Financial – Page 30 – WindowsTechs.com

How hackers took over Facebook accounts to steal $4 million, promote scams

Posted on October 1, 2020 by Sean Lyngaas

Facebook has fended off plenty of phony, pill-pushing ad campaigns over the years, but the company disrupted one effort last year that was particularly pernicious, and effective. Hackers defrauded Facebook users out of more than $4 million in a scheme that security staffers have connected to a cybercrime network in China. The details, revealed Thursday, demonstrate how attackers breached hundreds of thousands of Facebook accounts, scouring for users with payment methods attached to their profile, such as PayPal. The attackers would disable users’ notifications, and abuse their access to the victim account to place advertisements for diet pills and counterfeit products. The hackers delivered their malware, dubbed SilentFade, through web browsers, rather than Facebook itself, making it more difficult to detect and root out. “We anticipate more platform-specific malware to appear for platforms serving large and growing audiences, as the evolving ecosystem targeting Facebook demonstrates,” Facebook researchers Sanchit Karve and Jennifer Urgilez wrote in a […]

The post How hackers took over Facebook accounts to steal $4 million, promote scams appeared first on CyberScoop.

Continue reading How hackers took over Facebook accounts to steal $4 million, promote scams→

Helping to pay off ransomware hackers could draw big penalties from the feds

Posted on October 1, 2020 by Tim Starks

Anyone who helps ransomware victims pay off hackers who are under U.S. sanctions could face stiff punishment themselves, the Treasury Department said Thursday. The advisory from Treasury’s Office of Foreign Assets Control served notice to financial institutions and cyber insurance companies — as well as cybersecurity firms that help ransomware victims identify and respond to attacks — that they could suffer fines if they aided payments to attackers from places like Russia, North Korea or Iran that are on the U.S. sanctions list. And OFAC indicated it would be inclined to be strict about it: Those civil penalties could be levied against companies that didn’t know they were facilitating ransom payments to hackers on its sanctions list. “OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if it did not know or have reason […]

The post Helping to pay off ransomware hackers could draw big penalties from the feds appeared first on CyberScoop.

Continue reading Helping to pay off ransomware hackers could draw big penalties from the feds→

IPO all over again: McAfee prepares for return to Nasdaq

Posted on September 29, 2020 by Joe Warminsky

More than two decades since its last initial public offering, McAfee is planning another one. The Silicon Valley cybersecurity giant filed Monday for an IPO on the Nasdaq, a move that would separate the company from buyout firm TPG, which spun off McAfee from Intel in 2017. McAfee set a placeholder valuation of $100 million for the IPO, but the actual number is expected to be about $8 billion. There is no guarantee the company will have a successful IPO, or raise that amount of money, even as investors pour funds into public firms at a breakneck pace. The IPO market is nearing the end of the busiest third quarter for deals since 2000, the Wall Street Journal reported. Another company with cybersecurity interests, the big-data firm Palantir, is set to begin trading Wednesday on the New York Stock Exchange. Intel had acquired McAfee in 2010 for $7.7 billion. In 2017, TPG took a […]

The post IPO all over again: McAfee prepares for return to Nasdaq appeared first on CyberScoop.

Continue reading IPO all over again: McAfee prepares for return to Nasdaq→

Nigerian scammer sentenced for defrauding targets out of $1 million in office supplies

Posted on September 23, 2020 by Shannon Vavra

Olumide Ogunremi, a Nigerian national, was sentenced Wednesday to three years in prison for his role in a hacking operation aimed at U.S. government employees, the Department of Justice announced Wednesday. Ogunremi, along with other alleged co-conspirators, targeted government employees with spoofed email pages that imitated U.S. government agencies’ email systems in order to steal their access credentials, prosecutors said. After government personnel visited the pages and fell for the trick, the fraudsters used the stolen usernames and passwords to then fraudulently order office products from General Services Administration vendors, according to the DOJ. The operation, which lasted from approximately July 2013 through December 2013, convinced government vendors to send office products, such as printer toner cartridges, to New Jersey. The products would then be repackaged and shipped overseas to locations controlled by Ogunremi and co-conspirators, the Justice Department said. In some cases, the co-conspirators leveraged web pages that imitated the U.S. Environmental Protection […]

The post Nigerian scammer sentenced for defrauding targets out of $1 million in office supplies appeared first on CyberScoop.

Continue reading Nigerian scammer sentenced for defrauding targets out of $1 million in office supplies→

Secret Service looks to outsiders to boost financial cybercrime probes

Posted on September 23, 2020 by Shannon Vavra

The U.S. Secret Service is pulling in outside expertise from the private sector and U.S. Cyber Command as it weighs changes to its investigative methods in an attempt to keep pace with international hackers. The engagement with Cyber Command, the Pentagon’s offensive cyber unit, is focused on learning from the military’s experience with transnational cybercriminals, a Secret Service official told CyberScoop. The Secret Service’s efforts to consult with private sector experts, meanwhile, is focused on specifically overhauling the agency’s investigative practices. The effort to consult with outside expertise comes as part of a recognition that the Secret Service lacks the latest techniques needed to root out financially motivated hackers. To formalize its interest in tapping into the private sector’s understanding of scammers’ latest tactics, the agency earlier this year established an advisory group composed of cybersecurity practitioners from the private sector, academia, and U.S. government, as CyberScoop first reported. Known as the Cyber Investigations Advisory Board (CIAB), the group met last week […]

The post Secret Service looks to outsiders to boost financial cybercrime probes appeared first on CyberScoop.

Continue reading Secret Service looks to outsiders to boost financial cybercrime probes→

‘Dark Overlord’ hacker pleads guilty, sentenced to 5 years for extortion threats

Posted on September 21, 2020 by Jeff Stone

Years after he threatened to publicly release information from hacking victims unless they agreed to his digital extortion demands, Nathan Wyatt is headed to a U.S. prison. A judge in the Eastern District of Missouri on Monday sentenced Wyatt, 39, to five years in prison after he pleaded guilty to assisting a hacking crew known as The Dark Overlord. Wyatt, who had previously entered a plea of not guilty, participated in a court hearing by phone from a jail in St. Charles County, Missouri. “I’d like to apologize for the role that I played in this,” Wyatt said, through tears, adding that he struggles with a mental illness that affects his decision-making ability. “I can promise you that I just want to go home to my family. I’m out of that world, and I don’t want to see another computer for the rest of my life.” Wyatt also is subject to […]

The post ‘Dark Overlord’ hacker pleads guilty, sentenced to 5 years for extortion threats appeared first on CyberScoop.

Continue reading ‘Dark Overlord’ hacker pleads guilty, sentenced to 5 years for extortion threats→

Co-founder of cyber fraud prevention startup arrested for alleged fraud

Posted on September 17, 2020 by Shannon Vavra

The co-founder of a cyber fraud prevention company was arrested Thursday and charged with leading an alleged scheme to trick investors into sinking hundreds of millions of dollars into the startup, the Department of Justice and the Securities and Exchange Commission (SEC) announced Thursday. Investors were shown falsified financial documents as part of the pitch for the software-as-a-service provider, Las Vegas-based NS8, the SEC and FBI said. Adam Rogas, the co-founder and former CEO of the startup, touted bank statements showing payments from NS8 customers that never happened, according to the SEC. “As alleged in our complaint, Rogas falsely presented NS8 as a successful business by fabricating revenue figures and providing them to investors,” said Kurt L. Gottschall, Director of the SEC’s Denver Regional Office. “Investors are entitled to accurate information about a company’s financial condition and the SEC is committed to holding accountable corporate executives who deceive investors.” Rogas is also alleged to have pocketed at least […]

The post Co-founder of cyber fraud prevention startup arrested for alleged fraud appeared first on CyberScoop.

Continue reading Co-founder of cyber fraud prevention startup arrested for alleged fraud→

US charges, sanctions Russians accused of stealing $17 million from crypto exchanges

Posted on September 16, 2020 by Jeff Stone

A U.S. federal grand jury has indicted two Russian men in connection with an email scam that defrauded American cryptocurrency exchanges out of nearly $17 million. The Department of Justice on Wednesday unsealed charges against the Russian nationals, Danil Potekhin and Dmitrii Karasavidi, accusing them of using a combination of phishing messages and spoofed websites to steal virtual currency from users at three cryptocurrency exchanges. The fraud effort netted attackers $16.8 million from 2017 to 2018, according to the Justice Department. A grand jury returned the charges in February. By directing victims to visit financial websites that seemed legitimate, the attackers duped traders into entering their usernames and passwords into sites under their control. After gathering the credentials from their malicious site, Potekhin and Karasavidi directed funds from those accounts into their own, prosecutors said. The U.S. Treasury Department also announced Wednesday it has enacted sanctions against the two men, forbidding […]

The post US charges, sanctions Russians accused of stealing $17 million from crypto exchanges appeared first on CyberScoop.

Continue reading US charges, sanctions Russians accused of stealing $17 million from crypto exchanges→

Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020

Posted on September 11, 2020 by Jeff Stone

Nearly half of the cyber-insurance claims filed in the first half of this year were the result of ransomware attacks, further proof that digital extortion attempts are having a ripple effect throughout the private sector. Ransomware attacks were the cause of 41% of the cyber-insurance claims filed over the first six months of 2020, according to a report published by Coalition, a cyber-insurance vendor that compiled the data based on findings from 25,000 small and medium-sized companies in the U.S. and Canada. Coalition reported a 47% increase in the number of ransomware attacks, with the average size of the demand jumping by 46% over the time period in question. While cyber-insurance vendors have financial interest in emphasizing the frequency and severity of ransomware attacks, the latest figures come after a series of similar numbers hinted at the size of the ransomware problem. Beazley Breach Response, a unit of the London-based […]

The post Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020 appeared first on CyberScoop.

Continue reading Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020→

The most popular brand websites hackers use for typosquatting campaigns

Posted on September 1, 2020 by Shannon Vavra

The most imitated websites that credential-stealing, financially-motivated hackers have resorted to mimicking include Wells Fargo, Netflix, Facebook, and Microsoft, according to new Palo Alto Networks research published Tuesday. Some of the other top brands that hackers have mimicked with typosquatting, a technique that relies on victims glancing over typos in website names that appear similar to other popular legitimate sites, also include PayPal, Apple, Royal Bank of Canada, LinkedIn, Google, Apple’s iCloud, Bank of America, Dropbox, Amazon, and Instagram, according to the research, which examines data collected in December 2019. The hackers have been using these malicious domains to distribute malware, reward scams, run phishing campaigns and technical support scams, Palo Alto Networks’ Unit 42 researchers said in a blog post. Of nearly 13,857 squatting domains registered in December, 18.59% are malicious, “often distributing malware or conducting phishing attacks.” Typosquatting has long been a favorite tactic for attackers looking to […]

The post The most popular brand websites hackers use for typosquatting campaigns appeared first on CyberScoop.

Continue reading The most popular brand websites hackers use for typosquatting campaigns→