Tag: crime | SpinSafe

FBI: Ransomware and other internet crime complaints up in 2023

March 12, 2024/in Internet Security

The FBI Internet Crime Complaint Center (IC3) recently reported a record 880,418 internet crime complaints in 2023, including an 18% increase in ransomware complaints to 2,825.

“The FBI’s annual internet crime report contains valuable insights and preventive tips regarding the types of cyber-crimes which target organizations and individuals alike,” said John Riggi, AHA national advisor for cybersecurity and risk. “Unfortunately, the report also statistically confirms what we are currently experiencing — the health care sector remains the critical infrastructure sector most targeted by ransomware. According to the report, the top five ransomware groups targeting the U.S. are all Russian speaking and include the notorious Lockbit and Blackcat/APLHV ransomware gangs. On a positive note, the report describes the FBI’s 72% success rate for recovery of funds in internet-enabled payment diversion schemes when reported within 48 hour to the victim’s financial institution and the FBI at www.ic3.gov.”

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Source…

Group-IB reveals Hi-Tech Crime Trends 23/24: surge in ransomware, leaks, and info stealers targeting Middle East and Africa

February 28, 2024/in Internet Security

(MENAFN– Active DMC) Dubai, February 28, 2024 — Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has presented a comprehensive overview of the cyber threat landscape in the Middle East and Africa (MEA) for the years 2023/2024 with the release of its annual Hi-Tech Crime Trends report. The report provides a thorough analysis of how cybersecurity challenges in the MEA region have evolved. In 2023, Group-IB’s researchers identified a 68% surge in the number of ransomware attacks, with financial services and real estate companies emerging as the most common victims. The Gulf Cooperation Council (GCC) countries, South Africa, and Turkey were the most frequently targeted locales by Ransomware-as-a-Service (RaaS) affiliates. Information stealers pose a significant concern, impacting 297,106 infected devices in the MEA region whose logs were made available on Underground Clouds of Logs (UCL), and an additional 903,002 hosts, logs from which were put up for sale on underground markets. Additionally, 152 new data leaks were detected in the MEA region in 2023.

Nation-state sponsored hackers target MEA

Group-IB researchers discovered that the Middle East and Africa was a significant target for advanced persistent threats (APTs), also known as nation-state sponsored groups, last year. Overall, Group-IB attributed 523 attacks to nation-state actors across the globe in 2023. Attacks on MEA organizations accounted for 15% of the global total, numbering 77, with Group-IB experts asserting that this may be due to ongoing geopolitical conflicts in the region, along with MEA’s importance to the global energy market.

The top targeted locales in the MEA region in 2023 were Israel (14 attacks), Turkey (12) and the GCC region (8). Government and military organizations suffered the most APT attacks in the MEA region, totalling 20. Transportation (8 attacks) and telecommunications (7) were the second and third most targeted sectors, respectively.

Attacks coordinated by groups such as APT42, Oilrig and Hexane (all from MEA) reflect the desire of certain countries in the region to strengthen their…

Source…

Can true crime stories about the internet keep individuals safe from cybercrime?

November 15, 2023/in Internet Security

If you were to visit the office of Joe Carrigan, a senior security engineer at Johns Hopkins University’s Information Security Institute (ISI), you’d notice a television screen displaying a looping slideshow. Among the featured content in the loop is a 2022 article from The New York Times, which recognizes his podcast for delving into discussions about the “dark side of the internet.”

That podcast is Hacking Humans, cohosted by Dave Bittner, who is also a producer for the pod by way of CyberWire, a B2B cybersecurity audio network. Hacking Humans focuses on the human side of cybersecurity problems.

“The idea of the Hacking Humans podcast is that it’s not a very technical podcast,” Carrigan said. We don’t talk about vulnerabilities, you know — we mention them tangentially, we mention them as necessary.”

According to Carrigan, a University of Maryland Global Campus computer science program alum, many people believe hackers are only interested in high-profile targets like nation-state actors or penetration testers. But anyone can become a target if they don’t protect themselves.

The Columbia, Maryland resident cited a country-by-county pay gap as a possible influence for those who might be employed by “scam centers” in countries like India and Nigeria — both known contributors to cyber crime, he said.

“If you look at the two countries, the average American makes around 73 times what the people in Nigeria and India make per year,” Carrigan told Technical.ly. “… If these guys [scammers] can scam somebody out of 25 bucks every day, seven days or six or seven days a week, in a year, they make three to four times what the average income is in their country, and they’re doing well.”

The podcast aims to bridge the gap between more technical cybersecurity discussions and the general public.

On a recent episode of the podcast (Season 6, Episode 262), for instance, Bittner — who is also an alumnus of the University of Maryland system — sounds surprised as Carrigan presents findings from a survey about people’s understanding of cybersecurity, including the jargon commonly used in the field. The survey was conducted by ISI and commissioned by…

Source…

Claiming a ‘computer crime’ shouldn’t give police a free pass to raid newspapers

August 31, 2023/in Computer Security

This month, police officers in Marion, Kan., crashed into the newsroom of the Marion County Record, a weekly newspaper, and the home of its publisher to seize computers, cellphones and documents. After several days of public outcry, the county attorney ordered the material returned.

Newsroom searches are rare today because a 1980 federal law makes them almost always illegal. But the outcry goes back to colonial days, when British-loyalist redcoats raided revolutionary American pamphleteers. Such searches were seen as the ultimate attack on the free press. In the infamous 1971 search of the Stanford Daily, for example, Palo Alto police were seeking photographs to tie Vietnam War protesters to a violent clash on campus. After the Supreme Court refused to offer protection from such raids, Congress passed the 1980 statute, making newsroom searches far less of a threat.

Instead, the Marion case highlights a separate, systemic threat to press freedom: vague and sweeping computer crime laws, which exist in all 50 states. These laws can be readily used to intimidate reporters and suppress reporting without raiding their offices.

The Marion raid appears to be the first time public officials have searched a newspaper under the claim of enforcing a computer crime law. The search warrant in that case listed violations of statutes covering identity theft and “unlawful acts concerning computers.”

The state computer crime statute applies when someone breaks into a computer network with malware or uses another person’s information to steal money from their bank account. But these laws are so vague that they can be deployed to penalize reporters for using computers to find information online as part of routine journalism.

In Missouri, for instance, a reporter for the St. Louis Post-Dispatch discovered a serious flaw in a state website that put the security of thousands of Social Security numbers at risk. He alerted the state agency so it could fix the issue before he published…

Source…

Tag Archive for: crime