FBI warns of hackers mailing malicious USB drives to spread ransomware

By Deeba Ahmed
FBI’s warning highlights the fact that one should never insert an unknown USB flash drive in their PCs.
This is a post from HackRead.com Read the original post: FBI warns of hackers mailing malicious USB drives to spread ransomware
Continue reading FBI warns of hackers mailing malicious USB drives to spread ransomware

Alleged FIN7 scammer Denys Iarmak is set to plead guilty

An alleged member of the FIN7 hacking group is set to plead guilty, admitting to a role in a criminal organization that used front companies and array of fraud techniques to steal more than $1 billion from victims worldwide, CyberScoop has learned. Attorneys for Denys Iarmak, a Ukrainian national, have notified a federal court in Washington state that Iarmak intends to change his plea after he declared himself not guilty at a May 2020 arraignment hearing. While one defense counselor said Iarmak could change his mind before his next hearing, scheduled for Nov. 22, attorneys have agreed in principle to a plea deal with the U.S. Department of Justice. “That’s what’s most likely,” said defense attorney Michael Craig Nance, who is representing Iarmak in the Western District of Washington. “It’s not final until a person stands in court and says they’re guilty.” Iarmk was initially charged with a range of […]

The post Alleged FIN7 scammer Denys Iarmak is set to plead guilty appeared first on CyberScoop.

Continue reading Alleged FIN7 scammer Denys Iarmak is set to plead guilty

Cybercriminals are deploying legit security tools far more than before, researchers conclude

Financially motivated cybercriminals are increasingly turning to Cobalt Stike, a legitimate tool that cybersecurity professionals use to test system security, researchers at Proofpoint found. The cybersecurity firm declined to disclose specific numbers but reported a 161% increase in attacks using Cobalt Strike in 2020 compared to 2019. Proofpoint researchers have already seen tens of thousands of organizations targeted by the tool this year and expect those numbers to climb in 2021, according to the report the firm released Tuesday. Threat groups are able to get ahold of the tool from pirated versions circulating the dark web, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Cobalt Strike is a popular tool for security testing because of the variety of attacks it enables. Most notable among them is Cobalt Strike Beacon, a malware that allows hackers to mask their activity and communications with a system once it’s infiltrated. Russian hackers […]

The post Cybercriminals are deploying legit security tools far more than before, researchers conclude appeared first on CyberScoop.

Continue reading Cybercriminals are deploying legit security tools far more than before, researchers conclude

FIN7 hacking gang’s “pen tester” jailed for seven years by US court

The Western District of Washington has sentenced a Ukrainian man to seven years in prison for his role in a hacking gang that is estimated to have caused more than one billion dollars worth of damage.

Read more in my article on the Hot for Security … Continue reading FIN7 hacking gang’s “pen tester” jailed for seven years by US court

Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

A U.S. court on Thursday sentenced Andrii Kolpakov, a Ukrainian national, to seven years in prison for his role in the FIN7 gang. Kolpakov, 33, functioned as a supervisor for a small team of hackers who between 2016 and 2018 breached victims including Chipotle, Red Robin, Arby’s and other U.S. corporations. Victims experienced “enormous” losses, according to the Justice Department, that by some estimates have exceeded $1 billion. Kolpakov pleaded guilty in November 2020 and faced up to 25 years behind bars. Spanish police arrested him in 2018, ultimately extraditing him to the U.S. “During the course of the scheme, [Kolpakov] received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine,” the plea deal noted. “For the purposes of this plea agreement, the parties agree that — during [Kolpakov’s] participation in the malware scheme — FIN7 illegal activity resulted in over $100 million in losses […]

The post Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison appeared first on CyberScoop.

Continue reading Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims

A hacking group known for innovative fraud techniques impersonated angry restaurant customers and targeted specific individuals with unique access to financial information, U.S. prosecutors argue in a court filing that sheds new light on the scammers’ work. The FIN7 gang, which researchers have blamed for more than $1 billion in theft since 2015, relied on more than 70 members who were assigned to various departments under the larger organization, according to court documents filed on June 17 in U.S. District Court in Seattle. By masquerading as a cybersecurity testing company dubbed Combi Security, FIN7 leaders organized their personnel into separate teams charged with developing malware, crafting phishing documents and collecting money from breached victims. The group targeted hundreds of U.S. companies, prosecutors say, infecting victims as diverse as the burrito chain Chipotle and the department store Saks Fifth Avenue. Court documents filed in the case of Andrii Kolpakov, who pleaded […]

The post FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims appeared first on CyberScoop.

Continue reading FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims

MITRE ATT&CK: Cybereason Dominates the Competition

The long-awaited 2020 MITRE ATT&CK evaluations are out! With the MITRE ATT&CK framework now being the standard by which Defenders can measure the effectiveness of various solutions in tracking adversary behavior, cyber vendors are cherry-p… Continue reading MITRE ATT&CK: Cybereason Dominates the Competition

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

A key member of the FIN7 cybercrime gang – which is said to have caused over one billion dollars worth of damage around the world – has been sentenced to 10 years in jail.

Read more in my article on the Hot for Security blog. Continue reading Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

FIN7 ‘technical guru’ sentenced to 10 years in prison

A U.S. federal judge on Friday sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. The 10-year sentence includes three years Hladyr has already spent in detention since his arrest, and $2.5 million in restitution to be distributed to victims. FIN7 is one of the most formidable cybercriminal groups of the last decade, allegedly siphoning off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. And Hladyr, a Ukrainian in his mid-30s, is allegedly a big reason that FIN7 operated like a well-oiled multinational corporation. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. He also allegedly organized FIN7’s work through a project-tracking software that managed thousands of stolen usernames […]

The post FIN7 ‘technical guru’ sentenced to 10 years in prison appeared first on CyberScoop.

Continue reading FIN7 ‘technical guru’ sentenced to 10 years in prison