Islamic State Twitter accounts are once again under attack, following the horrific Orlando terrorist attack last weekend. More than 250 Twitter accounts allegedly associated with ISIS, or ISIL, have been hacked by a team of hackers led by a person who goes by the handle “WauchulaGhost.” While many of those accounts had been hacked before…
Thieves attempted to pull off one of the biggest cyber bank heists in history but a spelling mistake foiled the plan.
So far investigators have not found any proof that central bank staff in Bangladesh were involved, one of the officials said, but said the probe was continuing.
Security experts say that if insiders were not involved, the attackers likely had assistance from somebody close to the banking industry. They also may have spied on bank workers over an extended period to gain details about wire-transfer processes and other operations, they said.
It takes somebody with deep knowledge of the banking industry to perform these types of crime,” said Shane Shook, a security consultant who has investigated some of the biggest cyber breaches on record.
The Bangladesh central bank had billions of dollars in its current account, which it used for international settlements, officials have said. The stolen money made its way to various parts of the world.
Some $80 million are believed to have ended in the Philippines, and further diverted to casinos and then to Hong Kong, according to bank officials. One $20 million transaction was directed to a non-profit organization in Sri Lanka.
But the unusually large transaction for the island nation and a misspelling of the NGO’s name raised red flags that helped bring the robbery to light. The transaction was blocked as was another huge payment instruction that was for between $850 million and $870 million.
Wow! Is anything safe anymore?!
Read the entire article | Malware Suspected in Bangladesh Bank Heist
Ahhhh! Retail data breaches—just in time for the holidays.
Personally, I don’t plan to be anywhere near the malls on ‘Black Friday’ or Black Saturday or Sunday. The savings just aren’t worth the hassle & the deals are not really “big deals” from the retailer’s standpoint –considering their markups. Honestly, most retailers run the exact same sales or better ones online.
That being said, millions of consumers will pound the pavement come 12:01 a.m. looking for those big “steal of a deals”..
If you’re using your debit or credit cards just keep a close eye on your accounts come Saturday, apparently there’s a new sophisticated gang of cyber thugs ready to “steal your deals” & help you spend your money by stealing your credit card numbers!
Tis the season! If you do shop online, you might want to sign up for a PayPal account.
Join the discussion.
According to Fortune– Hackers are targeting U.S. retailers with a new wave of malware intended to steal credit card and debit card information from payment terminals, according to a cybersecurity firm.
News of the attacks arrive just ahead of holiday shopping season, a particularly busy time of year for the retailers, health care providers, payment card processors, and hospitality companies that may be affected.
“This is by far most the most sophisticated point of sale malware we’ve seen to date,” said Maria Noboa, technical analyst at iSight Partners, whose team discovered the difficult-to-detect malware. “They have such great in-depth understanding of operational security measures, evading detection and the mitigation techniques used,” she said about the coders’ expertise.
The malware in question involves separate modules that run close to computers’ operating systems, making them harder to analyze. These “rootkit” modules—tools that enable the hackers to remain hidden and in control—also use advanced encryption that prevents traditional anti-virus and other monitoring software from detecting them.
“We have found three right now, and we are sure there are more out there,” said Stephen Ward, marketing director at iSight, about the modules. First, there’s a “keylogger,” that records and stores keyboard strokes. Second, there’s an “uploader-downloader” that connects compromised machines with the hackers’ command and control infrastructure, or remote servers that can send and receive data or instructions to and from infected devices. And third, the iSight researchers identified a “POS scraper” that steals payment card information from the memory of retailers’ computers.
Pieces of the malware seem to have been in development as early as 2012, according to iSight. Attacks based on the malware began targeting U.S. retailers a year later, and the assaults are likely ongoing, Noboa said.
iSight named the malware “ModPOS” after its characteristic modules. The firm said it has found no discussion of it on online crime forums, which suggests that a single professional-level hacking group is behind the scam. Although firm evidence is lacking, some indicators suggest that the malware might be Eastern European in origin.
iSight said it began notifying clients of the threat in October, and other retailers more recently in order to give them time to track down and remove the malware from their machines before the Black Friday and Cyber Monday shopping sprees.
Wendy Nather, research director at the Retail Cyber Intelligence Sharing Center, an industry group that shares cybersecurity information, told Fortune that members of the organization have been hunting for the malware on their systems since learning of it. “I don’t know if anyone has been effective in kicking it off their system, or what measures need to be taken to remove it,” she said. “It’s bigger in functionality, has more sophisticated coding, and it’s trickier about hiding,” compared to other recent [point of sale] malware attacks, she said.
Read the rest of this article on Fortune.