Top Dark Web Markets: AlphaBay and Stolen Credentials

Dark web markets are constantly changing. The last major shakeup to occur was the disappearance of the Nucleus Market, which has been offline for nearly a month and a half. Since then, the site’s users have flocked to other markets in search of an alternative. Many of those users have transitioned to AlphaBay, the current king of… Read More

Credential Theft and the Problem of Non-Breach ‘Breaches’

Earlier this month, news outlets across the country reported on the latest mammoth list of stolen credentials — 272 million in total. “It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago,” Reuters reported. Turns out, the total number of actual accounts affected… Read More

Podcast: Hackers Get Hacked, SWIFT Attacks and a Ruling from the Supreme Court

A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 70: Hackers Get Hacked, SWIFT Attacks and a Ruling from the Supreme Court: The hacker forum Nulled.io was breached and the sensitive information of its members was made publicly available. SWIFT warned of more attacks against banks at the same time the… Read More

Ransomware Is Not the Top Cybersecurity Threat Facing the Healthcare Sector

Ransomware is making all the headlines so far in 2016. This threat has become so mainstream it has caused both the FBI and US-CERT to issue ransomware alerts, with the healthcare sector being mentioned in both. On March 31, 2016, the United States Computer Emergency Readiness Team (US-CERT) issued a ransomware warning concerning the Locky… Read More

What Can We Learn About Social Engineering From Impersonation?

With organizations losing billions of dollars due to business email compromise scams and thousands of employees having their W-2 information sent to criminals each week, it can be easy to think, “How can people be so dumb and keep falling for these same tricks?” When it comes to socially engineering an employee, most people think of email phishing — and… Read More

Will Your Internal Sharing of Data Cause a Breach?

On May 4 the United Kingdom’s Information Commissioner’s Office (ICO) announced a £185,000 fine against a health trust for inadvertently publishing the personal details of 6,574 staff members on its website. Blackpool Teaching Hospitals NHS Foundation Trust is required to post annual equality and diversity metrics. Unfortunately, the published spreadsheets contained “hidden data.” Simply double clicking on… Read More

Nucleus Market Vanishes – Now What?

Over the past year, the number two Dark Web market in terms of activity was Nucleus. As of late 2015, this market had more than 25,000 vendor listings, but on April 13 of this year, Nucleus disappeared. While it’s not the first time Nucleus has been down and it’s not uncommon for Dark Web markets… Read More

Podcast: More Bank Attacks, New Malware and Walmart Sues Visa

A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 69: More Bank Attacks, New Malware and Walmart Sues Visa: This week’s trending cybercrime events included data breaches at Google, Kiddicare, and InvestBank as well as a ransomware infection that led to YahooMail being temporarily banned from the House of Representatives and a… Read More

PII Data Breaches Trending In Critical Infrastructure

Over the last couple weeks, several critical infrastructure cyber-events made headlines in the Industrials, Energy, and Utilities industries. Some of these targets include the German Gundremmingen nuclear reactor, the Lansing Board of Water and Light (BWL), and the Canadian gold mining firm Goldcorp. While none of these cyber-attacks resulted in chaos, they did demonstrate weaknesses within… Read More