Security Experts:

Cybercrime
long dotted

NEWS & INDUSTRY UPDATES

New study from Dragos shows that non-targeted malware hits roughly 3,000 unique industrial sites a year and targeted ICS attacks are not so rare [Read More]
The United States warned Tuesday that extremists plan to target passenger jets with bombs hidden in electronic devices, and banned carrying them onto flights from 10 Middle East airports. [Read More]
In a high-stakes congressional hearing followed live by millions in America and around the world, James Comey flatly rejected Trump's explosive claim that he was wiretapped by his predecessor Barack Obama. [Read More]
The Kremlin denied any official Russian involvement in cybercrimes after the US indicted two FSB intelligence agents over cyberattacks on Yahoo that compromised 500 million accounts. [Read More]
A newly discovered piece of ransomware that features a Star Trek-theme targets 625 file types and demands the ransom be paid in Monero, security researchers have discovered. [Read More]
A series "fileless attacks" previously attributed to two different threat attackers are now believed to have been carried out by the same actor, researchers say. [Read More]
The Association of British Travel Agents (ABTA) today informed users of a breach that may have affected up to 43,000 customers. [Read More]
With billions of stolen login credentials available on the dark web, bad bots are busy testing them against websites all over the globe. [Read More]
Newly observed ransomware campaigns are leveraging installer files from the Nullsoft Scriptable Install System (NSIS) to hide malicious code, Microsoft says. [Read More]
New Trojan dubbed Acronym is possibly linked to the malware family used in the Potao Express campaign [Read More]

FEATURES, INSIGHTS // Cybercrime

rss icon

Jack Danahy's picture
Identifying malicious software by recognizing that it just damaged the system or exfiltrated some amount of information is no longer defense, but detection.
Lance Cottrell's picture
In addition to basic credit monitoring, breached companies need to get ahead of the attacks and start providing security solutions that actually protect the victims before they are victimized again.
Adam Meyer's picture
While malicious actors demanding ransoms is not new, the surge of organizations being targeted with fake extortion demands and empty threats is. Let’s look at how extortion campaigns are carried out through the “avenue of approach” lens.
Alastair Paterson's picture
It’s natural to think that their adversaries are all financially motivated, but many are not. In 2016 we saw drivers like hacktivism, ideological differences and intelligence gathering also motivating attacks.
Jack Danahy's picture
Protection against the effects of ransomware starts with a clear understanding of all of the means that attackers will use to implant that first malicious package.
Scott Simkin's picture
Attackers have developed anti-VM analysis techniques to allow the malware to recognize when it is being run on a virtual machine and fail to execute, meaning the system or threat analytics cannot make a verdict determination or extract intelligence from the sample.
Josh Lefkowitz's picture
It’s critical to recognize that there will always be virtual ways in which terrorists and other criminals can create threats that no border process or physical security program can stop.
Alastair Paterson's picture
It’s fairly typical for bad actors to escalate extortion-based campaigns during seasonal events when the stakes for targets are high.
Jack Danahy's picture
The impact of ransomware has expanded from an IT nuisance to attacks that can shut down and potentially ruin the businesses they infect.
Torsten George's picture
While effective at curbing “petty crimes” such as credit skimming / cloning, EMV does not address more sophisticated cyber-attacks that target backend systems which contain card holders’ most sensitive information.