Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- New report from PhishLabs details new “Business Email Compromise” phishing scams (PhishLabs)
Business Email Compromise, or BEC, refers to email-based attacks in which the fraudster poses as a top executive to trick those in charge of a targeted company’s finances into sending large payments to a bank account controlled by the fraudster.
- New Phish Kit Backdoor Techniques: "The Dufresne" and "The Vezzini" (PhishLabs)
The market for pre-made phishing kits is thriving. Think of a financial institution, email provider, or e-commerce site and someone somewhere has undoubtedly created a pre-packaged collection of the files necessary to create a fictitious site designed to obtain personal and financial information from unsuspecting victims. These kits are often sold in Dark Web marketplaces or underground hacking forums, but they are also commonly distributed for free on various social media sites.
- vBulletin password hack fuels fears of serious Internet-wide 0-day attacks (ARS Technica)
vBulletin officials have put in place a mandatory password reset for all users after discovering it was subjected to a hack attack. They went on to warn that the attacker "may have accessed customer IDs and encrypted passwords on our system." A separate post on the vBulletin site makes reference to a security patch for versions 5.1.4 through 5.1.9 of the vBulletin Connect software package.
- FFIEC Issues Extortion Attack Alert (Bank Info Security)
The Federal Financial Institutions Examination Council has issued an alert calling on financial institutions to take specific risk mitigation steps in light of an increase in the frequency and severity of cyberattacks involving extortion.
- One-Quarter of 21 Million OPM Hack Victims Have Been Notified (NBC News)
Just over one-quarter of the 21 million current or former federal employees who had personal information stolen in the Office of Personnel Management breach have been notified by the government, an agency spokesperson told NBC News.
- How Carders Can Use eBay as a Virtual ATM (Krebs On Security)
How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder.
- Kaspersky announces death of CoinVault, Bitcryptor ransomware, releases all keys (ZDNet)
Over 14,000 keys used to unlock files encrypted by CoinVault and Bitcryptor have been released, signaling the death of the ransomware variants.
- TalkTalk breach investigation leads to fourth arrest (PC World)
The U.K. Parliament has launched its own inquiry into the TalkTalk data breach and other aspects of online personal data protection