Financial – Page 24 – WindowsTechs.com

Ransomware hackers turn to virtual machine software to boost extortion schemes

Posted on February 26, 2021 by Sean Lyngaas

Ransomware gangs that target big corporations for extortion have long designed their code to execute on Microsoft Windows systems because of the popularity of the operating software. Now, though, crooks are increasingly applying that tactic to the “hypervisor” computer servers that organizations use to manage virtual machines as a way of maximizing their extortion schemes, security firm CrowdStrike said Friday. Ransomware hackers have targeted hospitals and schools throughout the pandemic, a security challenge that the Biden administration has vowed to address. Alejandro Mayorkas, the newly installed Homeland Security secretary, on Thursday called ransomware attacks on U.S. public and private organizations an “epidemic” while pledging more government resources to fight the problem. Breaching a hypervisor is an efficient way for the scammers to encrypt all of the virtual machines running on that software system without having to individually infect each machine. The goal is to up the pressure on big […]

The post Ransomware hackers turn to virtual machine software to boost extortion schemes appeared first on CyberScoop.

Continue reading Ransomware hackers turn to virtual machine software to boost extortion schemes→

Biden signs executive order demanding supply chain security review

Posted on February 24, 2021 by Tim Starks

President Joe Biden signed an executive order on Wednesday directing federal agencies to conduct a review of supply chain security risks in industries including information technology. While a significant goal of the order is to address shortages of a wide assortment of critical imported components such as electric batteries and pharmaceuticals, it does include a mandated review of the information and communications technology sector. A prominent justification for the review is a desire to rely less on semiconductors manufactured overseas. Biden, at a news conference to herald his signing of the executive order, said “we need to make sure these supply chains are secure and reliable.” It’s an issue, he said, “of both concern for economic security as well as our national security.” Espionage remains a significant concern, as well, after hackers leveraged access in a federal contractor to gather sensitive from throughout the U.S. government. The supply chain danger […]

The post Biden signs executive order demanding supply chain security review appeared first on CyberScoop.

Continue reading Biden signs executive order demanding supply chain security review→

How does an organization completely delete records?

Posted on February 24, 2021 by scientist

As given here: Permanently delete a record it is not fully possible to remove data completely.
Then what do financial institutions do? Institutions that store authenticating delicate details? Even if those are encrypted and key deleted har… Continue reading How does an organization completely delete records?→

FireEye IDs hacking group suspected in Accellion, Kroger breach

Posted on February 22, 2021 by Jeff Stone

Security investigators have identified the hacking group suspected to be behind a data breach of an IT firm that has affected a number of corporations, law firms and other organizations in recent months. Accellion, a software firm that provides file transfer services to more than 3,000 clients, on Monday said that UNC2546, a “criminal” attacker, had exploited multiple vulnerabilities in Accellion software to install malware. The group appeared to infiltrate an Accellion tool to gather information from Accellion clients, then contact victims, threatening to publish their stolen data. Mandiant, the incident response arm of the security vendor FireEye, made the determination that UNC3546 was behind the incident. The breach at Accellion, uncovered on Dec. 23, involved an attacker leveraging a zero-day vulnerability to break into the Palo Alto-based cloud company’s secure file transfer application, or FTA. “The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, […]

The post FireEye IDs hacking group suspected in Accellion, Kroger breach appeared first on CyberScoop.

Continue reading FireEye IDs hacking group suspected in Accellion, Kroger breach→

US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree

Posted on February 17, 2021 by Tim Starks

Prosecutors unsealed an indictment on Wednesday charging three North Korean computer programmers with a criminal conspiracy to steal and extort $1.3 billion from financial institutions and companies in both cryptocurrency and cash. The charges expand on the first case brought in 2018 against a North Korean regime-affiliated hacker tied to some of the nation’s most prominent alleged hacking campaigns, including the 2014 Sony attack, the 2016 Bangladesh bank heist and the 2017 WannaCry outbreak. In a second unsealed case on Wednesday, a Canadian-American citizen pleaded guilty to serving as a money launderer for numerous schemes, including a cyber bank heist that North Korean hackers orchestrated. “As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said Assistant Attorney General John Demers of the Justice Department’s National Security Division. The indictment […]

The post US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree appeared first on CyberScoop.

Continue reading US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree→

Nigerian man sentenced 10 years for $11 million phishing scam

Posted on February 17, 2021 by Shannon Vavra

A Nigerian national, Obinwanne Okeke, has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses. The scheme, which lasted from 2015 to 2019, targeted Unatrac Holding Limited, a British firm that acted as the export sales office for Caterpillar, with fake invoices and wire transfer requests. The FBI opened an investigation into the alleged scam in 2018 after Unatrac raised alarm about an email compromise operation that had targeted the firm, according to court documents. The scheme collected the credentials of hundreds of victims over the course of the operation, according to the FBI press release on the matter. It’s the kind of business email compromise scam that plagues businesses around the world. There were $1.7 billion worth of losses caused by BEC scams in 2019 alone, the most recent year the FBI has published data […]

The post Nigerian man sentenced 10 years for $11 million phishing scam appeared first on CyberScoop.

Continue reading Nigerian man sentenced 10 years for $11 million phishing scam→

Ukrainian gets US prison term in decade-old cybercrime, money-laundering case

Posted on February 12, 2021 by Joe Warminsky

In a case that stretches back to a much simpler era for cybercrime, a Ukrainian man was sentenced Thursday to more than seven years in prison after pleading guilty to helping launder money for Eastern Europeans who hacked into U.S. bank accounts. The U.S. Department of Justice said Aleksandr Musienko, 38, agreed to an 87-month prison term and $98,751.64 in restitution under the plea deal. From 2009 to 2012, Musienko, who sometimes used the alias Robert Davis, “partnered with Eastern European computer hackers to obtain over $3 million from U.S. victims’ bank accounts and launder the stolen funds from U.S. bank accounts overseas,” the department said Thursday in announcing the deal. Musienko ran a network of “money mules” as part of the scheme, prosecutors said. The FBI’s Charlotte, North Carolina, office took the lead in prosecuting Musienko, focusing on a specific fraud case in that state. According to a 2016 […]

The post Ukrainian gets US prison term in decade-old cybercrime, money-laundering case appeared first on CyberScoop.

Continue reading Ukrainian gets US prison term in decade-old cybercrime, money-laundering case→

Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders

Posted on February 11, 2021 by Tim Starks

Food delivery apps have taken off during the pandemic, and it looks like fraudsters have taken notice. Fraud detection company Sift said Thursday it has seen a rash of scams within the chat app Telegram that target restaurants and delivery apps for theft. It’s a low-level grift that goes like this: The fraudsters advertise in Telegram forums that they can illicitly buy food orders at steep discounts, around 60%-75% off. Diners send a direct message with a screen shot of their food app shopping cart and delivery address. The diner then pays the fraudster for the discounted meal in cryptocurrency, and the fraudster in turn covers the full cost through a new account, stolen credit card information or a hacked account. Diners get their food at a discount, restaurants are stuck with bogus payments, and the crooks get away with a profit. And all of it happens in a chat […]

The post Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders appeared first on CyberScoop.

Continue reading Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders→

SIM-swapping gang busted for targeting ‘influencers, sports stars, musicians’

Posted on February 10, 2021 by Joe Warminsky

International police say 10 suspects have been arrested for fraudulently accessing the phones of celebrities to steal about $100 million cryptocurrency as well as personal data throughout 2020. The sting included eight arrests in the United Kingdom as well as one in Malta and another in Belgium, according to Europol. The U.S. Secret Service, Department of Homeland Security and FBI were all involved in the operation, the U.K.’s National Crime Agency (NCA) said. As of Wednesday morning, it was unclear who the victims were, but the NCA said they included “well-known influencers, sports stars, musicians, and their families.” Neither Europol nor the NCA named the suspects. Victims’ phones were targeted via SIM swapping, police said. Unlike a direct hack on a person’s device, SIM swapping — also known as SIM hijacking — typically involves a little help from other humans. Scammers often take over a person’s digital profile by deactivating […]

The post SIM-swapping gang busted for targeting ‘influencers, sports stars, musicians’ appeared first on CyberScoop.

Continue reading SIM-swapping gang busted for targeting ‘influencers, sports stars, musicians’→

Serbian man extradited to US over cryptocurrency mining fraud scheme

Posted on February 5, 2021 by Tim Starks

Serbia extradited a man to the U.S. to face charges that he and his partners defrauded investors out of more than $70 million, in part by touting phony cryptocurrency mining companies, authorities announced Friday. The Serbian man, Antonije Stojilkovic, stands accused of conspiracy to commit fraud and money laundering, charges for which he could face 20 years in prison. “This $70 million scam spanned several continents, targeting American citizens and foreigners alike,” said Prerak Shah, acting U.S. Attorney for the Northern District of Texas. “The U.S. Department of Justice will not relent in our fight against cybercrime.” Stojilkovic and his co-conspirators advertised that their cryptocurrency mining platforms would allow investors to “purchase bitcoin at half market price!!” because of a “24-7 mining” operation at “facilities ‘worldwide,’” according to a Justice Department press release. In propping up those companies and others devoted to binary options — more than 20 in all […]

The post Serbian man extradited to US over cryptocurrency mining fraud scheme appeared first on CyberScoop.

Continue reading Serbian man extradited to US over cryptocurrency mining fraud scheme→