more on education and testing of the human attack vector. As the FBI report showed, social engineering is currently the top risk, and it is increasing.
To test your employees against vishing and phishing attacks or even from an on-site physical access compromise see how Social-Engineer, LLC can help you.
 
At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:
https://www.Social-Engineer.com/Managed-Services/.
*** This is a Security Bloggers Network syndicated blog from Social-Engineer, LLC authored by Social-Engineer. Read the original post at: https://www.social-engineer.com/the-fbi-told-me-analyzing-the-fbis-cyber-crime-report/
More Webinars

source