Behind the Scenes of a $170 Million Payment Card Fraud Operation

On Friday, 32-year-old Russian hacker Roman Seleznev was sentenced to 27 years in prison for running a cybercriminal operation that stole millions of payment cards, resulting in at least $169 million in damages to small business and financial institutions. It’s the longest sentence ever issued in the U.S. for cybercrime, and the court documents and… Read More

Weekly Cyber Risk Roundup: Payment Card Data at Risk Due to POS Breaches and Ecommerce Vulnerabilities

Point-of-sale breaches were once again among the week’s top trending cybercrime targets, as InterContinental Hotels Group (IHG) announced that its previously disclosed POS breach had expanded from the dozen properties reported in February to at least 1,175 properties. Affected hotels include popular brands such as Holiday Inn, Holiday Inn Express, InterContinental, Kimpton Hotels, Crowne Plaza,… Read More

Do You Know Your Adversary?

Threat intelligence means a lot of different things to different people. Oftentimes organizations think of tactical information that helps defenders in their on-the-network battles with the bad guys. But, as Forrester Research recently noted in their report Achieve Early Success In Threat Intelligence With The Right Collection Strategy: “Don’t fall into the trap of subscribing to tactical… Read More

Slew of Source Code and Malware Leaks Increases Risk for Organizations

Earlier this month, an undergraduate student in Korea apologized for creating and making public the joke ransomware “Resenware.” The malware didn’t ask for money to decrypt files; instead, it required victims to score more than 200 million points on the “lunatic” level of the shooting game Touhou Seirensen ~ Undefined Fantastic Object. The student told… Read More

Weekly Cyber Risk Roundup: Payment Card Breaches, Malicious Insiders, and Regulatory Action

Gamestop was the week’s top trending cybercrime target as the company is investigating reports that customer payment card information may have been stolen from gamestop.com. In addition to Gamestop, payment card information was also stolen from the restaurant chain Shoney’s and a series of car washes have issued breach notification letters tied to a compromise… Read More

New Cryptocurrencies Gain Traction, Spark Concern For Law Enforcement

Last month a new ransomware emerged known as “Kirk Ransomware.” The malware was interesting not just because of the Star Trek-themed imagery of James Kirk and Spock that it used, but also because it may be the first ransomware to demand payment via the cryptocurrency Monero. There are literally hundreds of different types of existing… Read More

Weekly Cyber Risk Roundup: Scottrade Exposes Data and ATMs Get Blown Up, Drilled and Infected

The CIA remained as the top trending cybercrime of the week as WikiLeaks released a fourth set of documents related to the agency. The new dump includes 27 documents from the CIA’s Grasshopper framework, which WikiLeaks described as “a platform used to build customized malware payloads for Microsoft Windows operating systems.” The leaked CIA tools… Read More

AlphaBay to Begin Accepting Ethereum as the Bitcoin Alternative Grows More Popular

Beginning next month, malicious actors using the dark web marketplace AlphaBay will be able to buy and sell their goods using the growing cryptocurrency platform Ethereum. Ethereum will become the third payment option available on the market, joining the longstanding cryptocurrency king bitcoin as well as the privacy-focused Monero, which was adopted by AlphaBay last… Read More

Weekly Cyber Risk Roundup: More CIA Leaks, New Mirai Attacks, and LastPass Vulnerabilities

The CIA remained as the top trending cybercrime target of the week as WikiLeaks released a third set of documents related to the agency. The new release includes 676 source code files for the CIA’s secret anti-forensic Marble Framework, which WikiLeaks said “is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans… Read More

Weekly Cyber Risk Roundup: JobLink, $100 Million BEC Scam and Other Breaches

Third-party cybersecurity issues were once again front and center this past week as America’s JobLink, a web-based system that links jobs seekers with employers, was compromised by a malicious actor, leading to a series of data breach announcements from states that use the system. “On February 20, 2017, a hacker created a job seeker account… Read More