2018, Accountability, Cryptocurrency and Social Engineering

Fraudulent cryptocurrency investment apps are duping investors

Malwarebytes

JULY 19, 2022

Together with the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. Stay safe, everyone!

Cryptocurrency

Cryptocurrency Mobile Banking Internet

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

The BlueNoroff cryptocurrency hunt is still on

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency

Cryptocurrency Malware Accountability Banking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency

Security Boulevard

FEBRUARY 12, 2021

A SIM, or Subscriber Identity Module, is the little chip that goes inside a phone and ties that phone to a particular account at a particular mobile provider. If the phone provider believes you have a new phone, they can tell their system, this is the new SIM number that should be linked to your account. Sorry, couldn't resist!)

Cryptocurrency

Cryptocurrency Accountability Scams Social Engineering

SIM swapper jailed for 18 months over crypto heist

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. The theft happened on January 2018, where Truglia and his co-conspirators targeted Terpin with a SIM swap attack.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Media

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance

Insurance Cryptocurrency Cyber threats Marketing

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home. A phishing page (helpdesk-att[.]com)

Phishing

Phishing VPN Social Engineering Media

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile

Mobile Phishing Authentication Accountability

New PHP-based Ducktail infostealer is now after crypto wallets

Malwarebytes

OCTOBER 20, 2022

A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. Social engineering attacks and malware form the core of Ducktail's modus operandi.

Social Engineering

Social Engineering Malware Accountability Engineering

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. .

Mobile

Mobile Telecommunications Data breaches Identity Theft

Cyberthreats to financial organizations in 2022

SecureList

NOVEMBER 23, 2021

We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. In fact, from January through the end of October, Kaspersky detected more than 2,300 fraudulent global resources aimed at 85,000 potential crypto investors or users who are interested in cryptocurrency mining.

Cryptocurrency

Cryptocurrency Banking Cybercrime Ransomware

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. In 2018, their number grew to 3.6%, while in H1 2019 saw an unusual rise of up to 27.8%.

Ransomware

Ransomware Antivirus Malware Banking

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector. million (2.96 million (2.96

Cyber Attacks

Cyber Attacks Banking Cyber threats Phishing

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. For example, one website offered users to obtain a COVID vaccination certificate by entering their British National Health Service (NHS) account credentials.

Phishing

Phishing Scams Accountability Energy and Utilities

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking

Hacking Accountability Scams Media

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile

Mobile Cryptocurrency Accountability Passwords

Mobile malware evolution 2020

SecureList

MARCH 1, 2021

In their campaigns to infect mobile devices, cybercriminals always resort to social engineering tools, the most common of these passing a malicious application off as another, popular and desirable one. Users attacked by adware in 2018 through 2020 ( download ). Trends of the year. Attacks on personal data.

Mobile

Mobile Malware Adware Banking

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency. Roaming Mantis reaches Europe.

Phishing

Phishing Spyware Firmware Malware

How Does Ransomware Work – All You Need to Know

Spinone

JANUARY 20, 2020

Some estimates of the damages exceed one billion dollars, taking into account data loss, service outages, disrupted operations, and recovery. The most preferred method of ransom payment is cryptocurrency because it is hard to track. That is why hackers use social engineering tricks to pressure victims into paying a ransom.

Ransomware

Ransomware Encryption Antivirus Backups

Spam and phishing in 2023

SecureList

MARCH 7, 2024

To get access to the content (or contest), phishing sites prompted the victim to sign in to one of their gaming accounts. If the victim entered their credentials on the phishing form, the account was hijacked. The information could later be used to steal both funds from victims’ accounts and their identities.

Phishing

Phishing Scams Cryptocurrency Accountability

The History of Computer Viruses & Malware

eSecurity Planet

NOVEMBER 2, 2022

Social engineering attacks soon found use in the digital space. It could install a keylogging program, allowing the hacker to gain access to sensitive information like bank account details, passwords, and physical addresses as long as the victim typed that information into their computer at any point.

Malware

Malware Ransomware Antivirus Internet

APT trends report Q2 2021

SecureList

JULY 29, 2021

We were able to trace the WebDav-O implant’s activity in our telemetry to at least 2018, indicating government affiliated targets based in Belarus. In recent operations, the group has focused on cryptocurrency businesses. We observed several types of backdoor.

Malware

Malware Phishing Password Management Social Engineering

New Cyberthreats for 2021

Adam Levin

DECEMBER 7, 2020

Many of the contact tracing scams of 2020 similarly followed social engineering scripts that have been used in taxpayer identity theft schemes since the 1990s as well. This represents an evolutionary step beyond credential stuffing (a crime where the target’s passwords are used to access other accounts).

IoT

IoT Artificial Intelligence Technology Scams

Cyber Security Informer

Fraudulent cryptocurrency investment apps are duping investors

When Low-Tech Hacks Cause High-Impact Breaches

Webinars

Trending Sources

The BlueNoroff cryptocurrency hunt is still on

Webinars

Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency

SIM swapper jailed for 18 months over crypto heist

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Voice Phishers Targeting Corporate VPNs

How 1-Time Passcodes Became a Corporate Liability

New PHP-based Ducktail infostealer is now after crypto wallets

T-Mobile customers were hit with SIM swapping attacks

Cyberthreats to financial organizations in 2022

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Spam and phishing in 2022

Twitter Hacking for Profit and the LoLs

Busting SIM Swappers and SIM Swap Myths

Mobile malware evolution 2020

IT threat evolution Q1 2022

How Does Ransomware Work – All You Need to Know

Spam and phishing in 2023

The History of Computer Viruses & Malware

APT trends report Q2 2021

New Cyberthreats for 2021

Stay Connected