Brian Krebs documents a sophisticated offline/online attack on banks. Thieves combine a fraudulent wire-transfer to an innocent jewelry store with a denial-of-service attack on the bank that ties up the IT and other staff. The jeweler has been told that the money is to buy expensive jewels and watches, which are given to a stooge recruited as a courier and reshipper.
The bureau says the attacks coincide with corporate account takeovers perpetrated by thieves who are using a modified version of the ZeuS Trojan called “Gameover.” The rash of thefts come after a series of heavy spam campaigns aimed at deploying the malware, which arrives disguised as an email from the National Automated Clearing House Association (NACHA), a not-for-profit group that develops operating rules for organizations that handle electronic payments. The ZeuS variant steals passwords and gives attackers direct access to the victim’s PC and network.
In several recent attacks, as soon as thieves wired money out of a victim organization’s account, the victim’s public-facing Internet address was targeted by a network attack, leaving employees at the organization unable to browse the Web.
A few of the attacks have included an odd twist that appears to indicate the perpetrators are using money mules in the United States for at least a portion of the heists. According to an FBI advisory, some of the unauthorized wire transfers from victim organizations have been transmitted directly to high-end jewelry stores, “wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).”
DDoS Attacks Spell ‘Gameover’ for Banks, Victims in Cyber Heists
Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab’s honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue — the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group — […]
The CBC asked me to write an editorial for their package about Canadian identity and politics, timed with the 150th anniversary of the founding of the settler state on indigenous lands. They’ve assigned several writers to expand on themes in the Canadian national anthem, and my line was “We stand on guard for thee.”
In a paper for IEEE Security, researchers from Cyberpion and Israel’s College of Management Academic Studies describe a “Password Reset Man-in-the-Middle Attack” that leverages a bunch of clever insights into how password resets work to steal your email account (and other kinds of accounts), even when it’s protected by two-factor authentication.
Despite the upfront cost, electric toothbrushes are much better at removing plaque than those freebies from the dentist’s office. For those who struggle to fill the American Dental Association’s recommended two minutes of brushing time, or anyone with limited dexterity, a sonic toothbrush can give your oral care routine a boost.To keep your chops healthy […]
Learning a new language will give your resume an upgrade, sure, but it will also provide a huge cognitive boost for mental tasks outside of translation and conversation. Bilingual brains have been shown to be better at handling multiple concurrent tasks, and gaining fluency in a new tongue is an amazing way to improve memory, […]
If you struggle to get a good night’s rest, consider replacing your pillows before dropping hundreds on a new mattress. You can give your tired neck a break with a 2-pack of memory foam pillows, available now in the Boing Boing Store.Each of these pillows is stuffed with cooling polyurethane foam that molds to your […]