Advertisement for Richlogs posted to an online forum (Source: Raidforums.com)

For Sale on Cybercrime Markets: Real 'Digital Fingerprints'

Mathew J. Schwartz • August 22, 2019

Cybercrime marketplaces Genesis and Richlogs are helping fraudsters to better impersonate legitimate users of banks, eBay, Amazon, Netflix and more by providing them with victims' legitimate "digital fingerprints" and replay tools designed to fool anti-fraud defenses.

ATM Fraud

Prosecutors Allege Capital One Suspect Stole From Many Others

Latest

Cybercrime

Down and Out in Hacktivist Land

Mathew J. Schwartz • August 23, 2019

Where have all the hacktivists gone? While the likes of Anonymous, AntiSec and LulzSec became household names in the early 2010s, in the past three years the number of website hacks, defacements and information leaks tied to bona fide hacktivists has plummeted.

Anti-Money Laundering (AML)

80 Indicted for Scams, Including Business Email Compromises

Scott Ferguson • August 23, 2019

Eighty suspects, most of them Nigerian nationals, have been indicted on charges of running global business email compromise and romance scams that led to millions of dollars in fraud and allegedly involved a complex money-laundering operation.

Cloud Access Security Brokers (CASB)

VMware Acquiring Carbon Black to Boost Security Portfolio

Apurva Venkat • August 23, 2019

VMware is acquiring cloud security firm Carbon Black in a $2.1 billion cash deal to bolster the virtualization giant's security portfolio. It's also acquiring Pivotal, a company that focuses on helping its customers build applications in the cloud as well as through new technologies such as containers.

3rd Party Risk Management

Analysis: The Texas Ransomware Mess

Nick Holland • August 23, 2019

The latest edition of the ISMG Security Report analyzes the ransomware attack on Texas municipalities as part of a broader trend. Also featured: An initiative designed to safeguard the 2020 presidential elections and a CIO's third-party risk management efforts.

3rd Party Risk Management

Cloud Security: Mess It Up and It's on You

Jeremy Kirk • August 22, 2019

The transition to cloud-based software and infrastructure has revolutionized development and services. It's also created a bevy of new security challenges. Jay Heiser of Gartner says if organizations don't get cloud security right, it's their own fault. Here's why.

Governance

Is Apple's Top $1 Million Bug Bounty Too Much?

Jeremy Kirk • August 21, 2019

Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.

Cyberwarfare / Nation-State Attacks

Facebook and Twitter Scuttle Hong Kong Disinformation

Mathew J. Schwartz • August 20, 2019

Facebook and Twitter have suspended a number of accounts and pages that they have tied to information operations being run by the Chinese government. Disinformation has targeted pro-democracy demonstrators in Hong Kong - likening them to cockroaches - while dismissing anti-Beijing sentiment as "fake news."

Cybercrime

Threat Intel for a Global Economy

Tom Field • August 20, 2019

The World Economic Forum recently identified "cyberattacks and data integrity concerns crippling large parts of the internet" as one of the top 10 global risks. Jaime Chanaga of NTT talks about the significance of that announcement and the concerns global security leaders face headed into 2020.

Breach Notification

Texas Pummeled by Coordinated Ransomware Attack

Mathew J. Schwartz • August 19, 2019

State officials in Texas say that at least 23 local government entities have fallen victim to a coordinated ransomware attack unleashed on Friday morning. Security experts say attackers continue to pummel local governments, and illicit profits have been rising.

Fraud Management & Cybercrime

Analysis: The Growth of Mobile Fraud

Nick Holland • August 19, 2019

Why is fraud that originates on mobile devices growing at such a rapid rate? Brooke Snelling and Melissa Gaddis of iovation offer an analysis in this joint interview.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan • August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Account Takeover

The Renaissance of Deception Technology

Nick Holland • August 16, 2019

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.