Tag Archive for: crime

“Protect your home with the power of wireless CCTV cameras!”.#subscribe #youtube#shorts#cctv#bhfyp

/in



BEC overtakes ransomware as cyber crime of choice

/in


The number of incidents involving business email compromise (BEC) has doubled, replacing ransomware as the most common type of financially motivated cyber threat to organisations, according to new research. 

The growth in BEC was linked to a surge in successful phishing campaigns, accounting for 33% of incidents where the initial access vector (IAV) could be established, a near three-fold increase compared to 2021 (13%). 

With talk of advanced AI-driven threats dominating the cybersecurity industry, new research by the Secureworks Counter Threat Unit has revealed that most real-world security incidents have more humble beginnings highlighting a need for businesses to focus on cyber hygiene to bolster their network defences.

Between January and December 2022, Secureworks helped contain and remediate over 500 real-world security incidents. The data from these incidents was analysed by Secureworks CTU researchers to establish trends and emerging threats. 

An equally popular entry point for attackers both nation state and cybercriminal was to exploit vulnerabilities in internet-facing systems, representing a third of incidents where IAV could be established. Typically, threat actors did not need to use zero-day vulnerabilities, instead relying on publicly disclosed vulnerabilities such as ProxyLogon, ProxyShell and Log4Shell to target unpatched machines. 

The research found ransomware incidents fell by 57%, but remain a core threat. This reduction could be due as much to a change in tactics as it is to a reduction in the level of the threat following increased law enforcement activity around high-profile attacks, like Colonial Pipeline and Kaseya. Equally, gangs may be targeting smaller organisations, which are less likely to engage with incident responders.

“Business email compromise requires little to no technical skill but can be extremely lucrative,” says Mike McLellan, Director of Intelligence at Secureworks.

“Attackers can simultaneously phish multiple organisations looking for potential victims, without needing to employ advanced skills or operate complicated affiliate models,” he says.

“Let’s be clear, cybercriminals are opportunistic not targeted….

Source…

Two Cyber Crime Gang Members Charged With Federal Data Portal Hack

/in


Two men have been arrested for their roles in the 2022 hack of the Drug Enforcement Agency’s web portal, Gizmodo reports(Opens in a new window)

Nicholas Ceraolo, 25, and Sagar Steven Singh, 19, have been accused by federal prosecutors of using compromised law enforcement passwords and government email accounts in order to obtain information about victims which they would use to blackmail and extort them. Ceraolo, who is charged with wire fraud and computer crimes is facing up to 20 years in prison, while Singh, charged with computer crimes, is facing up to five years in jail.

The DEA portal which was hacked reportedly provided Ceraolo, Singh, and the cybercriminal group named ‘ViLE’ that they were part of, with access to 16 different law enforcement databases full of sensitive information. 

In one case, using information obtained from the hack, Singh told a victim that he had access to their social security number, home address, and driver’s license information and said he would “harm” their family if they refused to comply with his demands.

In a different highlighted case, Ceraolo used an official email account belonging to a Bangladeshi police officer in order to get a social media platform to provide personal information about one of its subscribers. Ceraolo had told the company the subscriber was guilty of “child extortion” and blackmail and had threatened Bangladeshi government officials. 

Recommended by Our Editors

Announcing the charges(Opens in a new window), United States Attorney for the Eastern District of New York Breon Peace said: “Singh and Ceraolo aptly belonged to a group called, as their crime was, ‘Vile.’ That conduct ends today. As alleged, the defendants shamed, intimidated and extorted others online.  This Office will not tolerate those who impersonate law enforcement officers and misuse the public safety infrastructure that exists to protect our citizens.”

Meanwhile, Ivan J. Arvelo from Homeland Security Investigations said, “As these charges make clear, the alleged unauthorized access of a US federal law enforcement system and impersonation of law enforcement officials are serious offenses, and the criminals who perpetrate…

Source…