Latest

Account Takeover

Digital IDs: A Progress Report

Nick Holland  •  July 3, 2020

The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.

Cybercrime

European Police Hack Encrypted Communication System

Doug Olenick  •  July 2, 2020

European police gained access to messages sent via the encrypted cellular service EncroChat, leading to the arrest of hundreds of alleged organized crime members across the Netherlands, France, Norway, Sweden and the U.K., the EU's law enforcement intelligence agency Europol reports.

►

Fraud Management & Cybercrime

Ex-Fraudster Brett Johnson: 'There Are Going to Be a Lot of Victims'

Tom Field  •  July 2, 2020

Tens of millions of Americans have lost jobs because of COVID-19. As a result, former 'most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims."

Cybercrime

Studying an 'Invisible God' Hacker: Could You Stop 'Fxmsp'?

Mathew J. Schwartz  •  July 2, 2020

Could your organization withstand an attack by the master hacking operation known as "Fxmsp"? Hollywood loves to portray hackers as having ninja-like skills. But Fxmsp often favored the simplest tools for the job, because they so often worked. Defenders: Take note.

►

Identity & Access Management

Building Trust in Digital Identities

Anna Delaney  •  July 1, 2020

Implementing trusted digital IDs will create benefits for end users as well as service providers, says Nick Mothershaw, chair and executive director at the Open Identity Exchange. But widespread international adoption of such IDs will take time to achieve, he acknowledges.

Cyberwarfare / Nation-State Attacks

FCC: Huawei, ZTE Are 'National Security Threats'

Ishita Chigilli Palli  •  July 1, 2020

The U.S. Federal Communications Commission has officially designated China's Huawei Technologies and ZTE Corp. as "national security threats," barring American telecommunications firms from using certain federal funds to buy their equipment, such as for building 5G networks.

COVID-19

Guarding Against COVID-19 Fraud Schemes

Marianne Kolbasuk McGee  •  July 1, 2020

With the COVID-19 pandemic continuing to surge, organizations must remain vigilant in their defense against coronavirus-themed phishing, business email compromise and other fraud campaigns, says attorney Robert Egan, who offers risk mitigation insights.

Fraud Management & Cybercrime

Bills Call for State, White House Cybersecurity Coordinators

Ishita Chigilli Palli  •  June 30, 2020

A bipartisan group of U.S. senators is calling for federal funding for cybersecurity coordinators in every state. Meanwhile, a measure introduced in the House would restore the position of cybersecurity director in the White House.

COVID-19

Brute-Force Attacks Targeting RDP on the Rise

Akshaya Asokan  •  June 30, 2020

Since the start of the COVID-19 pandemic, the number of brute-force attacks targeting RDP connections has steadily increased, spiking to 100,000 incidents per day in April and May, according to the security firm ESET. These attacks pave the way for launching ransomware attacks and planting cryptominers.

Cybercrime

Russian Cybercriminal Behind 'Cardplanet' Site Sentenced

Akshaya Asokan  •  June 27, 2020

Aleksey Burkov, who operated a site called "Cardplanet" that trafficked in stolen payment card data used to make millions of dollars in fraudulent purchases, has been sentenced to nine years in federal prison. His case also involved high-level negotiations between the U.S., Russia and Israel.

Governance & Risk Management

Attackers Target Vulnerable Exchange Servers

Ishita Chigilli Palli  •  June 26, 2020

Microsoft is warning its customers that attackers are increasingly targeting unpatched Exchange servers, with a significant uptick in activity since April.

Blockchain & Cryptocurrency

Hackers Used Malicious Docker Images to Mine Monero

Akshaya Asokan  •  June 26, 2020

A recently uncovered cryptomining scheme used malicious Docker images to hide cryptocurrency mining code, according to an analysis from Palo Alto Networks' Unit 42.