cybercriminals – Digital IT News

Trend Micro Report Shows Cybercrime Groups Resemble Legitimate Businesses

Leigh Porter — Mon, 03 Apr 2023 18:07:09 +0000

Trend Micro, today published new research detailing how criminal cybercrime groups start behaving like corporations as they grow bigger, but that this comes with its own attendant costs and challenges and how they come to resemble legitimate businesses.

Jon Clay, VP of threat intelligence at Trend Micro: “The criminal underground is rapidly professionalizing – with groups beginning to mimic legitimate businesses that grow in complexity as their membership and revenue increases. However, larger cybercrime organizations can be harder to manage and have more ‘office politics,’ poor performers, and trust issues. This report highlights to investigators the importance of understanding the size of the criminal entities they’re dealing with.”

A typical large organization allocates 80% of its operating expenses to wages, with the figure similarly high (78%) for small criminal organizations and cybercrime groups, according to the report. Other common expenses include infrastructure (servers/routers/VPNs), virtual machines, and software.

The study outlined three types of organizations based on size, using examples where Trend Micro collected the most data from law enforcement and insider information.

Small criminal businesses (e.g., Counter Anti-Virus service Scan4You):

Typically, one management layer, 1-5 staff members, and under $500K in annual turnover.
Their members often handle multiple tasks within the group and also have a day job on top of this work.
Comprise the majority of criminal businesses, often partnering with other criminal entities.

Medium-sized criminal businesses (e.g., bulletproof hoster MaxDedi):

Typically have two management layers, 6-49 employees, and up to $50m in annual turnover.
They usually have a pyramid-style hierarchical structure with a single person in charge.

Large criminal business (e.g., ransomware group Conti):

Typically have three management layers, 50+ staff, and $50m+ in annual turnover.
Feature relatively large numbers of lower management and supervisors.
Implement effective OPSEC and partner with other criminal organizations.
Those in charge are seasoned cyber-criminals and hire multiple developers, administrators, and penetration testers – including short-term contractors.
They may have corporate-like departments (e.g., IT, HR) and even run employee programs, such as performance reviews.

According to the report, knowing the size and complexity of a criminal organization and cybercrime groups can provide critical clues to investigators, such as what types of data to hunt for.

For example, larger criminal entities may store employee lists, financial statements, company guides/tutorials, M&A documents, employee crypto wallet details, and even shared calendars to probe.

Understanding the size of targeted criminal organizations can also allow law enforcers to prioritize better which groups should be pursued for maximum impact.

To read a full copy of the report, Inside the Halls of a Cybercrime Business, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-halls-of-a-cybercrime-business

Netwrix Launches a New SaaS-based Solution for MSPs and Upgrades Product Portfolio

The post Trend Micro Report Shows Cybercrime Groups Resemble Legitimate Businesses appeared first on Digital IT News.

Barracuda Ransomware Protection Attack Patterns Revealed

Taylor Graham — Wed, 18 Aug 2021 02:26:21 +0000

Barracuda released its third-annual threat research report on Ransomware. The new report looks at Ransomware attack patterns that occurred between August 2020 and July 2021.

A closer look at ransomware trends
Barracuda researchers identified and analyzed 121 ransomware incidents that occurred between August 2020 and July 2021, and saw a 64% increase in attacks, year over year. Cybercriminals are still heavily targeting municipalities, health care, and education, but attacks on other businesses are surging.

Barracuda Ransomware 3rd annual research report highlights:

Attacks on corporations, such as infrastructure, travel, financial services, and other businesses, made up 57% of all ransomware attacks between August 2020 and July 2021, up from just 18% in our 2020 study.
Infrastructure-related businesses account for 10% of all the attacks we studied. In fact, ransomware attacks are quickly evolving to target software supply chains, which reach more businesses in a single attempt.
The ransom amount is increasing dramatically and now the average ransom ask per incident is over 10 million dollars. 18% of the incidents had a ransom ask less than $10 million, and 30% of the incidents had a ransom ask greater than $30 million.
Ransomware attacks are becoming pervasive across the globe. Just under half (44%) of the attacks in the past 12 months hit U.S organizations.

“As cybercriminals are working towards bigger paydays in the future, the security industry needs to continue to create solutions that are easily consumable for companies of all sizes,” said Fleming Shi, CTO at Barracuda. “Attackers often start with small organizations that are connected to the larger targets and then work their way up. All of us in the security industry have an obligation to turn sophisticated technology into products and services that can be easily consumed by customers.”

Resources: 

Read the full Threat Spotlight blog post: http://cuda.co/49656

Image licensed by pexels.com

84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months

The post Barracuda Ransomware Protection Attack Patterns Revealed appeared first on Digital IT News.

PC Matic Survey: 20% of Employers Never Require Employees to Change Passwords

Leigh Porter — Tue, 08 Jun 2021 20:52:45 +0000

PC Matic, announced the release of its third annual report analyzing users and their password habits and hygiene. The report found that nearly 30% of Americans aren’t sure when they last changed their passwords, or never have at all. The survey also revealed lax corporate passwords, finding that nearly a fifth of employers nationwide never require their employees to change their passwords.

The sixteen-page report presents the results of a nationally distributed survey by which 2,500 Americans were asked about their password behaviors and tendencies. The findings, fielded in May 2021, found that nearly 30% of Americans aren’t sure when they last changed their passwords, or never have at all. The survey also revealed lax corporate password policies, finding that nearly a fifth of employers nationwide never require their employees to change their passwords.

More key findings from the report are as follows:

Nearly 60% of those surveys responded that they have never changed their home Wi-Fi password, or that it hasn’t been changed since setup. In 2020, 50% of those surveys responded in this same manner.
40% of respondents indicated that they are using the password lockout feature on both their work and home computers. This number is up from 25% responding that they used this feature in 2020’s survey results.
Just shy of 45% of employers don’t require their employees to utilize a Virtual Private Network (VPN). 2020’s survey results showed just a slightly higher number of respondent’s employers requiring a VPN, with 46% affirming they were required to use the security tool.
More than 50% of respondents admit to checking personal e-mail accounts at work. This number remains virtually unchanged from 2020’s survey results, and still presents an imminent threat to corporate networks.

“As employees’ transition from work-from-home to in-office work environments again, it is the perfect time implement password policies and procedures that can keep employees and corporate networks safe,” said Rob Cheng, CEO and Founder of PC Matic. “The 2021 Password Habits and Hygiene Report aimed to understand the policies and procedures being implemented and abided by users across the nation and provides further insight into how corporate IT professionals can protect networks from cybercriminals.”

More findings and the complete report may be found here.

Image licensed by: Pixabay.com

New Mandiant Services Help Organizations Balance Effective Cyber Security and Business Risk

The post PC Matic Survey: 20% of Employers Never Require Employees to Change Passwords appeared first on Digital IT News.

Barracuda Email Threat Scanner Detects Millions of Attacks Missed by Organizations’ Existing Protection

Leigh Porter — Fri, 12 Feb 2021 18:45:09 +0000

Barracuda, announced a redesigned version of the Barracuda Email Threat Scanner, a free tool that helps businesses detect email threats that got past their email gateway. These threats include highly targeted attacks such as spear phishing, business email compromise, conversation hijacking and services impersonation, among many others.

Highlights:

In 2020, 4,550 organizations used Barracuda Email Threat Scanner to scan 2,600,531 unique mailboxes and found 2,029,413 unique attacks.
On average, 512 attacks were found per organization.
14% of all mailboxes had at least one email attack detected.
59% of the threats detected were phishing scams.

Each scan provides a report on attacks found inside the environment, as well as at-risk domains and employees. This helps organizations identify gaps in existing email protection and assess email security vulnerabilities.

The refreshed Barracuda Email Threat Scanner brings a complete user interface update to the scanner’s dashboard. This includes:

A scan preview page, which allows users to monitor their scan’s progress while the scan is running.
Access to early results as Email Threat Scanner scans mailboxes and finds attacks.
Improved dashboard reporting of detected threats, making it easier to hone in on specific insights and interpret the findings.
A 14-day free trial of Barracuda Sentinel can now be launched directly from the scanner, giving customers a chance to experience the benefits of ongoing protection.

In 2020, 4,550 organizations used Barracuda Email Threat Scanner to scan 2,600,531 unique mailboxes and found 2,029,413 unique attacks. On average, 512 attacks were found per organization, and one out of 7 mailboxes (14%) had at least one attack currently sitting inside, even if messages were scanned by an email gateway solution.

The attacks detected fall into four email threat types: phishing, scamming, extortion, and business email compromise (BEC). Of the 2,029,413 unique attacks detected, phishing was the number one threat missed by the organizations’ email security solutions (59%). Scamming was the second most common (39%). Extortion (9%) and BEC (8%) were less prevalent, but cybercriminals tend to send these types of attacks in smaller volumes because they are highly personalized.

“Spear phishing threats are more dangerous than ever due to the sophistication of attackers, and while organizations have invested in protection against email threats, many of these attacks slip through gateways, landing in users’ inboxes,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda, Barracuda. “As these numbers show, traditional email gateways are not enough. Customers should also use API-based inbox defenses to maximize their protection.”

Barracuda Sentinel integrates directly into Office 365 to find threats inside your mail system that security gateways can’t see. Visit https://www.barracuda.com/products/sentinel to get more information.

What service providers are saying:

“It’s critical to help our customers assess and understand email security vulnerabilities. The Barracuda Email Threat Scanner helps us quickly and effectively find social engineering attacks that might be going undetected in mailboxes and help close the gaps in those areas for our customers. The Email Threat Scanner makes the ‘invisible’ security threats visible, so that our customers see what they are up against and act to put a Barracuda solution in place quickly.” — Chris Riley, Director, System Source

“Many email threats slip past the email gateway. Threats like spear phishing and business email compromise put companies at significant risk. Barracuda Email Threat Scanner detects these threats and helps us uncover additional ways we can help customers protect their people and data.” — Kristian Connor, Director, Xitenys

“Using Barracuda Email Threat Scanner we’ve helped our customers uncover serious threats hiding in their Office 365 environment in a fast, free, and safe way. Not only does this make our customers more secure, but it helps us show the value of the solutions we offer them.” — Troy Radloff, General Manager, Alliance Business Tech

Image licensed by: unsplash.com

PC Matic Launches New User Interface

The post Barracuda Email Threat Scanner Detects Millions of Attacks Missed by Organizations’ Existing Protection appeared first on Digital IT News.

Barracuda Research Reveals Evolving Tactics Attackers Use to Trick Victims

Leigh Porter — Thu, 17 Dec 2020 18:54:50 +0000

Highlights:

Business email compromise (BEC) attacks are increasing as cybercriminals see how lucrative this type of attack can be.
Attackers’ exploitation of fears around the COVID-19 pandemic show how quickly they can adapt to current events.
Hackers use multiple tactics to disguise malicious links and avoid detection by URL protection solutions.

Barracuda, released a new report with key findings about the ways cybercriminals are adapting quickly to current events and new tactics. The latest report, titled Spear Phishing: Top Threats and Trends Vol. 5 – Best practices to defend against evolving attacks, reveals new details about these highly targeted threats, including the latest tactics used by cybercriminals and the steps you can take to defend your business.

The report takes an in-depth look at how attackers are quickly adapting to current events and using new tricks to successfully execute attacks — spear phishing, business email compromise, pandemic-related scams, and other types. It also tackles why organizations need to invest in protection against lateral phishing and other internally-launched attacks from compromised accounts, including solutions that use artificial intelligence and machine learning.

Attack trends and beyond
Barracuda’s research reveals key takeaways about how these targeted attacks are evolving and the approaches cybercriminals are using to maximize their impact.

Business email compromise (BEC) makes up 12% of the spear-phishing attacks analyzed, an increase from just 7% in 2019.
72% of COVID-19-related attacks are scamming. In comparison, 36% of overall attacks are scamming. Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations.
13% of all spear-phishing attacks come from internally compromised accounts, so organizations need to invest in protecting their internal email traffic as much as they do in protecting from external senders.
71% of spear-phishing attacks include malicious URLs, but only 30% of BEC attacks included a link. Hackers using BEC want to establish trust with their victim and expect a reply to their email, and the lack of a URL makes it harder to detect the attack.

“Cybercriminals adapt very quickly when they find a new tactic or current event that they can exploit, as their response to the COVID-19 pandemic proved only too well,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Staying aware of the way spear-phishing tactics are evolving will help organizations take the proper precautions to defend against these highly targeted attacks and avoid falling victim to scammers’ latest tricks.”

See the full report: https://www.barracuda.com/spear-phishing-report-5

Image Licensed by Pixabay.com

AAAC: 2020 State of AI in Advancement Report

The post Barracuda Research Reveals Evolving Tactics Attackers Use to Trick Victims appeared first on Digital IT News.

SpyCloud Research: Sales of Stolen Consumer Data on Criminal Shops Spike Ahead of Black Friday

Leigh Porter — Wed, 02 Dec 2020 21:20:46 +0000

Black Friday has long been a big day for retailers to kickstart the traditional holiday shopping season with great deals, but they weren’t the only ones promoting bargains over the last few days. Cybercriminals have gotten in on the action, too.

In the days leading up to Black Friday and Cyber Monday, criminal transactions for exposed consumer data on the dark web spiked, according to new research from SpyCloud, known for its unique anti-fraud platform powering account takeover prevention and fraud investigations solutions.

“Retailers aren’t the only ones offering deals this time of year, and consumers aren’t the only ones out shopping,” said Olivia Fryt, senior security researcher at SpyCloud. “This research shows that criminals, both buyers and sellers, are increasingly active during the holidays. They are busy and making money. People need to remain especially vigilant to avoid becoming victims.”

SpyCloud examined popular cracking forums and identified over 800 individual storefronts across three online selling platforms. Researchers then scraped inventory and transaction data from those shops to compile the results.

The number of transactions, amount of inventory, value of stolen information and amount of sales increased exponentially from normal periods. The number of transactions for hacked online accounts averaged 10,079 per day during November but skyrocketed to 143,110 on Nov. 24. For the first 28 days of November, criminals spent just over $1 million on these transactions for an average of $37,535 per day. More than half of that spending happened on Nov. 25 when criminals spent $506,969.

The SpyCloud team found that compromised account logins for dating apps were the most trafficked, followed by retail, food and gaming accounts. Tooling for the purpose of orchestrating credential stuffing attacks was also widely available.

Criminals typically leverage stolen dating accounts to set up spambots or use social engineering tactics to scam unwitting victims. Retail and food sales typically include users’ ecommerce account credentials as well as gift cards and gift codes being sold at steep discounts. Researchers also found thousands of account credentials for well-known gaming and streaming services. In some cases, people purchasing the accounts may not even be aware they are buying stolen account data. They might simply be looking for a bargain.

“These criminals use a lot of the same marketing techniques that legitimate retailers use,” said Fryt. “They promote their products and offer discounts to their buyers. Many of them even offer warranties and give refunds or replacements when something goes wrong.”

This is the second year SpyCloud tracked dark web transactions leading up to Black Friday and Cyber Monday. This year, the activity spiked on Nov. 18, a few days earlier than in 2019, presumably due to an extended shopping season resulting from the Covid-19 pandemic.

Image licensed in Pixabay.com

Top 8 data analytics trends to watch in 2021

The post SpyCloud Research: Sales of Stolen Consumer Data on Criminal Shops Spike Ahead of Black Friday appeared first on Digital IT News.