Latest

Account Takeover

Digital IDs: A Progress Report

Nick Holland  •  July 3, 2020

The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.

Cybercrime

European Police Hack Encrypted Communication System

Doug Olenick  •  July 2, 2020

European police gained access to messages sent via the encrypted cellular service EncroChat, leading to the arrest of hundreds of alleged organized crime members across the Netherlands, France, Norway, Sweden and the U.K., the EU's law enforcement intelligence agency Europol reports.

►

Fraud Management & Cybercrime

Ex-Fraudster Brett Johnson: 'There Are Going to Be a Lot of Victims'

Tom Field  •  July 2, 2020

Tens of millions of Americans have lost jobs because of COVID-19. As a result, former 'most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims."

Cybercrime

WastedLocker Ransomware Targets US Newspaper Company

Akshaya Asokan  •  July 2, 2020

The gang behind the WastedLocker ransomware strain recently targeted dozens of newspaper websites operated by a U.S. media company, according to the security firm Symantec.

Cybercrime

Studying an 'Invisible God' Hacker: Could You Stop 'Fxmsp'?

Mathew J. Schwartz  •  July 2, 2020

Could your organization withstand an attack by the master hacking operation known as "Fxmsp"? Hollywood loves to portray hackers as having ninja-like skills. But Fxmsp often favored the simplest tools for the job, because they so often worked. Defenders: Take note.

Governance & Risk Management

It's Official: CCPA Enforcement Begins

Doug Olenick  •  July 1, 2020

Enforcement of the California Consumer Privacy Act officially began Wednesday despite the lack of a final, codified version of the regulation. Experts weigh in on compliance steps organizations should take.

Cybercrime

FakeSpy Android Malware Disguised as Postal Service Messages

Akshaya Asokan  •  July 1, 2020

The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to Cybereason. The messages are designed to appear to come from postal and delivery services.

Cyberwarfare / Nation-State Attacks

FCC: Huawei, ZTE Are 'National Security Threats'

Ishita Chigilli Palli  •  July 1, 2020

The U.S. Federal Communications Commission has officially designated China's Huawei Technologies and ZTE Corp. as "national security threats," barring American telecommunications firms from using certain federal funds to buy their equipment, such as for building 5G networks.

COVID-19

Guarding Against COVID-19 Fraud Schemes

Marianne Kolbasuk McGee  •  July 1, 2020

With the COVID-19 pandemic continuing to surge, organizations must remain vigilant in their defense against coronavirus-themed phishing, business email compromise and other fraud campaigns, says attorney Robert Egan, who offers risk mitigation insights.

Business Continuity Management / Disaster Recovery

UCSF Med School Pays $1.1 Million Ransom

Scott Ferguson , Doug Olenick  •  June 29, 2020

The University of California San Francisco says it paid a $1.14 million ransom earlier this month to obtain decryptor keys to unlock several servers within its school of medicine that were struck with ransomware.

Fraud Management & Cybercrime

Data Breach Settlement Has an Unusual Provision

Marianne Kolbasuk McGee  •  June 29, 2020

A preliminary settlement in a class action data breach lawsuit against Iowa Health System - which does business as UnityPoint Health - contains an unusual provision that could prove quite costly.

Cybercrime

Fxmsp Hackers Behind AV Source Code Heist: Still Operating?

Mathew J. Schwartz  •  June 29, 2020

Is the Fxmsp hacking operation still in business? Experts say Fxmsp earned $1.5 million in illicit profits, thanks to a botnet-based business model that enabled the group to sell remote access to hacked networks. But then it advertised source code allegedly stolen from three anti-virus vendors.