The latest edition of the ISMG Security Report features a discussion with FBI Agent Elvis Chan on the cyber disruptions to expect immediately after the Nov. 3 U.S. election. Also featured: smart lock security flaws; cryptocurrency-funded crimes in 2021.
Security researchers at Imperva have uncovered a botnet that attacks vulnerabilities in websites' underlying content management systems and then uses these compromised servers to mine for cryptocurrency or send spam to more victims.
"Cybercrime is an evolution, not a revolution," says Europol's Philipp Amann, who oversees the EU law enforcement intelligence agency's annual study of the latest cyber-enabled crime trends. Ransomware, social engineering and the criminal abuse of cryptocurrency and encryption are some of the top threats.
The Treasury Department has fined the owner of two bitcoin "mixing" sites $60 million for violating anti-money laundering laws. It's the first time the department's Financial Crimes Enforcement Network has issued a civil monetary penalty against the operator of a cryptocurrency site.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
John McAfee, the founder of the cybersecurity firm that bears his name who also is a serial entrepreneur and a former presidential candidate, has been charged with federal income tax evasion. Plus, the SEC is accusing him of promoting initial virtual coin offerings without disclosing he was paid to do so.
A new malware variant dubbed Black-T developed by the hacker group TeamTnT targets exposed Docker daemon APIs to perform scanning and cryptojacking operations, according to researchers at Palo Alto Networks' Unit 42.
Mozi, a relatively new peer-to-peer botnet, is now dominating global IoT network traffic, according to a new report from IBM's X-Force unit. The malware is being used to launch DDoS attacks as well as mine for cryptocurrency.
Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.
The U.S. Justice Department has filed a civil forfeiture complaint in an effort to recover millions in cryptocurrency from 280 accounts that allegedly was stolen by North Korean hackers. Prosecutors believe much of the money was laundered through Chinese exchanges.
The operators behind the "Lemon Duck" cryptominer have developed new techniques to better target enterprise-grade Linux systems, according to Sophos. In the latest cases, potential victims are spammed with COVID-19-themed emails.
The Lazarus Group, which has ties to the North Korean government, recently targeted an employee of a cryptocurrency exchange with a fake job offer in order to plant malware and steal virtual currency, according to F-Secure.
A P2P botnet dubbed "FritzFrog" has breached about 500 SSH servers, infecting universities in the U.S. and Europe and a railway company in an effort to plant cryptomining malware, Guardicore Labs reports. The botnet has also tried to infect banks, medical centers, governmental offices and others.
The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.