Is the Fxmsp hacking operation still in business? Experts say Fxmsp earned $1.5 million in illicit profits, thanks to a botnet-based business model that enabled the group to sell remote access to hacked networks. But then it advertised source code allegedly stolen from three anti-virus vendors.
How long does it take to become a reliable, trusted seller in the cybercrime-as-a-service ecosystem? For the Fxmsp hacking collective, experts say the answer is about a year. The group built a botnet that facilitated network intrusions and data exfiltration, but it was driven off cybercrime forums.
A man from the state of Washington has been sentenced to 13 months in federal prison for his role in developing the Satori botnet, which was used to conduct several large-scale DDoS attacks. The Justice Department also unsealed indictments naming co-conspirators.
Compromised Credentials Monitoring (CCM) allows users to monitor exposure of compromised credentials for their enterprise domains and customer email addresses to take action after breaches to mitigate risk of account takeover (ATO). Flashpoint's advanced technology quickly collects and processes data and credentials,...
The thriving cybercrime economy of vendors hawking illicit offerings on underground marketplaces grants access to resources that reduce barriers to entry for crimes ranging from fraud to DDoS attacks.
Pricing trends for these offerings shed light not only on their accessibility to threat actors, but also on how...
The attack sounds ripped from an episode of TV show "24": Hackers have infiltrated a government network, and they're days away from unleashing ransomware. Unfortunately for Florence, a city in Alabama, no one saved the day, and officials are sending $300,000 in bitcoins to attackers for a decryption key.
Cybercriminals are continuing to take advantage of unsecured Amazon S3 buckets, with RiskIQ researchers recently finding card skimming code and redirects to a long-running malvertising campaign infecting several websites.
The operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Server databases using brute-force methods in order to mine cryptocurrency, according to research from Sophos. In addition, the botnet operators have attempted to exploit the EternalBlue vulnerability.
Europe is targeting financial and economic crime, including fraud and money laundering, via the new European Financial and Economic Crime Center, hosted by the EU's law enforcement intelligence agency Europol. Officials say the launch of such a center during the COVID-19 pandemic is no accident.
Several U.S. energy providers have been targeted by a spear-phishing campaign attempting to spread a recently discovered Trojan called FlowCloud, according to Proofpoint research. The analysts have found connections between these attacks and another campaign using malware called LookBack.
Surveillance researchers at Citizen Lab have tied thousands of "Dark Basin" corporate espionage phishing attacks to a small Indian cybersecurity firm called BellTroX InfoTech Services. It's led by Sumit Gupta, who was indicted by the U.S. in 2015 for criminal hacking on behalf of private investigators.
Educational institutions and healthcare entities both have been favorite targets of hackers during the coronavirus pandemic - but academic healthcare systems involved with COVID-19 research appear to be in the bullseye. Among the latest institutions reportedly hit is the University of California San Francisco.
Ransomware gangs keep innovating: Maze has begun leaking data on behalf of both Lockbit and RagnarLocker, while REvil has started auctioning data - from victims who don't meet its ransom demands - to the highest bidder. Thankfully, security experts continue to release free decryptors for some strains.
A sophisticated strain of ransomware called Tycoon has been selectively targeting education and software companies since December 2019, according to a joint report released by BlackBerry and KPMG. Due to its unique development, this crypto-locking malware can target both Windows and Linux systems.
The Maze ransomware gang is hosting and promoting data stolen by other ransomware operators on its "Maze News" website, according to IBM researchers, who are concerned this could be a sign of growing collaboration among cybercrime groups.