2024 and Cybercrime - Cyber Security Informer

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds.

Cybercrime

Cybercrime Phishing Accountability Internet

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. for customers to use as needed.

Cybercrime

Cybercrime Data breaches Technology Banking

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime

Cybercrime Ransomware Healthcare Hacking

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. In case you missed any of them, here’s a recap of 2024’s most-read stories.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Krebs on Security

MAY 28, 2025

This wasnt just a scam operation – it was essentially a cybercrime university that empowered fraudsters globally, NCCIA Director Abdul Ghaffar said at a press briefing. Prior to folding their operations behind WeCodeSolutions, Shahzad and others arrested this month operated as a web hosting group calling itself The Manipulaters.

Malware

Malware Cybercrime Antivirus Scams

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Security Affairs

JUNE 9, 2025

A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability ( CVE-2024-3721 ) in TBK DVR-4104 and DVR-4216 digital video recording devices.

IoT

IoT Firmware Malware Architecture

CrowdStrike 2025 Global Threat Report: 51-Second Breaches Shake Cybercrime

eSecurity Planet

MARCH 3, 2025

The business of cybercrime Cybercriminals are no longer disorganized hackers. A dramatic 442% surge in vishing attacks during the latter half of 2024 further illustrates the lengths to which adversaries will go to exploit vulnerabilities. They are now running highly efficient operations that mirror legitimate business models.

Threat Reports

Threat Reports Cybercrime Artificial Intelligence Social Engineering

Russia Charges Notorious Ransomware Developer in Rare Cybercrime Case

SecureWorld News

DECEMBER 3, 2024

In a surprising move related to international cybercrime, Russian authorities have charged Mikhail Matveev, also known as "Wazawaka," with creating ransomware to extort commercial organizations, according to Russian media outlet RIA. Despite U.S.

Cybercrime

Cybercrime Ransomware Healthcare Cryptocurrency

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Krebs on Security

MAY 29, 2025

“Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024,” reads a statement from the U.S. In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions that found much of the malicious traffic traversing Starks network (e.g.

Scams

Scams Internet Internet Cybercrime

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944 , 0ktapus ) with conspiracy to commit wire fraud. In January 2024, U.S.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Cybercrime Soars: FBI's 2024 Report Reveals $16.6 Billion in Losses

SecureWorld News

MAY 14, 2025

The FBI's Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report, marking a record-breaking year in cybercrime. In 2024, law enforcement in India conducted multiple call center raids, disruptions, seizures, and arrests of the individuals alleged to be involved in perpetrating these crimes.

Cybercrime

Cybercrime Scams Internet Internet

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums. Araneida Scanner’s Telegram channel bragging about how customers are using the service for cybercrime. The service’s Telegram channel boasts nearly 500 subscribers and explains how to use the tool for malicious purposes.

Hacking

Hacking Cybercrime Advertising Data breaches

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work com and rdp[.]monster;

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the SonicWall’s advisory.

VPN

VPN Ransomware Firewall Internet

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. The flaw CVE-2024-4577 (CVSS score: 9.8) Over 1,000 attacks detected globally. is a PHP-CGI OS Command Injection Vulnerability.

DDOS

DDOS Security Intelligence Hacking Malware

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Security Affairs

MAY 15, 2025

Kosovar citizen extradited to the US for running the cybercrime marketplace BlackDB.cc Kosovo citizen Liridon Masurica (33) of Gjilan, was extradited to the US for running the cybercrime marketplace BlackDB.cc Kosovo police arrested Masurica (aka @blackdb) on December 12, 2024. In December 2024, the U.S. Assistant U.S.

Cybercrime

Cybercrime Identity Theft Hacking Cryptocurrency

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST. effective July 20, 2024. The bulletproof hosting provider BEARHOST. This screenshot has been machine-translated from Russian. Image: Ke-la.com.

Malware

Malware Antivirus Software DDOS

Operation ENDGAME disrupted global ransomware infrastructure

Security Affairs

MAY 25, 2025

. “A Command Post was set up at Europol headquarters in The Hague during the action week, with investigators from Canada, Denmark, France, Germany, the Netherlands, the United Kingdom and the United States working with Europols European Cybercrime Centre and its Joint Cybercrime Action Taskforce.”

Ransomware

Ransomware Cybercrime Malware Cryptocurrency

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Krebs on Security

OCTOBER 18, 2024

USDoD was known to use the hacker handles “ Equation Corp ” and “ NetSec ,” and according to the cyber intelligence platform Intel 471 NetSec posted a thread on the now-defunct cybercrime community RaidForums on Feb. Image: Hackread.com. ” When KrebsOnSecurity last communicated with USDoD via Telegram on Aug.

Social Engineering

Social Engineering Passwords Cybercrime Mobile

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

AnonSudan ), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a.

DDOS

DDOS Government Internet Internet

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Nor did he respond to reporting here in January 2024 that he ran an IT company with a 34-year-old Russian man named Aleksandr Ermakov , who was sanctioned by authorities in Australia, the U.K. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile. “I’m also godfather of his second son.”

Advertising

Advertising Retail Cryptocurrency Cybercrime

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

On November 8, 2024, Finastra notified financial institution customers that on Nov. 8, a cybercriminal using the nickname “ abyss0 ” posted on the English-language cybercrime community BreachForums that they’d stolen files belonging to some of Finastra’s largest banking clients. ” On Nov.

Data breaches

Data breaches Banking Cybercrime Advertising

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. A full, defanged list of domains is available here.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Change Healthcare data breach impacted over 100 million people

Security Affairs

OCTOBER 25, 2024

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals.

Data breaches

Data breaches Healthcare Cybercrime Insurance

Change Healthcare data breach exposed the private data of over half the U.S.

Security Affairs

JANUARY 26, 2025

In October 2024, UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat.

Healthcare

Healthcare Data breaches Insurance Cybercrime

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services.

Ransomware

Ransomware Identity Theft Data breaches Cyber threats

Financial cyberthreats in 2024

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing

Phishing Banking Scams Mobile

Best of 2024: Massive Online Shopping Scam Racks Up 850,000 Victims

Security Boulevard

DECEMBER 23, 2024

The post Best of 2024: Massive Online Shopping Scam Racks Up 850,000 Victims appeared first on Security Boulevard. Chinese crooks are running a global network of more than 75,000 fake online shops to steal credit card data and process fraudulent payments.

Scams

Scams eCommerce Cybercrime

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Security Affairs

MARCH 1, 2025

These individuals are members of a global cybercrime ring tracked as Storm-2139 by Microsoft. ” The IT giant started the investigation in December 2024 when Microsofts Digital Crimes Unit (DCU) filed a lawsuit in the Eastern District of Virginia alleging various causes of action against 10 unidentified individuals violating U.S.

Cybercrime

Cybercrime Technology Hacking Accountability

Ransomware Threats, Led by FunkSec, Rise to New Heights

Security Boulevard

JANUARY 28, 2025

Ransomware attacks surged to a record high in December 2024, with 574 incidents reported, according to an NCC Group report. FunkSec, a newly identified group combining hacktivism and cybercrime, accounted for over 100 attacks (18% of the total), making it the most active group that month, ahead of Cl0p, Akira and RansomHub.

Ransomware

Ransomware Cybercrime Accountability Cybersecurity

U.S. cannabis dispensary STIIIZY disclosed a data breach

Security Affairs

JANUARY 11, 2025

The security breach exposed customer data and IDs between October 10 and November 10, 2024. “On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.”

Data breaches

Data breaches Retail Cybercrime Government

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

This domain was featured in a writeup from February 2024 by the security firm Lookout , which found it was one of dozens being used by a prolific and audacious voice phishing group it dubbed “ Crypto Chameleon.” Before we get to the Apple scam in detail, we need to revisit Tony’s case. “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

A member of the Scattered Spider cybercrime group pleads guilty

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. ” Source News4Jax The charges relate to his alleged role in the Scattered Spider cybercrime group (also known as UNC3944 , 0ktapus ). .” In January 2024, U.S. ” reported News4Jax.

Cybercrime

Cybercrime Identity Theft Social Engineering Hacking

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina. In September 2024, KrebsOnSecurity reported that a 17-year-old from the United Kingdom was arrested last year by U.K.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Security Affairs

MAY 27, 2025

Sophos states that DragonForce ransomware operators chainedthe three vulnerabilities, tracked as CVE-2024-57727 , CVE-2024-57728 , and CVE-2024-57726 , for initial access. DragonForce runs a cybercrime affiliate service, letting affiliates use its tools to launch attacks and extort victims.

Ransomware

Ransomware Software Retail Data breaches

Breachforums Boss to Pay $700k in Healthcare Breach

Krebs on Security

MAY 15, 2025

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick , a.k.a.

Healthcare

Healthcare Insurance Data breaches Government

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

In several posts to an English-language cybercrime forum in November, Kiberphant0m leaked some of the phone records and threatened to leak them all unless paid a ransom. In late November 2024, Canadian authorities arrested a third alleged member of the extortion conspiracy , 25-year-old Connor Riley Moucka of Kitchener, Ontario.

Hacking

Hacking Government Identity Theft Accountability

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity

Cybersecurity Social Engineering Cyber threats Software

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Security Affairs

DECEMBER 6, 2024

Threat actors gained access to credentials for election-related websites, and then leaked them on Russian cybercrime forums a few days before the presidential election. 756/2024 and the implementation calendar approved by Government Decision no. 756/2024 and the implementation calendar approved by Government Decision no.

Government

Government Cybercrime Cyber Attacks Hacking

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.” At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. ” reads the update published by Cisco.

Data breaches

Data breaches Cybercrime Authentication Technology

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. ” The group was spotted using zero-day vulnerabilities in Advantive VeraCore respectively tracked as CVE-2024-57968 (CVSS score of 9.9) ” reads the analysis published by Intezer.

Manufacturing

Manufacturing Cybercrime Authentication Hacking

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

The Hacker News

NOVEMBER 26, 2024

An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent.

Cybercrime

Cybercrime Ransomware

Why Phishers Love New TLDs Like.shop,top and.xyz

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Trending Sources

Russian Phobos ransomware operator faces cybercrime charges

Happy 15th Anniversary, KrebsOnSecurity!

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

CrowdStrike 2025 Global Threat Report: 51-Second Breaches Shake Cybercrime

Russia Charges Notorious Ransomware Developer in Rare Cybercrime Case

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Cybercrime Soars: FBI's 2024 Report Reveals $16.6 Billion in Losses

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

How Cryptocurrency Turns to Cash in Russian Banks

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Operation ENDGAME disrupted global ransomware infrastructure

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

An Interview With the Target & Home Depot Hacker

Fintech Giant Finastra Investigating Data Breach

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Booking.com Phishers May Leave You With Reservations

Change Healthcare data breach impacted over 100 million people

Change Healthcare data breach exposed the private data of over half the U.S.

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Financial cyberthreats in 2024

Best of 2024: Massive Online Shopping Scam Racks Up 850,000 Victims

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Ransomware Threats, Led by FunkSec, Rise to New Heights

U.S. cannabis dispensary STIIIZY disclosed a data breach

A Day in the Life of a Prolific Voice Phishing Crew

A member of the Scattered Spider cybercrime group pleads guilty

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Breachforums Boss to Pay $700k in Healthcare Breach

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Cisco states that the second data leak is linked to the one from October

XE Group shifts from credit card skimming to exploiting zero-days

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

Stay Connected