Revolut Faces $20 Million Loss as Attackers Exploit Payment System Weakness

Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022. The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed...

Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations

"Dozens" of organizations across the world have been targeted as part of a broad business email compromise BEC campaign that involved the use of adversary-in-the-middle AitM techniques to carry out the attacks. "Following a successful phishing attempt, the threat actor gained initial access to on...

Cybercrime Syndicate Leader Behind Phishing and BEC Scams Arrested in Nigeria

By Deeba Ahmed Cyber security companies across the globe helped Interpol bust an unnamed cybercriminal being large-scale BEC scams and phishing… This is a post from HackRead.com Read the original post: Cybercrime Syndicate Leader Behind Phishing and BEC Scams Arrested in Nigeria...

Cybersecurity Firm Group-IB's CEO Arrested Over Treason Charges in Russia

Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the developme...

Judge drops hammer, dishes 7 years slammer for BEC and romance scammer

A Texas resident has finally paid the price for a heady mix of malicious mail antics. A combination of business email compromise BEC scams and romance fakeouts bagged them $2.2 million across roughly 6 years. This is quite a divergent portfolio of scamming activity. You may typically assume BEC...

A week in security (June 21 – June 27)

Last week on Malwarebytes Labs: Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11 Atomic research institute breached via VPN vulnerability Hotel staff bust Hermes SMS scammer with suspiciously large number of cables City of Liège hit by...

Attackers in Executive Clothing - BEC continues to separate orgs from their money

By Nick Biasini. In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most, costly is something...

Report reveals the staggering scale of Business Email Compromise losses

Internet crime is ever present, and with the ongoing pandemic, levels of scams and fraud were exceptionally high in 2020. Opportunistic fraudsters didnt give a second thought to riding the COVID-19 wave and preying upon those who are truly in need of help, or those who truly want to help. The...

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise BEC scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed...

A 'New Age' of Sophisticated Business Email Compromise is Coming

A newly discovered, sophisticated threat group that targets organizations without DMARC implemented and relies on business email compromise is heralding what researchers call “a new age” of business email compromise. The group, called Cosmic Lynx, is the first reported Russian BEC cybercriminal...

BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges

A Dubai resident with an elaborate lifestyle that he touted on social media – think designer clothes, expensive watches, luxury cars and charter jets – has arrived in the United States to face criminal charges. He is charged with conspiring to engage in money laundering, as part of a business ema...

Not us, YOU: vendor email compromise explained

Silent Starling, an online organized criminal group hailing from West Africa, seem to have reminded SMBs and enterprises alike the perils of business email compromise BEC scams once more. This time, they've advanced BEC into a more potent modality by widening the scope of its potential targets an...

ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018

In 2018, Nigeria-based cybercrime jumped 54 percent over the previous year, as groups of scammers expanded their operations adding new tactics and reaching a wider breadth of targets. The increase, outlined in a report released Thursday by Palo Alto Network’s Unit 42, shows that Nigerian scammers...

FBI: BEC Scam Losses Almost Double To Reach $1.2 Billion

Business email compromise BEC scams are squeezing more money than ever out of victims, with losses from the attacks almost doubling year-over-year in 2018 to reach $1.2 billion. That’s according to the FBI’s annual Internet Crime Report IC3 for 2018, which records the number of complaints, losses...

Protecting against the next wave of advanced threats targeting Office 365 – Trend Micro Cloud App Security 2018 detection results and customer examples

Since the release of “Trend Micro Cloud App Security 2017 Report” about a year ago, threats using email as the delivery vector have grown significantly. Business Email Compromise BEC scams have already caused USD $12.5 billion in global losses as of 2018 – a 136.4% increase from the $5.3 billion...

Shipping Firms Speared with Targeted 'Whaling' Attacks

Scammers are honing in on the shipping industry, using “whaling,” a.k.a. business email compromise BEC attacks, to scoop up credentials, or worse, compromise critical systems. Hackers are launching whaling attacks to target various types of employees with some serious online and sometimes...

A week in security (July 16 – July 22)

Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics...

Feds Arrest 74 Email Fraudsters Involved in Nigerian BEC Scams

The United States Department of Justice announced Monday the arrest of 74 email fraudsters across three continents in a global crackdown on a large-scale business email compromise BEC scheme. The arrest was the result of a six-month-long operation dubbed "Operation Wire Wire" that involved the US...

2017’s Biggest Threats and What CISOs Can do to Mitigate Risks in 2018

Enterprise Risk Management ERM is getting harder every day. According to the World Economic Forum‘s 2018 Global Risks Perception Survey, cyber attacks and data theft are 3 and 4 respectively of the top 5 likely risks organizations will face this year. This is not surprising, in 2017 CISOs the wor...

New BEC Spam Campaign Targets Fortune 500 Businesses

Researchers have identified a wave of new business email compromise campaigns targeting Fortune 500 companies that are designed to trick victims into fraudulent wire transfers. Researchers said the campaigns originate from Nigeria and are targeting companies in the retail, healthcare and financia...