Financial – Page 14 – WindowsTechs.com

FBI warns that Hive ransomware hackers are calling victims by phone

Posted on August 27, 2021 by Jeff Stone

Americans already trying to avoid calls from telemarketers, call support scammers and long-winded in-laws now have another reason to ignore that ringing phone: ransomware hackers. Scammers affiliated with a digital extortion outfit known as Hive are using phone calls to dial victims who are infected with a malicious software strain that locks up their files until they agree to pay a hostage fee, according to an August 25 FBI alert. Investigators first observed hackers deploying the malware in June, with attackers leveraging Microsoft’s Remote Desktop Protocol to infect business networks. In some cases, if victims don’t pay the demanded fee within two to six days, they have reported receiving phone calls from the hacking group. It’s the latest iteration of a personal tactic pioneered by other gangs — Maze, Conti and Ryuk, for instance — in which malware operators are thought to outsource tasks to a call center. Security firms […]

The post FBI warns that Hive ransomware hackers are calling victims by phone appeared first on CyberScoop.

Continue reading FBI warns that Hive ransomware hackers are calling victims by phone→

White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

Posted on August 26, 2021 by Tim Starks

The White House summit Wednesday demonstrated positive momentum for both the Biden administration and private sector in terms of their approach to cybersecurity, but also laid bare what remains inadequate, cyber experts said. The high-profile meeting brought together CEOs from the education, energy, finance, insurance and tech sectors, featuring companies like Amazon, Bank of America and ConocoPhillips. Some pledged billions more in cyber investments, while others committed to providing training and smaller services in response to the administration’s “call to action.” While impressive, observers noted, those commitments will require considerable follow-up, from expansion to other sectors to policy changes that could emerge from closer-knit relationships between industry and government. Even as the nonprofit Global Cyber Alliance’s Megan Stifel commended the White House for holding the meeting and the broad commitments that the companies made, she said it illustrated the lengths to which the U.S. can improve national cybersecurity. “A couple […]

The post White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead appeared first on CyberScoop.

Continue reading White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead→

Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack

Posted on August 26, 2021 by Tonya Riley

Poly Network has completely recovered all $610 million worth of user assets stolen by a hacker earlier this month, the company announced Thursday. In an unusual twist, the hacker returned roughly half of the assets within the first 24 hours and the rest later. The hacker had exploited a vulnerability in the company’s system that allows different chains of cryptocurrency to communicate. The hacker has claimed that he hacked the company “for fun” and had never intended to keep the money. “That’s always the plan! I am _not_ very interested in money!” he wrote in a message alongside the online transactions. “I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” The company offered the hacker a $500,000 bug bounty for finding the vulnerability as well as a role as its chief security officer, both of which he declined. The company said that it […]

The post Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack appeared first on CyberScoop.

Continue reading Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack→

White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending

Posted on August 25, 2021 by Tim Starks

The Biden administration on Wednesday announced initiatives to bolster supply chain and natural gas pipeline security, following a White House private sector cybersecurity summit where major companies pledged billions of dollars in cyber spending. The National Institute of Standards and Technology will collaborate with industry to develop guidelines for building secure technology, in the first of two administration initiatives. In the other, the administration formally expanded its industrial control systems cybersecurity initiative — under which 150 electric utilities agreed to deploy control system security tech — to natural gas pipelines. Tech giants, insurance companies and educational organizations exit the summit with cybersecurity commitments large and small. Among those vowing the biggest dedication of dollars: Microsoft announced $20 billion over five years to integrate “cybersecurity by design,” which means incorporating security into products as they’re being built, while Google announced $10 billion over the same period to expand “zero trust” programs, […]

The post White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending appeared first on CyberScoop.

Continue reading White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending→

Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’

Posted on August 25, 2021 by Tim Starks

President Joe Biden will huddle Wednesday with industry leaders to issue a “call to action” on cybersecurity and make “concrete announcements” to counter the fundamental causes of cyberattacks, according to a senior administration official. It’s a star-studded afternoon gathering scheduled to include the likes of Apple CEO Tim Cook and JPMorgan Chase CEO Jamie Dimon from the financial, technology, energy, insurance and education sectors, then feature discussions led by top administration officials. The White House has been working to secure commitments from industry in advance of the meeting, mostly in the areas of “technology and talent,” the official said in a background call with reporters on Tuesday. Two points of emphasis, the official said, are building technology that is secure from the outset, and better defending critical infrastructure after the ransomware attack on Colonial Pipeline led to a fuel scare. “We need to bake in security by design into tech,” […]

The post Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’ appeared first on CyberScoop.

Continue reading Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’→

Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions

Posted on August 24, 2021 by Tim Starks

A malicious version of a popular modification or “mod” of the encrypted messaging app WhatsApp is carrying a mobile trojan that can launch advertisements, issue paid subscriptions and intercept text messages, security researchers said Tuesday. According to Kaspersky, hackers inserted the Triada trojan into a modified version of FMWhatapp, a WhatsApp mod. Such mods have a following among users who want to customize WhatsApp, such as being able to send larger files or apply custom animated themes. FMWhatsapp isn’t available on the Google Play store and is only available via third party websites, which means users who desire the extra features the mod offers don’t get the security protections inherent in more officially-vetted apps. Kaspersky first spotted Triada in 2016, when the company deemed the hacking tool “one of the most advanced mobile Trojans our malware analysts have ever encountered.” Users grant FMWhatsapp permission to read SMS messages, Kaspersky said, […]

The post Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions appeared first on CyberScoop.

Continue reading Hackers exploit WhatsApp modification tool to snoop on texts, force paid subscriptions→

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up

Posted on August 23, 2021 by Tim Starks

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Two separate CEOs of major insurance giants remarked in recent weeks about a considerable jump in cyber insurance premium prices: AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too. Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses. “That is not addressing by itself the fundamental issue,” he said. Those are just two data points about how, in the past year, the evolution of ransomware has radically altered the landscape of cyber insurance, according to analysts inside and outside the industry. Cyber insurance covers a range of ransomware-related costs, like extortion demands, remediation efforts and other losses. Ransomware […]

The post Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up appeared first on CyberScoop.

Continue reading Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up→

Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer

Posted on August 19, 2021 by Tim Starks

Ransomware operators have taken their profession’s profitability to new heights in the last couple years by outsourcing their work with the “ransomware-as-a-service” model, in which hackers lease out their malware in exchange for shares of the resulting extortion payments. Now, a cyber firm has found a ransomware operator going one step further: asking prospective victim companies’ personnel to deploy ransomware on their behalf, then take a cut of the proceeds. Abnormal Security on Thursday said it recently blocked a batch of emails to its customers that solicited recipients to infect their employers’ networks with ransomware. Researchers set up a fake identity to communicate with the would-be ransomware/insider scheme mastermind — who went by the screen name “Pablo” — under the ruse that the persona would do Pablo’s criminal bidding. The incident, which occurred in mid-August, marks another tactical swerve in the ever-shifting world of ransomware techniques, and if Pablo’s to […]

The post Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer appeared first on CyberScoop.

Continue reading Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer→

Ohio man pleads guilty to role in $300-million cryptocurrency laundering service

Posted on August 18, 2021 by Sean Lyngaas

A 38-year-old Ohio man has pleaded guilty to his role in a cryptocurrency laundering service that moved some $300 million on behalf of dark web marketplaces and other clients, the Justice Department said Wednesday. Larry Dean Harmon admitted to running Helix, a popular service for concealing the source of bitcoin transactions, from 2014 to 2017. Helix allegedly worked with AlphaBay, a notorious $1 billion marketplace for hacking tools and drugs that security researchers recently warned could be coming back online. Harmon faces up to 20 years in prison and a $500,000 fine, according to the Justice Department. A lawyer for Harmon could not be reached for comment. As part of his plea deal, Harmon agreed to forfeit more than $200 million in bitcoin. After a multi-year investigation of Helix, U.S. law enforcement arrested Harmon in his hometown of Akron in February, 2020. The U.S. Treasury’s Financial Crimes Enforcement Network has […]

The post Ohio man pleads guilty to role in $300-million cryptocurrency laundering service appeared first on CyberScoop.

Continue reading Ohio man pleads guilty to role in $300-million cryptocurrency laundering service→

Japan’s Tokio Marine is the latest insurer to be victimized by ransomware

Posted on August 17, 2021 by Tim Starks

Ransomware struck Japan’s largest property and casualty insurer, Tokio Marine Holdings, at its Singapore branch, the company disclosed on Monday. Tokio Marine, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was breached. Such data could be a smorgasbord for hackers who would use the data to extort victims based on their coverage amounts. It’s at least the third major insurer to disclose a ransomware attack in recent months, following CNA and AXA. And it’s the second insurer just this week, with Ryan Specialty Group — fresh off launching an initial public offering — to disclose a cyber incident. Cyber insurers have, of late, taken to asking more detailed questions about policyholders’ cybersecurity safeguards as a condition for providing coverage. But the spate of recent successful attacks suggests that insurers, too, might need to step up […]

The post Japan’s Tokio Marine is the latest insurer to be victimized by ransomware appeared first on CyberScoop.

Continue reading Japan’s Tokio Marine is the latest insurer to be victimized by ransomware→