2018, Cryptocurrency, Passwords and Social Engineering

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking

Hacking Social Engineering Phishing Scams

North Korea dedicates a hacking group to fund cyber crime

CyberSecurity Insiders

APRIL 5, 2023

According to a study conducted by se-curity firm Mandiant, the group has been in operation since 2018 and has now been tasked with carrying out both espionage and financially motivated attacks such as credential harvesting and social engineering.

Hacking

Hacking Social Engineering Cryptocurrency Manufacturing

The BlueNoroff cryptocurrency hunt is still on

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency

Cryptocurrency Malware Accountability Banking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. Some crypto currency exchanges use an even stronger method, of requiring confirmation both by an SMS to the phone and by email.

Cryptocurrency

Cryptocurrency Accountability Scams Social Engineering

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance

Insurance Cryptocurrency Cyber threats Marketing

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile

Mobile Phishing Authentication Accountability

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing

Phishing VPN Social Engineering Media

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. .

Mobile

Mobile Telecommunications Data breaches Identity Theft

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

The second half of 2018 saw a drop in the number of malicious programs downloaded via browsers reaching its minimum at less than 5%, while in the first half of 2019 only every 19 th download was initiated via means other than email. In 2017, password-protected archives accounted for only 0.08% of all malicious objects.

Ransomware

Ransomware Antivirus Malware Banking

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. By getting the user’s secret phrase, cybercriminals could get access to their cryptocurrency balance.

Phishing

Phishing Scams Accountability Energy and Utilities

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile

Mobile Cryptocurrency Accountability Passwords

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

The hacked forum database shows a user “tankska” registered on OGUsers back in July 2018, but only made one post asking about the price of an older Twitter account for sale. youth whose mom turned him in to the local police in February 2018 when she overheard him talking on the phone and pretending to be an AT&T employee.

Hacking

Hacking Accountability Scams Media

APT trends report Q1 2022

SecureList

APRIL 27, 2022

We had initially analyzed this Delphi malware in April 2018. This application contains a legitimate program called DeFi Wallet, that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed. We recently discovered a Trojanized DeFi application, compiled in November 2021. Final thoughts.

Malware

Malware Firmware Government Phishing

How Does Ransomware Work – All You Need to Know

Spinone

JANUARY 20, 2020

The most preferred method of ransom payment is cryptocurrency because it is hard to track. That is why hackers use social engineering tricks to pressure victims into paying a ransom. This type of ransomware reached its peak popularity in the years 2013-2018. Don’t provide your passwords to unreliable sites.

Ransomware

Ransomware Encryption Antivirus Backups

Spam and phishing in 2023

SecureList

MARCH 7, 2024

Cryptocurrency scams Phishing aimed at stealing crypto wallet credentials remained a common money-making tool. Fake pages mimicking popular cryptocurrency sites invited users to sign in with their wallet credentials. Scam sites also used cryptocurrency as bait. The required amount is most likely unattainable.

Phishing

Phishing Scams Cryptocurrency Accountability

New Cyberthreats for 2021

Adam Levin

DECEMBER 7, 2020

Many of the contact tracing scams of 2020 similarly followed social engineering scripts that have been used in taxpayer identity theft schemes since the 1990s as well. When applied to a set of 43 million compromised LinkedIn passwords, it was able to crack them with 27 percent accuracy. An artificially generated “person.”

IoT

IoT Artificial Intelligence Technology Scams

The History of Computer Viruses & Malware

eSecurity Planet

NOVEMBER 2, 2022

The document contained a list of pornographic sites, along with passwords for access to said sites and would then spread itself and its NSFW content by emailing the first 50 people in the victim’s contact list. Social engineering attacks soon found use in the digital space. GandCrab burst onto the scene in 2018.

Malware

Malware Ransomware Antivirus Internet

APT trends report Q2 2021

SecureList

JULY 29, 2021

We were able to trace the WebDav-O implant’s activity in our telemetry to at least 2018, indicating government affiliated targets based in Belarus. In recent operations, the group has focused on cryptocurrency businesses. The purpose of the campaign was to steal passwords stored in the password manager.

Malware

Malware Phishing Password Management Social Engineering

Cyber Security Informer

When Low-Tech Hacks Cause High-Impact Breaches

North Korea dedicates a hacking group to fund cyber crime

Webinars

Trending Sources

The BlueNoroff cryptocurrency hunt is still on

Webinars

Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

How 1-Time Passcodes Became a Corporate Liability

Voice Phishers Targeting Corporate VPNs

T-Mobile customers were hit with SIM swapping attacks

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Spam and phishing in 2022

Busting SIM Swappers and SIM Swap Myths

Twitter Hacking for Profit and the LoLs

APT trends report Q1 2022

How Does Ransomware Work – All You Need to Know

Spam and phishing in 2023

New Cyberthreats for 2021

The History of Computer Viruses & Malware

APT trends report Q2 2021

Stay Connected