Romance Scams Drive Necurs Botnet Activity in Run Up to Valentine’s Day

Necurs botnet activity is spiking as scammers use the network to flood inboxes with promises of companionship, in part of a seasonal wave of Valentine’s Day-themed spam. Victims are encouraged to share revealing photos of themselves, which scammers later use as leverage in extortion shakedowns. T...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 29, 2018

Late last year, Trend Micro introduced its Security Predictions for 2018. One of the predictions stated that digital extortion will be at the core of most cybercriminals’ business model. It’s much more than just ransomware – it is the most successful criminal business model in the current threat...

This Week in Security News: Magic Quadrants & Global Threats

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Gartner released its Magic Quadrant Leaders, Data Privacy Day gave us a moment to reflect, and U.K. and U.S. governments alike acted to...

Now you see me: Exposing fileless malware

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks Petya and WannaCry used fileless techniques as part of their kill chains. The...

Bitcoin Blackmail by Snail Mail Preys on Those with Guilty Conscience

KrebsOnSecurity heard from a reader whose friend recently received a remarkably customized extortion letter via snail mail that threatened to tell the recipient's wife about his supposed extramarital affairs unless he paid $3,600 in bitcoin. The friend said he had nothing to hide and suspects thi...

NFL Players and Agents Targeted in Database Extortion Attempt

A misconfigured database containing records belonging to 1,133 National Football League players and their agents was exposed via an unsecured Elasticsearch server. The database belongs to the NFL Players Association and includes the home address, phone numbers and IP addresses for hundreds of...

A week in security (September 18 – September 24)

Last week, we kept you updated on our blog about the infected versions of CCleaner that were offered as downloads on the official servers. We also warned you against a fake IRS notice that delivers a customized spying tool, some of the threats currently facing gamers, and a Netflix scam that has...

Equifax Data Breach: Steps You should Take to Protect Yourself

Equifax has suffered one of the largest data breaches in history that has left highly sensitive data of as many as 143 million people—that's nearly half of the US population—in the hands of hackers. Based on the company's investigation, some unknown hackers managed to exploit a security flaw on t...

Equifax Hack Exposes Personal Info of 143 Million US Consumers

It's ironic—the company that offers credit monitoring and ID theft protection solutions has itself been compromised, exposing personal information of as many as 143 million Americans—that's almost half the country. Equifax, one of the three largest credit reporting firm in the United States,...

DDoS attacks in Q2 2017

News Overview The second quarter of 2017 saw DDoS attacks being more and more frequently used as a tool for political struggle. The Qatar crisis was accompanied by an attack on the website of Al Jazeera, the largest news network in the area, Le Monde and Le Figaro websites were targeted in the he...

The real problem with ransomware

Ransomware – a specialized form of malware that encrypts files and renders them inaccessible until the victim pays a ransom – is an extremely serious problem and it’s quickly getting worse. The FBI estimated that ransomware payments were $1 billion in 2016, up from “just” $24 million a year...

FBI: Extortion, CEO Fraud Among Top Online Fraud Complaints in 2016

Online extortion, tech support scams and phishing attacks that spoof the boss were among the most costly cyber scams reported by consumers and businesses last year, according to new figures from the FBI's Internet Crime Complaint Center IC3. The IC3 report released Thursday correctly identifies...

Few Victims Reporting Ransomware Attacks to FBI

Ransomware may have been the most prevalent internet threat of 2016, and WannaCry certainly made it a mainstream conversation, but that doesn’t mean people are reporting incidents to law enforcement. The FBI’s Internet Crime Complaint Center’s annual report published this week counted only 2,673...

Are All Ransom Attacks Considered Ransomware?

Ransomware has loomed large in the news of late. It seems to be around every turn, and it’s not going anywhere. The untraceability of Bitcoin payments, coupled with new blackhat tools available to anyone at little if any cost, means extortion attempts will continue to grab headlines worldwide. Bu...

IC3 Issues Internet Crime Report for 2016

The Internet Crime Complaint Center IC3 has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise BEC, ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and aroun...

FIN10: Anatomy of a Cyber Extortion Operation

FireEye has identified a set of financially motivated intrusion operations being carried out by a threat actor we have dubbed FIN10. FIN10 is known for compromising networks, stealing sensitive data, and directly engaging victim executives and board members in an attempt to extort them into payin...

FIN10: Anatomy of a Cyber Extortion Operation

FireEye has identified a set of financially motivated intrusion operations being carried out by a threat actor we have dubbed FIN10. FIN10 is known for compromising networks, stealing sensitive data, and directly engaging victim executives and board members in an attempt to extort them into payin...

Man Jailed 6 Months for Refusing to Give Police his iPhone Passcode

Remember Ramona Fricosu? A Colorado woman was ordered to unlock her encrypted Toshiba laptop while the FBI was investigating alleged mortgage fraud in 2012, but she declined to decrypt the laptop saying that she did not remember the password. Later the United States Court ruled that Police can...

SEI Issues Advice on Ransomware

The Software Engineering Institute SEI of Carnegie Mellon University has released a blog post on best practices for preventing and responding to ransomware. This common malware captures, encrypts, and holds your data to extort a ransom. SEI’s top recommendation to thwart ransomware attacks is to...

The Future of Ransomware

Ransomware isn't new, but it's increasingly popular and profitable. The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step-by-step instructions on how to pay,...