Financial – Page 10 – WindowsTechs.com

Trellix, McAfee, FireEye, Mandiant: What’s next for four big names in cyber

Posted on January 25, 2022 by Joe Warminsky

On Jan. 19, the private equity firm that bought FireEye and McAfee Enterprise announced that the two acquisitions would “emerge” to form Trellix, a cybersecurity business with 5,000 employees and 40,000 customers. The goal is to offer “an integrated security platform designed to protect customers across endpoints, infrastructure, applications, and in the cloud,” Trellix officials said. The move also represents some disintegration, too, as it becomes the latest milestone in a shakeup involving some of the industry’s biggest names. The private equity firm — Silicon Valley-based Symphony Technology Group (STG) — finished its $4 billion acquisition of McAfee Enterprise in July, then bought much of FireEye in a deal that closed in October for $1.2 billion. With those two units forming Trellix, here’s where things stand for the relevant pieces: Trellix Bryan Palma, a FireEye executive vice president, is the new company’s CEO. In a Jan. 19 blog post, he […]

The post Trellix, McAfee, FireEye, Mandiant: What’s next for four big names in cyber appeared first on CyberScoop.

Continue reading Trellix, McAfee, FireEye, Mandiant: What’s next for four big names in cyber→

Treasury sanctions Ukrainian officials over operations for Russian FSB

Posted on January 20, 2022 by Tim Starks

The U.S. Treasury Department on Thursday sanctioned four current and former Ukrainian government officials for allegedly supporting Russian influence operations to destabilize Ukraine, including one who gathered information on Ukraine’s critical infrastructure, a frequent target of Kremlin cyberattacks. Taras Kozak and Oleh Voloshyn — two active members of parliament — acted at the behest of the Russian Federal Security Service (FSB), Treasury said, as did former Ukrainian officials Vladimir Sivkovich and Volodymyr Oliynyk. “In 2021, Oliynyk worked at the direction of the FSB to gather information about Ukrainian critical infrastructure,” the department explained. “As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine’s critical infrastructure are part of Russia’s hybrid tactics to threaten Ukraine.” Ukrainian officials are already in the midst of blaming Russia for cyberattacks last week on its government agencies. While Treasury delivered the sanctions one day after President Joe Biden predicted Russia would invade Ukraine, […]

The post Treasury sanctions Ukrainian officials over operations for Russian FSB appeared first on CyberScoop.

Continue reading Treasury sanctions Ukrainian officials over operations for Russian FSB→

Suspicious withdrawals were indeed a ‘security incident,’ $30M stolen, Crypto.com says

Posted on January 20, 2022 by Joe Warminsky

Crypto.com has confirmed that more than $30 million in cryptocurrency was stolen from some of its users earlier in the week, ending several days of confusion over what exactly happened during what the company is labeling a “security incident.” The hack affected the wallets of 483 users, with the thieves aiming for 4,836.26 in ether (about $15 million), 443.93 in bitcoin (roughly $18 million) and approximately “$66,200 in other currencies,” Crypto.com said in a report Thursday. All of those funds have been restored, the company said. “No customers experienced a loss of funds,” the report said. “In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed.” Crypto.com did not specify who the crooks might be, or where the attack originated. But in describing the incident, it pointed to a now-remediated soft spot in its user authentication process. Risk monitoring systems had […]

The post Suspicious withdrawals were indeed a ‘security incident,’ $30M stolen, Crypto.com says appeared first on CyberScoop.

Continue reading Suspicious withdrawals were indeed a ‘security incident,’ $30M stolen, Crypto.com says→

FBI shifting cybercrime focus from arrests, indictments to payment seizures, incident response

Posted on January 13, 2022 by Tim Starks

In 2022, the FBI is looking to approach cybercrime differently. During separate public appearances on Thursday, two FBI officials said the bureau was going to change up how it deals with computer intrusions. “The FBI specifically is moving away from an indictment- and arrest-first model into the totality of imposing costs on our adversaries, and we’re making tremendous progress there,” said Bryan Vorndran, assistant director of the FBI’s cyber division. “There is a right time for indictments and arrests and certainly one of our goals to take players off the field. But at the end of the day, we’re a team member first before we’re prioritizing our own authorities.” Vorndran, speaking at an event hosted by the Silverado Policy Accelerator, touted the FBI’s workforce around the country and the skills they can bring to bear. “That decentralized workforce is a huge strength for our government, especially given the FBI statutory […]

The post FBI shifting cybercrime focus from arrests, indictments to payment seizures, incident response appeared first on CyberScoop.

Continue reading FBI shifting cybercrime focus from arrests, indictments to payment seizures, incident response→

Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds

Posted on January 6, 2022 by Tonya Riley

Cryptocurrency-based crime hit a new all-time high in 2021, researchers at Chainalysis said in a report published Thursday. According to the report, illicit addresses tracked by Chainalysis received $14 billion in deposits over the course of 2021, almost double the amount they collected in 2020. Rather than digital extortion, though, Chainalysis found it was actually cryptocurrency-related scams, namely investment-related fraud, and straight theft that saw the biggest jumps in 2021. Illicit revenue from scams rose by 82% in 2021 to $7.8 billion worth of cryptocurrency. Researchers attribute a large part of the growth to a boom in so-called “rug pulls,” a fraud scheme in which developers set up seemingly legitimate cryptocurrency projects with the intent to steal investors’ money and disappear. Of the over $2.8 billion lost to rug pull scams, roughly 90% can be attributed to an Istanbul-based exchange Thodex, whose CEO disappeared with users’ funds. But there are […]

The post Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds appeared first on CyberScoop.

Continue reading Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds→

After Joker’s Stash shutdown, the market for stolen financial data looks a lot different

Posted on December 20, 2021 by Joe Warminsky

The closure of the Joker’s Stash cybercrime forum put a lasting dent in the overall market for stolen payment-card data on the dark web, researchers say, amid other factors complicating business for crooks aiming to trade in illicit credit or debit card information. From mid-2020 to mid-2021, the value of the “carding” market fell to $1.4 billion, compared $1.9 billion during the same period a year earlier, according to cybersecurity company Group-IB, which attributes the shrinkage largely to the disappearance of Joker’s Stash. The FBI and Interpol disrupted the market’s digital infrastructure in December 2020, and by February 2021, it had shut down. The site hosted data dumps from all over the globe, including U.S. restaurant patrons and Indian bank customers. Criminal groups like the gang known as FIN7 knew they would find customers on the forum. (Those customers quickly scattered to myriad other sites.) While the market shift happened, […]

The post After Joker’s Stash shutdown, the market for stolen financial data looks a lot different appeared first on CyberScoop.

Continue reading After Joker’s Stash shutdown, the market for stolen financial data looks a lot different→

Former Ubiquiti employee charged with stealing data, extorting employer

Posted on December 2, 2021 by Tonya Riley

The FBI arrested a former employee of a U.S. technology company for allegedly breaching and stealing confidential data from his employer and then extorting the company for nearly $2 million. The defendant, Nickolas Sharp, after allegedly stealing sensitive information posed as a whistleblower to plant misleading news about the company’s breach, according to an indictment released Wednesday. The articles caused the company’s share price to drop, costing it to lose market value, according to the Justice Department. The indictment does not mention the company where Sharp worked, though the timeline and details of the incident match up with a breach of router company Ubiquiti discovered in January. An anonymous whistleblower accused the company of covering up the incident in March, matching with the FBI’s account of Sharp’s actions. Sharp’s LinkedIn confirms he worked at Ubiquiti at the time. The company did not immediately respond to a request for comment Thursday. […]

The post Former Ubiquiti employee charged with stealing data, extorting employer appeared first on CyberScoop.

Continue reading Former Ubiquiti employee charged with stealing data, extorting employer→

Months-long Interpol crackdown nets more than 1,000 online fraud arrests

Posted on November 29, 2021 by Tim Starks

An Interpol operation to combat online fraud concluded with the arrests of 1,003 people and the interception of $27 million in illicit funds, according to the international police organization, which conducted the crackdown alongside 20 countries. Waged from June to September of this year, “Operation HAECHI-II” targeted online crime like romance scams, investment fraud and money laundering associated with illegal online gambling. But it also turned up a business email compromise scheme in Colombia and led to alerts about malware tied to the popular Netflix show “Squid Game.” Interpol said the crackdown demonstrated how cybercrime has risen to new levels since the outbreak of the coronavirus. It’s the latest international warning about how the pandemic has fueled a crime wave, even setting aside attacks targeting the health care sector or exploiting COVID-19 that have flourished over the past two years. “The results of Operation HAECHI-II show that the surge in […]

The post Months-long Interpol crackdown nets more than 1,000 online fraud arrests appeared first on CyberScoop.

Continue reading Months-long Interpol crackdown nets more than 1,000 online fraud arrests→

‘Shiba Inu’ token scams surge with the virtual currency’s popularity

Posted on November 23, 2021 by Tonya Riley

When the Shiba Inu token, a meme-based virtual currency, hit its highest all-time value in October, it didn’t take long for scammers to seize on the trend for their own benefit. Live YouTube videos promising bogus giveaways of the token have racked up hundreds of thousands of views, while groups on Telegram promoting other frauds have also exploded, according to research shared exclusively with CyberScoop. Many Shiba scams identified by the security firm Tenable all take a nearly identical approach. Accounts live-stream old footage from a June event featuring Jack Dorsey and Elon Musk, a popular name among crypto enthusiasts, with on-screen instructions for users to send an arbitrary amount of currency into a wallet, with the promise of getting twice as much or more in return. Scams have earned $239,000 worth of cryptocurrency since October 20, based on an analysis of online wallet addresses associated with nefarious Shiba Inu-themed pages, […]

The post ‘Shiba Inu’ token scams surge with the virtual currency’s popularity appeared first on CyberScoop.

Continue reading ‘Shiba Inu’ token scams surge with the virtual currency’s popularity→

Banks must report major cyber incidents within 36 hours under finalized regulation

Posted on November 19, 2021 by Tim Starks

Banks must report major cybersecurity incidents to federal officials within 36 hours under a rule that U.S. financial regulators finalized on Thursday. Beginning in May 2022, financial executives will need to be more forthcoming about computer system failures and interruptions, such as ransomware or denial-of-service attacks that have the potential to disrupt customers’ ability to access their accounts, or impact the larger financial system. The rule, dubbed the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, was cemented by the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation. There is currently no specific window that banks must repot such incident to the agencies in question. The final approval comes as Congress weighs broader reporting rules for critical infrastructure owners and operators, and as the Transportation Security Administration has begun imposing reporting requirements on […]

The post Banks must report major cyber incidents within 36 hours under finalized regulation appeared first on CyberScoop.

Continue reading Banks must report major cyber incidents within 36 hours under finalized regulation→