Financial – Page 11 – WindowsTechs.com

Corporate espionage hackers RedCurl return after hiatus with improved tools

Posted on November 18, 2021 by Tim Starks

A corporate espionage organization known as RedCurl that made waves before disappearing last year has resurfaced with a fresh batch of attacks and sharpened tools for the task, researchers at cybersecurity firm Group-IB said Thursday. The group’s four known attacks since the beginning of 2021 include one against one of Russia’s largest wholesalers, which provides home, leisure and office goods, Group-IB found. Overall, the company concluded that RedCurl has been behind more than 30 attacks during a three-year span. RedCurl’s tactical improvements after a seven-month absence include upgrades to most of its tools, such as more effective data encryption for its malware. “Corporate cyber espionage is still a relatively rare and, in many ways, unique occurrence,” Group-IB’s report reads. “However, it is possible that the group’s success could lead to a new trend in cybercrime.” Despite the rarity of corporate cyber espionage, Group-IB’s report on the RedCurl revival is the […]

The post Corporate espionage hackers RedCurl return after hiatus with improved tools appeared first on CyberScoop.

Continue reading Corporate espionage hackers RedCurl return after hiatus with improved tools→

Alleged FIN7 scammer Denys Iarmak is set to plead guilty

Posted on November 16, 2021 by Jeff Stone

An alleged member of the FIN7 hacking group is set to plead guilty, admitting to a role in a criminal organization that used front companies and array of fraud techniques to steal more than $1 billion from victims worldwide, CyberScoop has learned. Attorneys for Denys Iarmak, a Ukrainian national, have notified a federal court in Washington state that Iarmak intends to change his plea after he declared himself not guilty at a May 2020 arraignment hearing. While one defense counselor said Iarmak could change his mind before his next hearing, scheduled for Nov. 22, attorneys have agreed in principle to a plea deal with the U.S. Department of Justice. “That’s what’s most likely,” said defense attorney Michael Craig Nance, who is representing Iarmak in the Western District of Washington. “It’s not final until a person stands in court and says they’re guilty.” Iarmk was initially charged with a range of […]

The post Alleged FIN7 scammer Denys Iarmak is set to plead guilty appeared first on CyberScoop.

Continue reading Alleged FIN7 scammer Denys Iarmak is set to plead guilty→

A new group of cyber mercenaries targets businesses, journalists — including some in Russia

Posted on November 10, 2021 by Tonya Riley

Trend Micro said on Wednesday it has discovered a new Russian-language cyber mercenary group that has been going after targets ranging from Russian businesses to journalists and politicians. Researchers discovered the group after a long-time target of Pawn Storm, a hacking group connected to Russian intelligence, also known as Fancy Bear and APT28, said in March of 2020 that hackers targeted his wife with phishing emails. Trend Micro found that the indicators didn’t match Pawn Storm, and attributed the attacks to another Russian-language group it named Void Balaur. Unlike APT28, Void Balaur appears to be an independent group willing to hack into the emails of targets as diverse as aviation companies in Russia to human rights activists in Uzbekistan, according to Trend Micro. “Their targets are really a mixed bag,” lead researcher Feike Hacquebord said in an interview. “It looks like a lot of different customers are using them and […]

The post A new group of cyber mercenaries targets businesses, journalists — including some in Russia appeared first on CyberScoop.

Continue reading A new group of cyber mercenaries targets businesses, journalists — including some in Russia→

Robinhood breach exposed information on 7 million people

Posted on November 9, 2021 by Tim Starks

Robinhood, a popular stock-trading app, said that it has been breached by someone who accessed information on 7 million people, then sought to extort the company. The breach on Nov. 3 provided access to 5 million email addresses and 2 million full names, with another approximately 310 having additional information like zip codes and dates of birth exposed. Around 10 more had “more extensive account details” exposed, the company announced on Monday. Robinhood has become a force in the financial market, with 18 million clients and $80 billion in assets, a summer filing stated. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood’s statement reads. It’s the first notable cyber incident on the company to […]

The post Robinhood breach exposed information on 7 million people appeared first on CyberScoop.

Continue reading Robinhood breach exposed information on 7 million people→

Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft

Posted on November 3, 2021 by AJ Vicens

Back in June, police in Spain arrested 16 people accused of being part of a gang laundering stolen money with the Mekotio and Grandoreiro banking trojans. The suspects in that arrest had already swiped more than $320,000, authorities said, but were on the verge of taking about $4 million before their arrests. But that arrest wasn’t the end for the malware. In the last three months, Mekotio malware has been used to actively target victims again, a report published Wednesday by Check Point Research suggests, with more than 100 attacks detected that show new stealth and evasion techniques in Brazil, Chile, Mexico, Spain and Peru. “Although the Spanish Civil Guard announced the arrest of 16 people involved with Mekotio distribution in July 2021, it appears the gang behind the malware is still active,” said Kobi Eisenkraft, the malware research and protection team leader at Check Point. The research, written by […]

The post Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft appeared first on CyberScoop.

Continue reading Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft→

FTC wants to know when financial data is compromised, will require encryption

Posted on October 28, 2021 by Tonya Riley

The Federal Trade Commission is weighing updating its rules to require financial institutions to report within 30 days any security incidents in which misuse of customer data of at least 1,000 customers likely occurred. The information requested by the FTC under a proposal published Wednesday would include the name and contact information of an affected institution, the type of data involved in the event and the timeframe of the incident. The FTC notes that similar information is required under many state breach reporting laws, and that the FTC does not consider the information requested to be “confidential or proprietary.” The proposal adds to a list of agency actions putting privacy at the center of its enforcement agenda. Requiring breach notifications from financial institutions would give the lead consumer protection agency in the U.S. more information to bolster its oversight of an industry that increasingly is vacuuming up more consumer data. […]

The post FTC wants to know when financial data is compromised, will require encryption appeared first on CyberScoop.

Continue reading FTC wants to know when financial data is compromised, will require encryption→

‘Cyber event’ knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak

Posted on October 27, 2021 by Tim Starks

A “cyber event” knocked plants and distribution centers offline at Schreiber Foods, a multibillion-dollar dairy company, a spokesperson told CyberScoop Wednesday. The incident began affecting operations Friday evening, according Schreiber Foods’ Andrew Tobisch. “We began the process of bringing our plants and distribution centers back up late Monday,” he said. Tobisch would not answer whether the “cyber event” was a ransomware attack, as one news outlet reported. Nonetheless, it marks the latest incident afflicting the food and agriculture sector, a trend that has drawn attention from U.S. national security agencies in recent months. The May ransomware attack on meat supplier JBS, in which the firm paid an $11 million extortion fee, was the most prominent, followed by attacks on two grain cooperatives. Attackers hit Iowa-based New Cooperative in September, demanding $5.9 million, and Crystal Valley Cooperative, a Minnesota agriculture supplier. That series of events triggered an FBI private industry notice, […]

The post ‘Cyber event’ knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak appeared first on CyberScoop.

Continue reading ‘Cyber event’ knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak→

Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users’ passwords

Posted on October 26, 2021 by AJ Vicens

Email fraudsters are seizing on the attention around the quick response codes that have become more common in restaurants and stories, leveraging QR codes try to steal users’ Microsoft credentials and other data. The latest campaign, uncovered Tuesday by the email security company Abnormal, leveraged compromised email accounts in order to bypass standard security screening, then target nearly 200 email accounts between Sept. 15 and Oct. 13, 2021. The operation is the latest example of QR code-enabled phishing, with warnings about “QRishing” or “quishing” dating back to at least 2012. The Better Business Bureau warned of such scams this summer, and the Army Criminal Investigation Command’s Major Cybercrime Unit warned of potential problems in March. An earlier version of the effort unveiled Tuesday embedded a malicious link behind what looked like a voicemail .WAV file. When that link was flagged by security screening services, attackers then switched to a QR […]

The post Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users’ passwords appeared first on CyberScoop.

Continue reading Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users’ passwords→

‘Bulletproof’ hosting operators sentenced for role in aiding spread of Zeus malware, which stole $100 million

Posted on October 21, 2021 by Tim Starks

A federal judge sentenced two men to multi-year prison terms for their role in providing services to cybercriminals, including some big name malware that cost victims millions of dollars in losses, the Justice Department announced Wednesday. Chief Judge Denise Page Hood of the U.S. District Court for the Eastern District of Michigan gave Pavel Stassi of Estonia 24 months in prison and Aleksandr Skorodumov of Lithuania received 48 months after pleading guilty to one count each of RICO conspiracy. The two men were part of a larger operation providing “bulletproof hosting,” which involved hosting rented IP addresses, servers, domains and malware to scammers in a way that provided more anonymity and protection from law enforcement than more legitimate hosting providers would provide. The operation in which Stassi and Skorodumov were members from 2009 to 2015 hosted the Zeus malware, used to steal more than $100 million from victims. It also […]

The post ‘Bulletproof’ hosting operators sentenced for role in aiding spread of Zeus malware, which stole $100 million appeared first on CyberScoop.

Continue reading ‘Bulletproof’ hosting operators sentenced for role in aiding spread of Zeus malware, which stole $100 million→

Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group

Posted on October 20, 2021 by AJ Vicens

Evil Corp., one of the most notorious and prolific Russian cybercrime groups in recent years with a leader who has been accused of working with Russian intelligence, was reportedly behind last weekend’s cyberattack on Sinclair Broadcast Group. The revelation, first reported by Bloomberg Wednesday, is noteworthy because the U.S. Treasury department sanctioned the group in December, 2o19, making any U.S. company’s transactions with it illegal. The group used a new strain of malware called Macaw in the Sinclair attack, said Allan Liska, a senior threat analyst at Recorded Future. The Justice Department also announced a sealed indictment against Evil Corp. leader Maksim Yakubets in 2019 the same day as the Treasury sanctions. The U.S. government accused Yakubets and another Russian national, Igor Turashev, of being behind malware strains known as Bugat and Dridex, which authorities say hackers employed to target hundreds of banks in more than 40 countries and net the […]

The post Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group appeared first on CyberScoop.

Continue reading Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group→