Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal organizations waging the campaigns, according to a study by the security firm Agari.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
A recently uncovered business email compromise scam that's targeting executives' Microsoft Office 365 accounts has hit over 150 organizations worldwide so far and netted the scammers about $15 million, according to incident response firm Mitiga.
Two recent hacking incidents that each affected more than 100,000 individuals illustrate the variety of cyberthreats healthcare organizations face during these chaotic times. Security experts offer risk mitigation insights.
A data breach affecting the South African branch of credit reporting company Experian exposed information on 24 million consumers and almost 800,000 businesses, according to the South African Banking Risk Information Center. But Experian says no consumer credit or financial information was exposed.
To help mitigate the risks posed by business email compromise scams that target privileged users, enterprises need to create a detailed enterprise risk management plan that spells out procedures to secure accounts, says Espen Otterstad, CISO at Norwegian telematics company ABAX AS.
The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.
A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro.
The day after President Trump issued executive orders to ban Chinese-owned social media apps TikTok and WeChat, Sanjay Virmani of the FBI's San Francisco office shared insights on the Chinese cyberthreat, election security and crime trends in the wake of COVID-19.
A Premier League football club that was one of many UK sports organizations targeted by cybercriminals over the last 12 months was nearly bilked out of $1.2 million in a business email compromise scam, according to a new report that describes a variety of cyber schemes.
Business email compromise scams are becoming far more sophisticated and often now involve the use of supply chain management invoices, says Kai Roer of CLTRe, a KnowBe4 company. He'll be a featured speaker at the RSA APJ virtual conference to be held July 15-17.
As the risks to IT and OT converge, organizations must ramp up their threat intelligence information sharing mechanisms and build a more comprehensive cybersecurity policy, says Singapore-based John Lee, managing director of GRF Asia, a federation for building global resilience.
The U.S. Secret Service is combining its electronic and financial crime units into a single task force that will focus on investigating cyber-related financial crimes, such as BEC schemes and ransomware attacks. The move comes as lawmakers push for the Secret Service to take a more active role in fighting cybercrime.
Addressing digital payment security challenges requires having good identity verification capabilities as well as a strong authentication process that's friction-free for consumers, says Singapore-based Gautam Aggarwal, senior vice president and regional chief technology officer, Asia Pacific, at Mastercard.