ACFE's Report to the Nations: The Rise of Crypto Fraud

Suparna Goswami • May 17, 2022

The Association of Certified Fraud Examiners, or ACFE, has released its study titled "Report to the Nations." Mason Wilder, research manager at the ACFE, shares some important findings from the report and discusses how occupational fraud is reported and which organizations are affected by it.

Access Management

SIM Swap Fraud: Challenges and Mitigation Techniques

Latest

Access Management

Five Eyes Alliance Advises on Top 10 Initial Attack Vectors

Mihir Bagwe • May 18, 2022

Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.

Blockchain & Cryptocurrency

Cryptocurrency-Stealing 'Cryware' Malware Attacks Surge

Mathew J. Schwartz • May 18, 2022

Criminals are doubling down on their use of information-stealing malware, such as Cryptobot, RedLine Stealer and QuilClipper, to steal private keys and siphon off cryptocurrency being stored in internet-connected hot wallets or to raid cryptocurrency holders' online exchange accounts.

Cybercrime

Feds Say 'Multi-Tasking Doctor' Built Thanos Ransomware

Mathew J. Schwartz • May 17, 2022

U.S. authorities have charged a cardiologist based in Venezuela with developing and selling multiple strains of ransomware, including Jigsaw and Thanos, as well as recruiting affiliates to use the crypto-locking malware against victims in return for a cut of any ransoms paid.

Access Management

Proof of Concept: Apple/Microsoft/Google Back Passwordless

Anna Delaney • May 16, 2022

In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.

Blockchain & Cryptocurrency

Cause for Concern? Ransomware Strains Trace to North Korea

Mathew J. Schwartz • May 16, 2022

If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime? That question is posed by new research that finds state-sponsored North Korean hackers haven't stopped their ransomware experiments.

Account Takeover Fraud

Abnormal Security Raises $210M to Push Beyond Email Defense

Michael Novinson • May 10, 2022

Abnormal Security has closed a $210 million funding round on a $4 billion valuation to apply its account takeover prevention technology to areas other than email. The company wants to use its AI to protect accounts across systems and SaaS platforms and in environments such as Workday and Salesforce.

Business Continuity Management / Disaster Recovery

Beg, Borrow, Steal: Conti Leaks Reveal Ransomware Crossover

Mathew J. Schwartz • May 9, 2022

The massive leak of internal communications from the Conti ransomware group has highlighted the extent to which cybercrime syndicates regularly beg, borrow, steal or sometimes even partner or collaborate, all in pursuit of increasing their illicit profits.

Business Continuity Management / Disaster Recovery

Feds Post $10 Million Reward for Conti Ransomware Actors

Prajeet Nair • May 7, 2022

The U.S. Department of State is offering rewards of up to $10 million for information that leads to the identification or location of any individual who holds a key leadership position in the Conti ransomware variant transnational organized crime group.

Access Management

Apple, Google, Microsoft Unite to Make Passwordless Easier

Michael Novinson • May 7, 2022

Apple, Google and Microsoft are joining forces to back a standard that will allow websites and apps to offers passwordless sign-ins across devices and platforms. The three OS and browsing giants have put their weight behind a common passwordless sign-in standard created by the FIDO Alliance.

Blockchain & Cryptocurrency

First US Sanction of a Virtual Currency Mixer: Blender.io

Rashmi Ramesh • May 7, 2022

Virtual currency mixer Blender.io has been sanctioned by the U.S. for enabling North Korea to conduct "malicious cyber activities and money laundering of stolen virtual currency," the U.S. Treasury Department’s Office of Foreign Assets Control says in its first sanctioning of a currency mixer.

Access Management

ISMG Editors: Zero Trust Special

Anna Delaney • May 6, 2022

John Kindervag, creator of Zero Trust, and two ISMG editors discuss whether we have advanced or regressed in security technology, implementing Zero Trust security in OT environments, and how federal agencies are progressing with Zero Trust adoption a year after the cybersecurity executive order.

Fraud Management & Cybercrime

Ransomware: Is the Tide Finally Turning Against Criminals?

Anna Delaney • May 5, 2022

This ISMG Security Report analyzes the decline in the number of organizations hit by ransomware who choose to pay a ransom to the attackers. It also examines how to better protect digital identities in the healthcare sector and how security decision-makers can use metrics to achieve better outcomes.