2023, Cybercrime and Web Fraud - Cyber Security Informer

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware. million phishing attempts in 2023.”

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Richard Sanders is a blockchain analyst and investigator who advises the law enforcement and intelligence community.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

For example, in its most recent transparency report (PDF) Verizon said it received more than 127,000 law enforcement demands for customer data in the second half of 2023 — including more than 36,000 EDRs — and that the company provided records in response to approximately 90 percent of requests.

Hacking

Hacking Accountability Government Social Engineering

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. Image: Shutterstock.

Cybercrime

Cybercrime Accountability Mobile Hacking

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market.

Phishing

Phishing Mobile Scams Retail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

stole at least $800,000 from at least five victims between August 2022 and March 2023. In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. .” Image credit: Amitai Cohen of Wiz.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. In May 2023, the U.S. authorities.

Phishing

Phishing Cybercrime Malware Software

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

” Infoblox determined that until May 2023, domains ending in.info accounted for the bulk of new registrations tied to the malicious link shortening service, which Infoblox has dubbed “ Prolific Puma.” For example, when it was registered through NameSilo in July 2023, the domain 1ox[.]us domains registered daily.US

Phishing

Phishing Telecommunications Malware Scams

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Services like SWAT are known as “Drops for stuff” on cybercrime forums. The login page for the criminal reshipping service SWAT USA Drop. “SwatVerified.”

Cybercrime

Cybercrime Marketing Scams Retail

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

In January 2023, the Faceless service website said it was willing to pay for information about previously undocumented security vulnerabilities in IoT devices. ” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade. In 2013, U.S.

Malware

Malware Passwords Accountability Advertising

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The answer involved Bitcoin, but also Taleon’s new service.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Mobile

Mobile Phishing Authentication Advertising

How Malicious Android Apps Slip Into Disguise

Krebs on Security

AUGUST 3, 2023

Eremin said ThreatFabric has seen this malware obfuscation method used a few times in the past, but in April 2023 it started finding many more variants of known mobile malware families leveraging it for stealth. Eremin said Google flagged their initial May 9, 2023 report as “high” severity.

Mobile

Mobile Malware Banking Cybercrime

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

xyz , a domain registered in November 2023. According to DomainTools.com , the organization that registered this domain is called “ apkdownloadweb ,” is based in Rajshahi, Bangladesh, and uses the DNS servers of a Web hosting company in Bangladesh called webhostbd[.]net.

Scams

Scams DNS Internet Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. billion last year.

Scams

Scams DDOS Cryptocurrency Accountability

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

Throughout 2023, Tornote was hosted with the Russian provider DDoS-Guard , at the Internet address 186.2.163[.]216. In keeping with the overall theme, these phishing domains appear focused on stealing usernames and passwords to some of the cybercrime underground’s busiest shops, including Brian’s Club. com , meternask[.]com

Phishing

Phishing Cryptocurrency DDOS Internet

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

AnonSudan ), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023. 2023), and OpenAI (Nov.

DDOS

DDOS Government Internet Internet

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce company’s app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove. .

Malware

Malware eCommerce Mobile Media

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In 2023, Suncity’s CEO was sentenced to 18 years in prison on charges of fraud, illegal gambling, and “ triad offenses,” i.e. working with Chinese transnational organized crime syndicates. cloud providers. ” A Suncity gambling site promoted via Funnull.

Accountability

Accountability Scams Passwords Retail

Cyber Security Informer

Booking.com Phishers May Leave You With Reservations

How Cryptocurrency Turns to Cash in Russian Banks

Trending Sources

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

The Dark Nexus Between Harm Groups and ‘The Com’

How Phished Data Turns into Apple & Google Wallets

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

The Stark Truth Behind the Resurgence of Russia’s Fin7

US Harbors Prolific Malicious Link Shortening Service

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Giving a Face to the Malware Proxy Service ‘Faceless’

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

How Malicious Android Apps Slip Into Disguise

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Interview With a Crypto Scam Investment Spammer

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Infrastructure Laundering: Blending in with the Cloud

Stay Connected