2014, Cybercrime and Social Engineering

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

A sophisticated cybercrime campaign, dubbed Elusive Comet , has been uncovered, in which North Korean threat actors are exploiting Zoom's remote control feature to infiltrate the systems of cryptocurrency professionals. Lazarus is also behind significant cryptocurrency heists, such as the $1.5

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

The Justice Department says those indicted were members of a DPRK-sponsored cybercrime group variously identified by the security community as the Lazarus Group and Advanced Persistent Threat 38 (APT 38). billion from banks and other victims worldwide.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

North Korean threat actor APT43 pivots back to strategic cyberespionage

CSO Magazine

MARCH 29, 2023

It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38).

Social Engineering

Social Engineering Cybercrime Government Banking

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering VPN Phishing Authentication

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. 24, Russia invades Ukraine, and fault lines quickly begin to appear in the cybercrime underground. I will also continue to post on LinkedIn about new stories in 2023. In 2016, while the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “ fullz ,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

Reading Mandiant M-Trends 2023

Anton on Security

APRIL 20, 2023

Furthermore, these adversaries demonstrated a willingness to get personal with their targets, bullying and threatening many of them. ” NOT SURPRISING “Global median dwell time continued to improve year over year, with organizations detecting incidents in just over two weeks in 2022.

Social Engineering

Social Engineering Ransomware Cybercrime Cyber Attacks

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The CryptoLocker wave went into a decline in June 2014 as a result of the so-called Operation Tovar , an initiative orchestrated by law enforcement agencies from multiple countries. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift. pharma giant ExecuPharm.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Ex-NASA contractor pleaded guilty for cyberstalking crimes

Security Affairs

OCTOBER 14, 2018

The man acknowledged having targeted friends, co-workers, and family members, he used social engineering tricks and also used malware to compromise victims’ systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Identity Theft

Identity Theft Social Engineering Advertising Hacking

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Security Affairs

JUNE 20, 2020

The crooks exploited online tools and technology along with social engineering tactics to target the victims and steal usernames, passwords, and bank accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Scams

Scams Social Engineering Small Business Banking

Emotet spam uses unconventional IP address formats to evade detection

Security Affairs

JANUARY 24, 2022

Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. ” reported Trend Micro.

Malware

Malware Social Engineering Ransomware Banking

Reading the ENISA Threat Landscape Report 2018

Security Affairs

JANUARY 30, 2019

According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. Nation-state hacking reduced the use of complex malware and appears to go towards low profile social engineering attacks.

Cyber threats

Cyber threats IoT Social Engineering Advertising

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Experts revealed that the botnet was used by the TA505 cybercrime gang to distribute the FlawedAmmy RAT and some email stealers. In classic social engineering attack, the phishing message presents a “one time username and password” to the victims and urges the user to click the “Login Right Here” button. Pierluigi Paganini.

Phishing

Phishing Social Engineering Malware Advertising

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

According to the most recent statistics from the FBI ‘s Internet Crime Complaint Center , the most costly form of cybercrime stems from a complex type of fraud known as the “ B usiness E mail C ompromise” or BEC scam. Deleted Facebook Cybercrime Groups Had 300,000 Members. BK: And where are they coming from?

Scams

Scams Accountability Media Banking

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs

MARCH 30, 2020

. “It calls on its C&C server to fetch relevant web injections when infected users land on a targeted page and uses them to modify the pages users are browsing to include social engineering content and trick them into divulging personal information and authentication codes.” Pierluigi Paganini.

Banking

Banking Malware Social Engineering Advertising

Experts analyzed the distribution technique used in a recent Emotet campaign

Security Affairs

JANUARY 2, 2019

” The attack begins with an email message with a weaponized document that once opened will ask the victim to enable macros using social engineering tricks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Advertising Malware Engineering

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

OCTOBER 5, 2023

He previously chronicled the emergence of cybercrime while covering Microsoft for USA TODAY. I held this position from 2000 through 2014, during which time Windows emerged as a prime target for both precocious script kiddies and emerging criminal hacking rings. Erin: What role should governments play in combating cybercrime?

Cyber threats

Cyber threats Cyber Insurance Threat Detection Cybersecurity

Hacker stole $1m from Silicon Valley executive via SIM swap

Security Affairs

NOVEMBER 26, 2018

Typically the attacker gathers the information to respond the questions through social engineering or through OSINT activities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Identity Theft Social Engineering Advertising

Dridex targets MacOS users with a new delivery technique

Security Affairs

JANUARY 8, 2023

The Dridex banking Trojan that has been around since 2014, it was involved in numerous campaigns against financial institutions over the years and crooks have continuously improved it. The banking malware is believed to be operated by the cybercrime gang known as Evil Corp. ” concludes the report.

Banking

Banking Malware Social Engineering Cybercrime

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Security Affairs

FEBRUARY 26, 2020

The proof is the leverage of the current physical threat, the CoronaVirus (COVID-19), as a social engineering trick to infect the cyber world. It is not new for cyber-crooks to exploit social phenomena to spread malware in order to maximize the impact and dissemination of a malicious campaign. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Malware Social Engineering Advertising

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Security Affairs

OCTOBER 20, 2020

Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Social Engineering eCommerce Engineering

T-Mobile Store Owner Made $25M Illegally Unlocking Cellphones

SecureWorld News

AUGUST 4, 2022

Department of Justice (DOJ) says Argishti Khudaverdyan, 44, was found guilty of 14 federal criminal charges for the scheme he ran from 2014 to 2019 that netted $25 million in criminal proceeds. Very often he would socially engineer employees at the IT help desk to get their credentials. How was he unlocking these phones?

Mobile

Mobile Identity Theft Social Engineering Retail

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for running underground malware services Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs Computer Security and Data Privacy, the perfect alliance (..)

Data breaches

Data breaches Social Engineering Ransomware Malware

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

Security Affairs

AUGUST 13, 2020

Group-IB Threat Intelligence experts highlight that RedCurl’s approach resembles social engineering attacks that red teaming specialists usually conduct to test an organization’s ability to combat advanced cyberattacks using techniques and tools from hacker groups’ arsenals.

Phishing

Phishing Banking Social Engineering Advertising

How Hackers Access Direct Deposit Paycheck — And What to Do About It

Security Affairs

MAY 24, 2019

Instead, they use social engineering to pose as a person or company that the victim knows and responds to without question. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Security Affairs – Paycheck, cybercrime).

Phishing

Phishing Accountability Banking Social Engineering

5 Cybersecurity Trends in the Professional Services Sector

Security Affairs

SEPTEMBER 21, 2019

Hackers aren’t only coders — they’re also social engineers. Cybercrimes are more common than ever, but the number of people entering cybersecurity hasn’t kept up. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Employee Training on Phishing and Digital Security.

Cybersecurity

Cybersecurity Data breaches Phishing Ransomware

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Security Affairs

SEPTEMBER 2, 2018

Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Cryptocurrency Advertising Malware

Dutch police arrested the author of Dryad and Rubella Macro Builders

Security Affairs

JULY 19, 2019

It allows crooks to generate a malicious payload for social-engineering spam campaigns, the author was offering it as a service for a three-month license of $120. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Social Engineering Advertising Antivirus

Group-IB helped to arrest phone scammers profiting off the backs of the Russian elderly

Security Affairs

FEBRUARY 15, 2019

The scammers not only maintained secrecy but also improved their methods of social engineering: they quickly gained their victims’ trust, showed themselves to be intelligent and educated, and were persistent and aggressive. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Banking

Banking Scams Social Engineering Advertising

FBI and DHS CISA issue alerts on e-skimming attacks

Security Affairs

OCTOBER 23, 2019

The US FBI issued a warning for the US private sector about e-skimming attacks carried out by the Magecart cybercrime groups. Another attack scenario sees hackers targeting the administrators of the platform with social engineering attacks in an attempt to obtain his credentials and use them to plant the malicious code in the e-store.

Social Engineering

Social Engineering Advertising Software Government

Ocala City in Florida lost $742,000 following BEC attack

Security Affairs

NOVEMBER 4, 2019

This phase involves social engineering techniques, OSING, and also malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported BleepingComputer. Pierluigi Paganini. SecurityAffairs – BEC, Ocala City).

Scams

Scams Banking Social Engineering Accountability

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

OCTOBER 10, 2018

They were helped in one of their attacks by members of the group Anunak , which had not conducted at attack of this kind since 2014. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. The post Group-IB: $49.4

Cyber Attacks

Cyber Attacks Banking Cyber threats Phishing

2.6 billion records exposed in 2,308 disclosed data breaches in H1

Security Affairs

AUGUST 18, 2018

That said, tried and true social engineering techniques combined with the ability to take advantage of unpatched weaknesses are some of the most effective tools malicious actors can use. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. added Ms Goddijn. . Pierluigi Paganini. The post 2.6

Data breaches

Data breaches Social Engineering Cyber threats Phishing

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

NOVEMBER 6, 2018

In some cases, with founders’ consent, the assessment includes penetration testing using social engineering methods aimed at the network compromise through the most vulnerable link at any organization– humans. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Insurance

Insurance Cryptocurrency Cyber threats Marketing

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Cybercriminals use social engineering techniques to convince users to click on malicious links or extract archives. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Financial departments at high risk. Pierluigi Paganini.

Ransomware

Ransomware Antivirus Malware Banking

Prilex: the pricey prickle credit card complex

SecureList

SEPTEMBER 28, 2022

Active since 2014, in 2016, the group decided to give up ATM malware and focus all of their attacks on PoS systems, targeting the core of the payment industry. Warning from a PoS vendor about Prilex social engineering attacks. Brazilian cybercriminals have successfully launched replay attacks since at least 2014.

Malware

Malware Banking Software Encryption

APT trends report Q1 2021

SecureList

APRIL 27, 2021

It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. The samples were compiled in 2014 and, accordingly, were likely deployed in 2014 and possibly as late as 2015. FinFly Web is, in essence, a suite of tools and packages that implement a web-based exploitation server. Final thoughts.

Malware

Malware Government Spyware Social Engineering

IRISSCON 2022 roundup: a new hope

BH Consulting

NOVEMBER 15, 2022

He analysed ten years of ransomware and found the problem, in terms of volume and frequency, was in 2014. “So Detective Inspector Gerard Doyle of the Garda Siochana National Cybercrime Bureau urged victims not to pay the ransom. Sharon Conheady’s entertaining talk explored the ethical side of social engineering.

Insurance

Insurance Social Engineering Ransomware CISO

WinDealer dealing on the side

SecureList

JUNE 2, 2022

Seeing that some variants of their Android malware impersonate a popular messaging app in Asia, it is also likely that malicious APKs are distributed in a variety of ways, including social engineering to convince users to install fake updates for their applications.

Malware

Malware Encryption Social Engineering Telecommunications

Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates – Part 1

Cisco Security

MARCH 4, 2021

Without knowing much about me, she was very responsive and shared trust, insights, and tips in the right direction with me that contributed to my success and towards winning the social engineering capture-the-flag contest at DEF CON. She started working as the editor of AlienVault’s blog in 2014. Behind-the-Scenes Hero.

Cybersecurity

Cybersecurity Engineering Technology Education

Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

Malwarebytes

FEBRUARY 12, 2021

The real domain was registered in 2014 and we even found a billboard advertisement for it tweeted out on April 26 2019, long before the scammers had registered their copycat domain. On May 21 2020, the threat actor registered the domain name sassysenssations[.]com com which belongs to a legitimate business.

Scams

Scams Advertising Spyware Mobile

Top 5 Industries Most Vulnerable to Data Breaches in 2023

Security Boulevard

JUNE 26, 2023

Unfortunately, the increasing reliance on digital systems and capabilities has also attracted an ever-growing number of malicious actors seeking to defraud businesses through phishing , social engineering , or ransomware attacks. The end result of these types of cyber attacks are often highly public and damaging data breaches.

Data breaches

Data breaches Healthcare Telecommunications Financial Services

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

U.S. Indicts North Korean Hackers in Theft of $200 Million

Trending Sources

Cyber CEO: The History Of Cybercrime, From 1834 To Present

North Korean threat actor APT43 pivots back to strategic cyberespionage

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Happy 13th Birthday, KrebsOnSecurity!

Confessions of an ID Theft Kingpin, Part I

Reading Mandiant M-Trends 2023

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Ex-NASA contractor pleaded guilty for cyberstalking crimes

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Emotet spam uses unconventional IP address formats to evade detection

Reading the ENISA Threat Landscape Report 2018

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Experts analyzed the distribution technique used in a recent Emotet campaign

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

Hacker stole $1m from Silicon Valley executive via SIM swap

Dridex targets MacOS users with a new delivery technique

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

T-Mobile Store Owner Made $25M Illegally Unlocking Cellphones

Security Affairs newsletter Round 291

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

How Hackers Access Direct Deposit Paycheck — And What to Do About It

5 Cybersecurity Trends in the Professional Services Sector

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Dutch police arrested the author of Dryad and Rubella Macro Builders

Group-IB helped to arrest phone scammers profiting off the backs of the Russian elderly

FBI and DHS CISA issue alerts on e-skimming attacks

Ocala City in Florida lost $742,000 following BEC attack

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

2.6 billion records exposed in 2,308 disclosed data breaches in H1

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Prilex: the pricey prickle credit card complex

APT trends report Q1 2021

IRISSCON 2022 roundup: a new hope

WinDealer dealing on the side

Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates – Part 1

Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

Top 5 Industries Most Vulnerable to Data Breaches in 2023

Stay Connected