Brian Krebs documents a sophisticated offline/online attack on banks. Thieves combine a fraudulent wire-transfer to an innocent jewelry store with a denial-of-service attack on the bank that ties up the IT and other staff. The jeweler has been told that the money is to buy expensive jewels and watches, which are given to a stooge recruited as a courier and reshipper.
The bureau says the attacks coincide with corporate account takeovers perpetrated by thieves who are using a modified version of the ZeuS Trojan called “Gameover.” The rash of thefts come after a series of heavy spam campaigns aimed at deploying the malware, which arrives disguised as an email from the National Automated Clearing House Association (NACHA), a not-for-profit group that develops operating rules for organizations that handle electronic payments. The ZeuS variant steals passwords and gives attackers direct access to the victim’s PC and network.
In several recent attacks, as soon as thieves wired money out of a victim organization’s account, the victim’s public-facing Internet address was targeted by a network attack, leaving employees at the organization unable to browse the Web.
A few of the attacks have included an odd twist that appears to indicate the perpetrators are using money mules in the United States for at least a portion of the heists. According to an FBI advisory, some of the unauthorized wire transfers from victim organizations have been transmitted directly to high-end jewelry stores, “wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).”
DDoS Attacks Spell ‘Gameover’ for Banks, Victims in Cyber Heists
The United States Internal Revenue Service says it purchased access to a marketing database that offers location data for millions of US cellphones, so the IRS can identify and track persons suspected of tax-related crimes.
Following the discovery and prompting of a security researcher at Awake Security, Google says it has removed 106 malicious Chrome extensions that had 32 million downloads, and which were gathering browsing history and sensitive credentials from users.
Video-calling app Zoom has been on the end of sharp criticism for security weaknesses. In response, they announced today a plan to offer end-to-end encryption for all users, with a trial to begin next month.
There was already enough concern about the healthy state of our drinking water before COVID-19. And while there’s no evidence that the coronavirus has ever been detected in the water supply, the general sense of fear surrounding any type of contamination is obviously at a fever pitch everywhere. Contaminants like lead, chromium, arsenic, copper, mercury, […]
Allergies are brutal, affecting about 30 percent of all American adults. While many only saddle sufferers with mild irritations like coughing, sneezing, a runny nose or watering eyes, some symptoms can be even more intrusive and significantly more painful. Sinus pressure is one of those unholy side effects, causing a pain that can stretch from […]
“I probably use my chef’s knives more than any other tool in the kitchen.” – Bobby Flay, celebrity chef Cooking at home has taken on a whole new life in the wake of COVID-19, and even with restaurants slowly reopening across the US, there’s heavy reason to suspect that more of us preparing more meals […]