Category: Uncategorized

ACCUSED CHEATED HUNDREDS OF UN-EMPLOYED YOUTHS IN THE NAME OF PROVIDING A LUCRATIVE CAREER IN INDIAN AIR FORCE DUPED  CRORES OF RUPEES., ACCUSED WAS POSING HIMSELF AS FLIGHT LIEUTENANT IN INDIAN AIR FORCE AND DRESS WITH RANK, BADGE AND AN AIR PISTOL WITH COMPLETE HOLSTER AND 05 CARTRIDGES RECOVERED FROM HIM., SO FAR, HIS 03 INVOLVEMENTS HAVE BEEN NOTICED IN OFFENCES OF SIMILAR MODUS OPERANDI. IN ONE OF THE CASE OF UP NBW ARE ISSUED AGAINST HIS NAME.,A JOINT INTERROGATION WITH AIR FORCE INTELLIGENCE HAS BEEN CARRIED OUT AND AN ENQUIRY IS IN PROGRESS IN THIS REGARD AT THEIR END.  THE IMPOSTER WAS CONDUCTING MEETINGS AT VARIOUS PLACES IN THE GARB OF HIS NGO AND PEOPLE GOT INFLUENCED BY HIS UNIFORM AND FELL PREY OF HIS SCAM WHICH PORTRAYED A GLOSSY PICTURE OF CAREER IN INDIAN AIR FORCE. 

  Face2News/New Delhi
A grievance was reported on Cyber Crime Reporting Portal vide Acknowledgement ID No 20812220081437 from female complainant R/o Libaspur Delhi. The complainant stated that she had come across a person namely Kamal Sharma through online mode who used to run an NGO namely “We Eliminate poverty Now”. After some time, he introduced himself as an Air Force gazetted Officer (Flying Lieutenant) and defraud her 12 Lakhs in the name of Job in INDIAN AIR FORCE).
Kamal Sharma sent a letter for medical examination and letter of appointment to the complainant via WhatsApp and mail. After a long time when she had lost her hope to have a job in Air Force, she started requesting her money back from the accused but in vain. Thereafter she got above complaint lodged. After a preliminary enquiry an FIR has been registered in the matter and investigation was taken up.

Sensing the gravity of offence, a team headed by SHO/PS Cyber Crime/Outer North District Insp. Raman Kumar Singh comprising Insp Devendra Kumar, Sub Inspector Jagdeep Nara, HC Sandeep, HC Vinod, HC Manoj & Ct Vikash was constituted under overall supervision of ACP/Operation Sh. Yashpal Singh by undersigned.

Mr. Ravi Kumar Singh, IPS, DCP, said, during investigation the complainant provided the WhatsApp chat history screenshots, mail id details, bank & UPI transactions history. The alleged person Kamal Sharma used to communicate to complainant only via WhatsApp calls and chats. The details were sought from WhatsApp, Banks and Wallets. On the technical leads the alleged Kamal Sharma S/o Sh Prithvi Sharma R/o-Vikas Vihar, West Delhi. Age 39 Years was traced out at Bangalore in a hotel with fake Identity Card of Flying Lieutenant and three smart phones.
Mr. Ravi Kumar Singh, IPS, DCP, said, during investigation the complainant provided the WhatsApp chat history screenshots, mail id details, bank & UPI transactions history. The alleged person Kamal Sharma used to communicate to complainant only via WhatsApp calls and chats. The details were sought from WhatsApp, Banks and Wallets. On the technical leads the alleged Kamal Sharma S/o Sh Prithvi Sharma R/o-Vikas Vihar, West Delhi. Age 39 Years was traced out at Bangalore in a hotel with fake Identity Card of Flying Lieutenant and three smart phones.
As per investigation carried out so far three case FIRs (703/2016 U/S- 420/406IPC P.S- Bindapur Delhi,76/2021 U/S 419/420 IPC PS Adarsh Mandi Shamli UP & 178/2018 U/S 420/467/468/471/120B IPC PS Garhipuktha Shamli UP) were found registered against him and he remained in jail for 11 months in Adarsh Mandi Police Station Case and a non bailable warrant has been issued from the Hon’ble ACJM Shamli Court in case of Garhipuktha case.
After that he got arrested and his transit remand was taken & he was brought to Delhi. Sensing the gravity of case further raids were conducted at accused rented accommodations at Chhatarpur New Delhi and recovered INDIAN AIR FORCE uniform (with name plate, Ranks, Badges, Caps), Air pistol gun with 5 cartage, different stamps, IAF letter heads, call letters, IAF family dependent card, Laptop, printer, finger print scanner, Dongle, Pen Drive, SIM Card, Stethoscope, other incriminating documents.
The accused is a habitual offender (Three FIRs registered against him one at Delhi & two at UP) and impersonates himself as Flying Lieutenant in IAF.
He was well versed with the internal information of Indian Airforce and using it for defrauding people in the name of a lucrative career in IAF. He has many people in the name of providing job in IAF. In order to unearth the whole scam 07 days PC remand of accused taken and a joint interrogation by Army intelligence and Delhi Police was carried out.
Modus Operandi: – In the investigation done so far it has been revealed that accused Kamal Sharma portray himself as Fight Lieutenant in Indian Air Force and used to cheat the unemployed youth in the name of providing them with job opportunity in Indian Air Force. He used to run an NGO “We Eliminate Poverty Now” since 2016 and organised camps at UP, Haryana and Rajasthan in order to induce, influence youth. He used to take candidates at different cities like Bangalore, Chennai, Hyderabad, Ahmadabad, Jodhpur, Jaipur, Jaisalmer, Goa, Kochi, Bidar, Patna, Jammu and Belgaum. He used to meet people in IAF uniform in order to influence, induce them.
KNOW THE ACCUSED: He has passed his 12th exam from a school in Uttam Nagar and done Diploma in Electronics from an Institute in Janakpuri. He can speak English proficiently and living an imposter Flight lieutenant’s life since 2016.
RECOVERY:   INDIAN AIR FORCE Uniform (with name plate, Ranks, Badges, Caps), Fake Identity Card of Flying Lieutenant, 4 smart mobile phones, Air pistol with 5 cartridges,, 5 stamps of Air Force offices,  IAF letter heads, call letters,, IAF family dependent card, Laptop, printer, finger print scanner, Dongle, Pen Drive, SIM Card, Stethoscope, other incriminating documents used in recruitment.
Investigation of the case is in progress.

source

Africa’s financial sector must take five vital steps to shore up governance and maintain stakeholder trust as financial institutions have become prime targets for cyber criminals, according to AFIS.
By Franck Kie, Clement Combary, Ali El Azzouzi & Nvalaye Kourouma
A report by cyber security firm DataProtect highlights that at least 85% of financial institutions have already fallen victim to cyber-attacks. The 2022 African Financial Industry Barometer by consultancy firm Deloitte has shown that cybercrime is the number one fear of bankers. 
Exposed to the risk of financial loss, credibility with their stakeholders and sanctions from the regulatory authorities, financial institutions now have no choice but to arm themselves against cybercrime. 
Cybersecurity must be at the heart of the strategic agenda. Following a work done by AFIS, the leading platform for African Financial Industry Leaders, we have identified five priorities to achieve a secure African financial services sector.

Given the scale of cyber threats, African financial institutions need to invest heavily in protecting their sensitive data to ensure stakeholder confidence. To do this, they should create dedicated cyber security departments structured into specialised sections. 
It is also important that FIs recruit Information Systems Security Managers (ISSMs) responsible for IT security and Information Systems Directors (ISDs) who will actively work on incident prevention, detection and response.
  
Raising staff awareness of how to identify and anticipate cyber threats is an obligation for African financial institutions. Cyber security issues are still unclear to many employees and there is a lack of local expertise in the field. Therefore, financial institutions should encourage continuous training in this area by partnering with leading companies in the field and regularly assess the maturity of their staff on cyber issues.

Governments should encourage the cybersecurity efforts of African financial institutions by building a regulatory framework that specifically addresses the cybersecurity issues of African financial institutions. They could develop policies that support annual penetration testing and procedures for vulnerability management to assess that cybersecurity risks are appropriately managed.

It is essential to invest in human capital in cybersecurity. People today need to take ownership of digital tools without fear of threats. Financial institutions and governments must act together to create cybersecurity education spaces because the risks are global. Stakeholders should develop and constantly reassess best practices in the face of cyber risks.

Finally, despite all the prevention and detection measures, it is imperative never to minimise cyber risks. Technologies are rapidly evolving, becoming more complex and multiplying and our current processes may fail tomorrow. In the future, financial institutions will have to be even more digital than they are today. It is therefore crucial to anticipate risks and institutions must constantly monitor the sector to learn about new types of threats. The financial industry must be prepared to innovate constantly. 
Free
Check your email for your report
Check your email for your report

source

Media Release
Mangaluru, Feb 23: A traffic and safety and cyber crime awareness programme was held at government higher primary school Mannagudda on February 20 in association with Lions and Lei club Netravati Mangaluru, Lion Asha Nagaraj president, Lion Vidya Shetty Secretary, Lion Mandakini Quest coordinator, Lion Vinaya Leo coordinator, Lion Gayathri Hegde Dc for childhood cancer, Ganesh H M Mohan Shetty president, social worker, Mangalore city Traffic police, and CyberSapiens Mangaluru.
Geetha Kulakarni, ACP (Traffic) Mangaluru city, Vijay Kanchan, ASI (CEN Police Station), and Shashidhar Patgar, operation manager CyberSapiens were present.









The session covered topics on how to make the best use of social media and how to use the internet safely. Shashidhar highlighted the Do’s and Don’ts on the internet, A few important sections of the IT ACT 2000, and tips to be safe and secure from the cyber crimes with case studies, guidance on never to share OPT and banking related frauds too were spoken about. Information about a few common cyber-attacks such as phishing, were also discussed which would help the students understand the need and value of cyber education.
In addition to this ACP, Geetha Kulakarni spoke about the importance of traffic rules and regulations.
CyberSapiens could be contacted for such awareness sessions or workshops, audits, forensics analysis, etc, and seek their support on these areas. www.cybersapiens.in / +91 6364011010
 
 
 
Mangaluru: Traffic, safety, cyber crime awareness programme held – what an ape show..we have pick-up vehicles with oversized loads, trucks with no tread on the tyres, buses that are over-speeding, and auto drivers that think they are Steven Seagal…the police do nothing and they are holding a traffice awarness programme. Wake up to reality and do your job instead of this crap.
Disclaimer:
Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.
Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.
Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.
Daijiworld Residency,
Airport Road, Bondel Post,
Mangalore – 575 008 Karnataka India
Telephone : +91-824-2982023.
General Enquiry: office@daijiworld.com,
News & Info : news@daijiworld.com
Kishoo Enterprises,
3rd Floor, Mandavi Trade Centre, Kadiyali, Udupi – 576 102
Telephone : 0091-820-4295571
E-mail : udupi@daijiworld.com
Daijiworld Middle East FZE,
P.O.Box: 84772, Dubai, UAE
Tel: 971-50-6597629
Fax: 971-4-2639207
Email: dubai@daijiworld.com
Copyright &copy 2001 – 2023. All Rights Reserved.
Published by Daijiworld Media Pvt Ltd., Mangalore.
Powered by ATC Online LLP

source

The Home of the Security Bloggers Network
Home » Security Bloggers Network » Top Russian Cybercrime Forums in 2023
Cybercrime forums provide an outlet for threat actors to coordinate, exchange information, and conduct illicit trades. Often hosted on the dark web (but sometimes accessible via the clear web), these forums are hubs of malicious activity. The typical structure of a cybercrime forum sees a dedicated marketplace section that facilitates the sale of stolen credentials, ransomware-as-a-service, and malware while a separate section is reserved for general cybercrime discussions. 
It’s no secret that Russia is a veritable capital of cybercrime activity. Recent analysis suggests 74 percent of ransomware revenue goes to Russia-linked threat actors. Beyond for-profit cybercrime, Russia also has a well-documented history of conducting state-sponsored cyber warfare. 
From a threat intelligence standpoint, it’s beneficial to monitor cybercrime forums for mentions of your organization. Monitoring these forums can provide indications of an impending attack on your company or reveal user credentials for sale, whose accounts you can then preemptively reset before they get infiltrated. This article takes a look at the top Russian cybercrime forums worth keeping an eye on in 2023.
Exploit is one of the longest-running underground hacking forums, having been launched way back in 2005. As the name suggests, the site’s initial purpose was to provide a place for malicious actors to discuss working exploits for various vulnerabilities. Exploit naturally evolved to encompass discussions about other types of cybercrime activity, from social engineering techniques to tutorials on breaking cryptographic algorithms. 
This forum is a predominantly Russian language forum with a marketplace section where cybercriminals trade in stolen credit card details, malware, and even zero-day exploits. Explicit also functions as a cybercrime news site. Interestingly, this forum is accessible via both standard Internet browsers on the clear web and via the dark web using the Tor browser. 
To get access to and participate in forum discussions, threat actors either pay a $100 fee for automatic access or they can attempt to get free access on the condition that they’ve established a reputation on other ”friendly” forums. While these conditions technically make Exploit a closed forum, a $100 fee is unlikely to deter companies from registering fake accounts to monitor for threat intel purposes. 
Exploit admins had to deal with a breach in 2021 that saw an intruder gaining Secure Socket Shell (SSH) access to a proxy server that protected the site from DDoS attacks. This breach of the forum formed part of a wider cluster of four breaches hitting various underground cybercrime forums within a short time span. 
XSS is another closed Russian language forum that’s accessible on the clear web and dark web. Admins promise various security and anonymity features to protect registered users, including disabling IP address logs for all users and user actions and implementing encrypted private messages. There aren’t many barriers to registration on XSS—new users simply select credentials, input a valid email, answer a basic cybersecurity question, and await approval from the site’s admin.
Content on XSS relates to discussions and trades in credential access, exploits, and valuable zero-day vulnerabilities for which no security patches exist. Additional exclusive private sections on XSS require payment to access. Previously, XSS was extensively used to recruit affiliates for ransomware-as-a-service gangs, but forum admins banned ransomware topics in 2021. 
This Russian cybercrime forum’s name stems from a type of web application vulnerability known as cross-site scripting. The site used to be known as DaMaGeLaB from 2013 until the arrest of an administrator in 2018, at which point it was rebranded as XSS.
The formation of the RAMP 2.0 (Russian Anonymous Market Place) forum in 2021 has an interesting backstory, having been launched on a domain previously used by the notorious ransomware gang Babuk. 
The Babuk ransomware operation carried out ransomware attacks on Washington DC Metropolitan Police Department and The Houston Rockets basketball team. Babuk’s threat actors previously used this dark web onion domain for publishing stolen data when victims refused to cave into their ransomware demands. 
A previous version of RAMP existed from 2012 to 2018 on a different domain, but it was more centered around buying and selling illegal products. Russian law enforcement closed the first iteration of RAMP down, but a new version emerged with a focus on cybercrime. Popular forum sections include a partner program for ransomware groups, a malware section, and another section dedicated to selling access to corporate accounts. 
Registration for RAMP 2.0 requires being an active member of Exploit and XSS for at least two months. A good reputation on both forums is also essential to gain entry to RAMP. The forum’s language options have evolved from solely Russian to now include Mandarin and English.  
Verified is a popular Russian language cybercrime forum that’s been around for over a decade while Maza is an elite Russian cybercrime forum on the scene since 2003. These forums are worth discussing together because of what happened to them in early 2021.
As part of a spate of attacks on a number of Russian cybercrime forums, both Verified and Maza suffered serious breaches. In the case of Maza, forum members logging in were greeted with a message about their data being leaked and the forum being compromised. Verified suffered a similar fate, with unnamed operators hijacking the forum, and it has remained offline since. 
Breaches and takedowns of cybercrime forums don’t necessarily mean they’ll permanently shut down. These forums often reemerge after a period of time, so it’s worth watching out for any news about Verified and Maza. It is worth speculating whether the incidents that hit both forums drove the surge in recent adoption of Telegram groups as an alternative to traditional forums and marketplaces for cybercrime. Perhaps cybercriminals got spooked about members of those forums who had their usernames and email addresses made public. 
Russian cybercrime forums and other dark web domains are useful resources worth monitoring for leaked credentials and indicators of targeted attacks. However, manually monitoring the top forums is a recipe for slow remediation and noisy threat data. And, most organizations lack the resources for cybersecurity analysts to track the ever-evolving forum landscape. 
Flare’s dark web monitoring solution automates the monitoring of illicit forums and marketplaces. You also get real-time alerts if your company or assets are mentioned on the dark & clear web or if there is a high risk of account takeover detected. 
Get your free Flare trial here. 
The post Top Russian Cybercrime Forums in 2023 appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.
*** This is a Security Bloggers Network syndicated blog from Flare | Cyber Threat Intel | Digital Risk Protection authored by Yuzuka. Read the original post at: https://flare.systems/learn/resources/blog/top-russian-cybercrime-forums/
More Webinars

source

Approximately a 1-minute read
Cybercriminals are at it again – but you can take some important steps to help your personal data and the organization stay safe!
Criminals have been observed using multi-layered tactics to lure victims into believing their contact is legitimate. It’s a type of online attack known as call-back phishing. 
Here’s how it works: 
Initial contact is typically made through email. However, without any malicious attachments or links embedded in the message, the email rarely gets flagged by a company’s IT security system.
The email usually indicates some kind of immediate or urgent problem has occurred, such as a fake notification that your computer has been infected when it actually has not. The key to this type of phishing scam is that the criminal provides a call-back number, directing panicked victims to call immediately.
Once on the phone, cybercriminals employ a variety of social engineering tactics to gain a victim’s trust – and possibly compromise the person’s IT systems and devices by gathering sensitive information and/or remotely installing harmful software.
Please be diligent and play your role in helping keep the organization – and yourself – as safe as possible.
Keep current about current cybersecurity scams and fraud by visiting Safe Computing.
© Copyright 2020 Regents of the University of Michigan. Contact Michigan Medicine | Complete Disclaimer | Privacy Statement
Michigan Medicine, 1500 E. Medical Center Drive Ann Arbor, MI 48109, 734-936-4000
The Michigan Medicine Web site does not provide specific medical advice and does not endorse any medical or professional service obtained through information provided on this site or any links to this site.
You must be logged in to post a comment.

source

Review your content’s performance and reach.
Become your target audience’s go-to resource for today’s hottest topics.
Understand your clients’ strategies and the most pressing issues they are facing.
Keep a step ahead of your key competitors and benchmark against them.
add to folder:
Questions? Please contact [email protected]
In 2022, firms spent more than $700 billion on outsourcing. Global outsourcing spending might reach $731 billion in 2023, with IT services contributing up to 72% of total global outsourced valuations. Cost savings, greater quality, and the freedom to focus on core capabilities can all benefit the buyer of outsourced services. However, there are inherent hazards to outsourcing, one of which is that the buyer loses control over the vendor's staff, increasing the possibility of fraud. Due to India's low labor cost, highly skilled and trained personnel advantage, outsourcing of different domains and sectors will continue to rise over time in India, making it an appealing arena for fraudsters and white-collar criminals which can adversely affect a variety of business departments, including IT, HR, marketing and operations.
Cyber and Data Challenges in an IT Outsourced Environment
IT outsourcing fraud is one of the most important and prominent areas of focus for enterprises due to concerns about data protection, cybersecurity moonlighting, and so on. Large IT outsourcing service providers frequently subcontract work to small organizations in order to manage manpower and labor costs more efficiently; however, this increases the risks associated with data leakage and confidentiality.
When several IT service providers and subcontractors are engaged, organizations frequently confront siphoning off IT equipment for personal advantage and use. Although many firms keep proper inventory of their IT assets, peripheral inventory of devices such as keyboards, mice, and so on is frequently neglected.
IT outsourcing compounds the matters further because there is insufficient verification data to maintain hardware inventory and even the data available is sourced from the IT service provider involved in the siphoning off the equipment. Furthermore, even outsourced IT employees have access to critical information such as network maps and architecture, data backups, and in some cases administrative privileges on specific systems, making them an appealing target for cyber-criminals. Several large threat actor groups are known to employ IT employees (both in-house and outsourced) as potential attack vectors for reconnaissance and privileged access.
These issues are exacerbated when businesses outsource their IT infrastructure to shared cloud service providers. The level of risk faced by a company that uses a cloud service provider is a combination of internal risks and risks faced by the cloud service provider. Because of the cloud's pay-as-you-go model, even minor configuration changes knowingly or unknowingly by an organization's outsourced employees can result in significant costs.
Outsourcing Frauds in Marketing
In addition to IT, many Indian businesses have outsourced their marketing responsibilities in order to increase sales and boost their social media presence. There are numerous companies that claim to boost social media followers. While this may appear to be enticing, the only followers you will obtain are fake. Some digital marketing firms even claim to boost your presence on Google search results pages within weeks. They will almost definitely use illegal and unscrupulous ways to accomplish this, as significant improvements in your search rankings might take months, if not years.
Outsourcing content advertising is also a major concern for large organizations, owing to the political and religious ties of certain ad agencies, which frequently leave a bitter taste or unwelcome controversies for firms to deal with.
Data Risks Related to HR and Payroll Outsourcing
The human resources department is a vital part of any company and a veritable treasure mine of personal information. Some companies turn to HR outsourcing as a long-term fix to handle all of their HR requirements or to augment their current HR workforce. But when outsourcing is involved, there is a chance that private data, including employee information or internal corporate data, could be exposed to the risk of being secretly shared with HR providers. Organizations must also be wary of recruitment frauds, as well as phony employee or payroll scams.
Payroll fraud is a prevalent type of fraud that occurs when large multinational corporations outsource their payroll and reimbursement processes to third-party service providers. These service providers collect payroll, reimbursement, and expense information from employees and forward it to the parent/ headquarters for processing. Many service providers are known to add fraudulent personnel, irrelevant expenses, fake reimbursements, and other items to inflate the amount that is subsequently siphoned off the company's accounts without verification and a proper maker-checker procedure.
How Is Moonlighting Driven by Outsourcing?
Following the COVID-19 outbreak, organizations are grappling with the issue of moonlighting. Moonlighting involves doing a second job in addition to one's existing full-time job. Because the overwhelming majority of outsourcing service providers employ teams on a contractual basis, outsourcing various job tasks just aids individuals who moonlight. While moonlighting is a legally murky area due to present legislation, it is a severe danger to an organization's cybersecurity and data privacy. Outsourced staff working for competitors can have serious consequences for business revenue, financials, and data security.
How to Reduce Cyber and Data Risks in an Outsourced Environment?
Vendor Due Diligence: Before onboarding a vendor, it is important to perform thorough due diligence on the vendor in terms of their background checks and IT controls.
Oversight and Accountability: Large corporates sometimes outsource entire teams and departments to third-party entities, leaving little or no room for monitoring and oversight. Instead, organizations must have comprehensive oversight and accountability for all outsourced work by outsourced service providers. Access to sensitive data must be either discouraged or should be accompanied by sufficient security measures
Vendor Audits: Outsourced service providers must undergo quarterly or biannual cyber audits to detect data leaks and vulnerabilities in outsourced employee systems. Playbooks must be created to address eventualities such as moonlighting, distributing credentials on the dark web, fraudulent transactions, and so on depending on the department and services outsourced.
Service Provider Rotation: Another strategy to avoid such scans is to rotate your outsourced service providers every few years or quarters, depending on the criticality of your business functions.
Insurance: Having insurance coverage around any financial loss caused by the vendor helps in case of such occurrences.
The Indian outsourcing business handles customer support and other back-office activities for western and global corporations across job functions and sectors. The industry is creating jobs at an unprecedented rate, and its revenue is increasing year after year; yet, it is also one of the industries receiving increased scrutiny due to cyber and insider threats, and it is particularly susceptible to fraud. With India enacting its own version of the Personal Data Protection Bill, it will be critical for the outsourcing business to adhere to high data and security requirements, thereby averting some of the aforementioned scams.
This article was first written for ETCIO.com from The Economic Times. 
add to folder:
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].
© Copyright 2006 – 2023 Law Business Research

source

Scotland’s business resilience organisation has changed its name to reflect a rising national threat from cyber crime and fraud.
The Scottish Business Resilience Centre, the not-for-profit dedicated to helping educate and support Scottish organisations to avoid the fallout from cyber crime, will from today be known as Cyber and Fraud Centre – Scotland, as it extends its focus to also include financial fraud.
The new brand comes as cyber attacks and fraud are on the rise: latest figures from Police Scotland show the number of cyber crimes in 2021-22 was nearly double that of 2019-20, and fraud has increased 86 per cent this decade.
Paul Atkinson, chair of Cyber and Fraud Centre – Scotland, said: “Over half of reported crime is related to fraud or cyber, but they’re both hugely underreported – so it’s likely they pose an even greater threat than the numbers indicate. As a nation, we are handling support for cyber crime victims well, but victim support around financial fraud is severely lacking. We need to examine how to collectively prevent and protect from this type of fraud, and the Cyber and Fraud Centre – Scotland team is well equipped to lead the conversation around this.”
Jude McCorry, CEO, said: “Financial fraud – including cyber crime – is set to be reclassified as a threat to national security, which will see it treated as seriously as terrorism and civil emergencies. We’ve seen a huge increase in this type of crime over the past year, and a lot of victims don’t get the support they need, which is why we’ve added fraud to our organisation’s purpose.
“Cyber crime such as cyber attacks and financial fraud often cause businesses to pause operations; ransomware attacks prevent them from accessing their systems and financial fraud could render them unable to pay wages and suppliers. This can be devastating for small businesses and charities in particular, who may end up ceasing operations entirely.
“We’ve renamed ourselves Cyber and Fraud Centre – Scotland in recognition of our enhanced focus on empowering and educating organisations across the country on the risks caused by cyber crime and fraud. The name also clarifies what we do and means we are holding ourselves accountable and committed to tackling cyber crime and fraud to make Scotland a safer place to do business.”
Scottish Legal News is your daily service for the latest news, jobs and events, delivered directly to your email inbox.

source

Since it launched in November of last year, ChatGPT has been subject to widespread attention. Cyber criminals have been quick to try to find ways to abuse the AI tool for their own purposes, from improving their phishing emails and supporting money-making schemes, to writing malware. Could ChatGPT help lower entry barriers for less skilled cyber criminals? 
To answer that question, Lawfare fellow in technology policy and law Eugenia Lostri sat down with Alexander Leslie, associate threat intelligence analyst at Recorded Future. Alexander was the lead analyst for the recent report, “I, Chatbot,” which looked at how threat actors are trying to misuse ChatGPT. They discussed who are the threat actors that can benefit from it the most, the impact this will have on the cybercrime-as-a-service business model, and how to think through mitigation strategies. 

© 2023 The Lawfare Institute

source

Topics
Delhi Police | cyber security
Press Trust of India  |  New Delhi 
Last Updated at February 8, 2023 21:24 IST
https://mybs.in/2cCKiup

The Delhi Police is celebrating safer internet month posting videos regarding cyber awareness everyday starting from Monday, officials said.
A senior police officer said the campaign was started from Monday which is celebrated as 'safer internet day'.
"Through this campaign (Cool bano fool nahi), our motive is to spread awareness about the cyber crime which is increasing now a days rapidly. A one-minute video is being posted everyday till February 28 started from Monday. This is for every age group," the officer said.
Interspersed with music and message, the video talks about creative awareness in a comic way so that it could reach to a bigger audience, they said.
Everyday, the video has different topics, including earn from home, insurance frauds, ransomware update, Whatsapp and social media fake account, cyber bullying, sextortion – video calls, lottery or reward scams, dating apps, protect your information during the holiday online shopping season, payment gateway frauds etc., police said.
On Monday, the police had posted a video with caption "Raise your awareness of potential online hazards as we all celebrate Safer Internet Day. Delhi Police advises citizens to use the internet safely and responsibly to secure yourself from cyber fraud and crime. #FoolNahiCoolBane.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
Exclusive Stories, Curated Newsletters, 26 years of Archives, E-paper, and more!
Insightful news, sharp views, newsletters, e-paper, and more! Unlock incisive commentary only on Business Standard.
Download the Business Standard App for latest Business News and Market News .
First Published: Wed, February 08 2023. 21:24 IST

source

There are currently 714,548 open cybersecurity roles across the US, according to data collected by the tracking site CyberSeek.
“There certainly is a talent gap in the United States,” Kevin Bordlemay, senior manager of talent acquisition at computer security firm Mandiant, told Insider. “There is by no means enough talent to fulfill the roles that are out there.”
This talent squeeze is especially affecting the supply of information security analysts, cybersecurity’s largest job.
From May 2021 to April 2022, there was an annual talent gap of 39,000 information security analysts, according to CyberSeek’s data.
These analysts can earn a base salary of $82,358 in the US, according to Payscale but analysts at some top firms can make more than double this figure. Two of the highest-paid analysts at EY made more than $170,000, according to publically disclosed foreign labor data.
Cyber jobs can range across at least seven categories spanning 52 different roles, Insider previously reported. Roles such as ethical hacker, information security engineer, and network security architect all reported average base salaries above the six-figure mark in 2019, according to research from Columbia University.
Landing one of these high-paying technical roles can be difficult for candidates who are trying to cast a wide net.
To get past the screening stage, cybersecurity experts and recruiters recommend highlighting unusual experiences and interpersonal skills when tailoring résumés to the industry.
When constructing a résumé, most candidates expect a human to be looking at it. But an increasing number of candidates are being screened by artificial intelligence.
“A lot of times a machine is taking the first glance at a résumé,” Bordlemay said. “Most large companies have some type of technology to look at it.”
Content and format are both important to get through this first stage. Bordlemay recommended making a résumé “easy to read with the information hitting the major buzz points.”
“Once it gets past that machine, recruiters are looking at a resume within 20 seconds,” he said.
Bordlemay recommended putting your most significant accomplishment at the top of a résumé. “Capture my attention with something unique that other people have not done. If you don’t, nothing else on there is going to matter,” he said.
Casey Ellis, founder of crowdsourced security platform Bugcrowd, suggested candidates use the start of a résumé to get across their “overall approach to work, not just the very specific technical cybersecurity things that they’ve done.”
“The biggest thing within cyberspace a lot of time is the hands-on experience,” Bordlemay said.
He added that he often looks for candidates who are creative with their technical knowledge.
“A lot of times you have to be creative or even design your own tool to be effective because the threats aren’t going to fall in a particular bucket,” he said. “The attackers know what the security tools are.”
This experience doesn’t have to be in a full-time job or internship though.
Bordlemay said that a lot of time it’s what candidates have done outside of the classroom that’s important.
He said candidates tend to leave out things like having a home lab, working on independent projects, competing in competitions, and playing around with tools to build infrastructure.
Ellis also highlights the importance of being involved in projects. “I see organizations looking for contributions to open source projects,” he said. “People can participate in those even if they’ve never worked in the space before. For example, they will look at GitHub repositories.”
In terms of softer skills, Bordlemay said just mentioning “running a club or being in charge of a project can show these off.”
Another expert, Dylan Buckley, who cofounded the job site DirectlyApply, said: “Cybersecurity is as much about human interaction as it is about technical capability.”
Hackers often try to exploit human users to breach systems rather than overcome a company’s security, he said, making interpersonal skills vital to stopping these attacks.
Copyright © 2023. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.

source