FBI Seizes BreachForums Website

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forums backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be use...

FBI: Rise in Business Email-based Attacks a $43B Headache

The FBI warned the global cost of business email compromise BEC attacks is $43 billion for the time period of June 2016 and December 2021. According to FBI report, 241,206 complaints were lodged by the agency’s Internet Crime Center IC3. BEC or email account compromise EAC are an advanced scammin...

Ransomware: March 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. The March da...

CVE-2021-43394

Unisys OS 2200 Messaging Integration Services (NTSI) affects 7R3B IC3/IC4, 7R3C, and 7R3D. The issue is an Incorrect Implementation of an Authentication Algorithm, specifically LDAP password validation is not properly performed. The connected documents consistently describe this as the root cause...

PSA: Widespread Remote Working Scam Underway

Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...

Report reveals the staggering scale of Business Email Compromise losses

Internet crime is ever present, and with the ongoing pandemic, levels of scams and fraud were exceptionally high in 2020. Opportunistic fraudsters didnt give a second thought to riding the COVID-19 wave and preying upon those who are truly in need of help, or those who truly want to help. The...

“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds. Bitcoin sextortion scams tend to email you to say theyve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video whi...

IC3 Releases Alert on Mobile Banking Apps

The Internet Crime Complaint Center IC3 has released an alert warning consumers of cyber risks associated with mobile banking apps. As more consumers rely on mobile apps for banking, malicious cyber actors are likely to increasingly target them with app-based banking Trojans and fake banking apps...

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...

IC3 Releases Alert on Extortion Email Scams

The Internet Crime Complaint Center IC3 has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. The Cybersecurity and Infrastructure Security Agency CISA...

FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing

The Federal Bureau of Investigation FBI has released an article on defending against video-teleconferencing VTC hijacking referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform. Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and...

IC3 Issues Alert on Employment Scams

The Internet Crime Complaint Center IC3 has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information PII. Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber...

FBI Releases Article on Defending Against E-Skimming

The Federal Bureau of Investigation FBI has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information PII. The Cybersecurity and Infrastructure...

IC3 Issues Alert on Ransomware

The Internet Crime Complaint Center IC3 has released an alert on ransomware threats to U.S. businesses and organizations. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Cyber criminals often infect organizations with ransomware through...

IC3 Issues Alert on HTTPS Phishing

The Internet Crime Complaint Center IC3 has released an alert on Hypertext Transfer Protocol Secure HTTPS phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

A week in security (April 22 – 28)

Last week on Labs, we looked at security threats to headphones, privacy options in the world of law, and wandered through the FBI’s 2018 IC3 online crime report. We also explored another MageCart attack, and we released our 2019 Q1 Crime Tactics and Techniques report. Other cybersecurity news...

A look inside the FBI’s 2018 IC3 online crime report

The FBI’s Internet Crime Complaint Center have released their annual Crime Report, with the most recent release focusing on 2018. While the contents may not surprise, it definitely cements some of the bigger threats to consumers and businesses—and not all of them are particularly high tech...

FBI Releases Article on Building a Digital Defense Against Facebook Scams

The Federal Bureau of Investigation FBI has released an article on building a digital defense against a fraud that uses Facebook’s texting app—Facebook Messenger. Scammers send messages that appear to be from trusted sources or trick users into clicking on malicious links or sharing personal...

Feds Arrest 74 Email Fraudsters Involved in Nigerian BEC Scams

The United States Department of Justice announced Monday the arrest of 74 email fraudsters across three continents in a global crackdown on a large-scale business email compromise BEC scheme. The arrest was the result of a six-month-long operation dubbed "Operation Wire Wire" that involved the US...

IC3 Issues Alert on Tech Support Fraud

The Internet Crime Complaint Center IC3 has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending...