now browsing by tag


Scamwatch: Scammers phishing for data through ANZ bank text messages | Blayney Chronicle | #relationshipscams | #dating | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

Every year, thousands of Australians are targeted by scams, whether it be online, via phone, mail or even in person. Australian Community Media has compiled a list of current scams […]

The post Scamwatch: Scammers phishing for data through ANZ bank text messages | Blayney Chronicle | #relationshipscams | #dating | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Bookkeeping Platform Receipt Bank Raises $73M

Source: National Cyber Security – Produced By Gregory Evans Share Tweet Share Share Share Print Email Digital bookkeeping platform Receipt Bank notched approximately $73 million in equity and debt in a Series C funding round, according to an announcement by global investment bank Harris Williams. The funding round was led by Insight Partners, which was […] View full post on

#nationalcybersecuritymonth | Bank of England audio leak followed loss of key cybersecurity staff | Business

Source: National Cyber Security – Produced By Gregory Evans The Bank of England restructured its security department and lost multiple senior employees in charge of protecting some of Britain’s most critical financial infrastructure shortly before it suffered a major breach, the Observer can reveal. After the central bank admitted that hedge funds had gained early […] View full post on

Alleged bank vault robber posed with cash on Instagram, Facebook – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Somebody really needs to write a rap about yobs who show off piles of loot in their social media feeds.

The alleged crook du jour: Arlando M. Henderson, 29, of Charlotte, North Carolina, whom the FBI has arrested and charged with supposedly stealing more than $88,000 smackers from the vaults of his employer, Wells Fargo Bank.

If he’s innocent, Henderson is going to have to explain why his Instagram rap shows him holding an AK-47 and large stacks of cash… and how in the world he found the wherewithal to pick up that Mercedes-Benz in his Facebook posts.

On Friday, the US Attorney’s Office for the Western District of North Carolina said that the FBI arrested Henderson on 4 December in San Diego and charged him with stealing cash from Wells Fargo’s bank vaults, from deposits made by its customers, and with using some of that beautiful green spray-o-cash…


…for a down payment on the sweet Mercedes-Benz, and then lying to get a car loan to pay the balance. He allegedly convinced the loan company that he was good for the dough by showing them bogus bank statements.

Pen #testers #break down #bank security #flaws

While banks have built effective barriers for external attacks, researchers warn they have not done nearly as much work to fight threats on their internal networks.

Earlier this month, a third-party software vulnerability resulted in a Mexican bank heist that scored at least $15.4 million.

In early 2017 there was a surge of attacks targeting card processing in Eastern Europe which scammed nearly $100 million and later that year, intruders attacked the Far Eastern International Bank in Taiwan by making transfers to accounts in Cambodia, Sri Lanka, and the U.S which totaled at $60 million.

Positive Technologies researchers examined how cybercriminals are able to pull off such massive financial heists from behind their keyboards and acted like cybercriminals to gain insight on common vulnerabilities shared among banks.

The firm said it found vulnerabilities in all of the banks they have performed penetration tests on and that half of the banks had insufficient protection against recovery of credentials from OS memory, a quarter used dictionary passwords, and nearly a fifth, 17 percent, had sensitive data stored in cleartext.

Positive Technologies would not specify the number of banks in its study but did emphasize the need for banks to enact strong password policies as 50 percent of those tested used dictionary passwords.

Researchers added that a quarter of these banks used the password “P@ssw0rd” as well as such common combinations as “Qwerty123,” empty passwords, and default passwords such as “sa” or “postgres”.

The most common vulnerabilities were outdated software which were found in 67 percent, sensitive data stored in clear text, 58 percent, dictionary passwords, 58 percent, use of insecure data transfer protocols, 58 percent, remote access and control interfaces available to any user, 50 percent.

Less common vulnerabilities included anti-dns pinning, sql injection, arbitrary file upload, XML external entity, and cross-site scripting 25 percent.

Other common vulnerabilities that allow infections usually consist of use of outdated software versions and failure to install OS security updates, configuration errors, and absence of two-factor authentication for access to critical systems

As a result of these vulnerabilities, attackers would be able to obtain unauthorized access to financial applications at 58 percent of banks and penetration testers were able to compromise ATM management workstations used at 25 percent of the banks studied.

Researchers were also able to move money to criminal-controlled accounts via interbank transfers at 17 percent of the banks tested.

It’s important to realize that banks suffer from the same problems as other companies and typical attack vectors stem from a weak password policy and insufficient protection against password recovery from OS memory.

Similar to physical bank robberies, cybercriminals survey and prepare in advance to attack their targets sometimes leveraging insider personnel.

“Since use of external resources can be detected by security systems, in order not to get caught during this initial stage, criminals resort to passive methods of obtaining information: for example, identifying domain names and addresses belonging to the bank,” researchers said in the report. “At the survey stage, unscrupulous bank employees are actively engaged as well.

Researchers found numerous on web forums from insiders looking to disclose their employers’ information for a fee.

“The bottom line is, banks are not ready to defend attacks from the internal intruder today,” Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies told SC Media. “Despite the high level of protection of the network perimeter, attacks using social engineering techniques and so-called watering hole attacks allow attackers to enter the internal network of the bank”

Galloway went on to say that Cybercriminals can covertly be present in the infrastructure for a long time while learning the actions of employees and administrators all while hiding their attack from security systems under the guise of the legal actions of employees whose computers they hacked int


The post Pen #testers #break down #bank security #flaws appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Duke #Energy #Vendor’s #Hack May Mean #Stolen Customer #Bank Info

Nearly 375,000 Duke Energy Corp. customers may have had personal and banking information stolen in a data breach.

The country’s largest electric company said Tuesday the customers paid a bill by check or cash at 550 walk-in payment processing centers in the Carolinas, Florida, Indiana, Ohio and Kentucky since 2008.

Those payments were processed by TIO Networks, which was hacked in an attack disclosed after the company was purchased in July by PayPal Holdings Inc. Duke Energy customers make up nearly a quarter of the 1.6 million TIO Network customers potentially compromised.

The personally identifiable information that may have been stolen from Duke Energy customers includes names, addresses, electricity account numbers and banking information if a customer paid power bills by check.

TIO Networks is sending letters to notify those affected.

View full post on National Cyber Security Ventures

Florida #man gets 16 months over #bitcoin bank #hacker scheme

Source: National Cyber Security – Produced By Gregory Evans

Florida #man gets 16 months over #bitcoin bank #hacker scheme

NEW YORK – A Florida software engineer was sentenced to 16 months in prison for helping run an illegal Bitcoin exchange suspected of laundering money for a group of hackers who targeted financial and publishing firms including JPMorgan Chase & Co. and Dow Jones & Co.

Yuri Lebedev, 39, helped operate, which tricked banks into processing bitcoin transactions by disguising them as restaurant-delivery charges and online purchases of collectible items. He was convicted in March of conspiracy and fraud following a month-long trial in Manhattan.

Lebedev, wearing a black suit, stood before sentencing to tell the judge he regretted his actions. He said he joined to create “cutting edge technology” and build something “that would make me exceptional.”

“I got carried away,” he said, adding he realizes now “there are no shortcuts.”

U.S. District Judge Alison J. Nathan in New York said Lebedev used his “impressive technology skills” to trick banks, making them “unwilling participants in the scheme.”

Prosecutors said the unregistered exchange sold bitcoins that were used in illegal online transactions and as payment in ransomware attacks. To help dodge regulators, Lebedev also conspired with his boss to bribe a New Jersey pastor to let them take over a credit union that was run out of a church and use it to help legitimize the exchange’s corrupt operations.

The operator of, Anthony Murgio, was sentenced to 5½ years in June. He admitted in January that he ran for the hacking scheme’s main Israeli architect, Gery Shalon, the self-described founder of a sprawling criminal enterprise that hacked at least nine companies.

Lebedev was born in Russia and raised in Ukraine before moving in with a host family in the U.S. state of Georgia. His attorney, Eric Creizman, cited the wide-ranging nature of the scheme to portray his client as a husband and doting father of three who was been caught up in something too big for him to recognize. In court papers, he described Lebedev as an “unlikely criminal defendant.”

“This case in which Lebedev was tried and convicted as a defendant involved a far broader scope of criminality than the conduct that Lebedev purposefully involved himself in or even knew about,” Creizman said in a court filing.

Lebedev wasn’t accused of money laundering and wasn’t involved in the hacking scheme. Creizman emphasized his technology role and said he wasn’t involved in the three-way calls with banks in which customers lied about the nature of their transactions.

Family and friends sent letters to the court supporting Lebedev, all of which described him as a man devoted to hard work and to giving his children the kind of opportunities he didn’t have in Ukraine. His host family described how Lebedev tutored their child in math, while a college friend relayed how Lebedev washed dishes to avoid using a credit card for living expenses like others did.

Shalon’s global network allegedly stole information on more than 100 million customers of banks and publishing firms and generated hundreds of millions of dollars in illicit proceeds from pump-and-dump stock scams and online gambling.

Murgio operated the exchange with Lebedev from about 2013 to 2015 through a front company, the Collectables Club Private Member Association, which lists Murgio’s West Palm Beach address, court papers show. At Murgio’s sentencing hearing, he wept and said he’d “screwed up badly.”

The men “knowingly exchanged cash for people whom they believed may be engaging in criminal activity,” the government said in court filings.

As part of the scheme, Lebedev was installed on the board of New Jersey-based HOPE Federal Credit Union to bribe Trevon Gross, a pastor who was convicted in the same case, to gain control of the credit union and use it to process corrupt bank transactions that would appear legitimate, court filings show. Gross hasn’t been sentenced.

“Lebedev was one of the handful of co-conspirators involved in the credit union’s processing of over $60 million in risky” transactions, prosecutors said in court papers.

Lebedev’s role was to set up an array of servers that used to process its transactions, a critical element of the scheme that required constant attention to avoid detection by the banks, the U.S. said.

“One of those critical issues that Lebedev handled was the use of separate servers to mislead banks and payment processors into thinking that bitcoin transactions were actually Collectables Club memorabilia and MyXtremeDelivery food transactions,” the U.S. said in court papers.

Lebedev also attempted to obstruct the case by deleting files from a computer, prosecutors said.

Shalon and his alleged top lieutenant, Ziv Orenstein, were arrested in Israel in July 2015 and extradited to the U.S. last year. They have pleaded not guilty. An American who allegedly conspired with them, Joshua Aaron, who attended Florida State University with Anthony Murgio, was detained by Russian authorities in 2015 and returned to the U.S. to face charges. He denies wrongdoing.

The post Florida #man gets 16 months over #bitcoin bank #hacker scheme appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace

Source: National Cyber Security – Produced By Gregory Evans

Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace

Bank heists aren’t what they used to be. With sophisticated underground networks of hackers able to remotely swipe millions from financial institutions within seconds, many now look back wistfully on the days when a bank robbery involved a getaway chase, fat wads of cash and a bandit eye mask.

“Cyber is now the tool of choice for significant financial crime: it is easier to dispose of the stolen assets and the crime is easier to get away with,” says Andrew Moir, head of global cyber security at law firm Herbert Smith Freehills. “Compare the $81m (£61m) Bank of Bangladesh cyber heist [stolen from the bank’s account at the US Federal Reserve last year] to the £25m Hatton Garden jewel raid.”

The City of London is eager to show it is a leader in the fight against computer crime, particularly as Brexit rumbles in the background and threatens London’s status as Europe’s financial centre.

Dominic Raab, the justice minister, said last month that a decision to open a new court in the City to focus on cyber crime was a “terrific advert for post-Brexit Britain” while Catherine McGuinness, the City’s top official, is heading to Israel to meet cyber security experts and academics, with the aim of mirroring Tel Aviv’s success in attracting start-ups.

“[It’s] the first time we’ve made a trip like this, there is a fresh focus on cyber from us as an organisation,” Ms McGuinness made clear, adding that she will be looking at potential partnerships with specialists in Israel. She uses the new court, which is being funded by the City of London Corporation and will be based in the Square Mile, as an example for how the UK is keeping up with financial crime in the 21st century.

The UK was the target of one in eight cyber attacks in Europe between January and September last year, according to research from cyber security firm FireEye. No wonder then that the City is ploughing money into the issue – all too aware that finance is among the most targeted industries. The UK’s National Cyber Security Centre has dealt with more than 600 “significant” cyber attacks since it was opened just a year ago by the Government Communications Headquarters (GCHQ), and today is hosting a summit for EU member states to share what it has learnt.

Few are aware of the importance of tackling this issue more than Robert Hannigan, the former GCHQ boss who joined the intelligence agency just after the Edward Snowden scandal in 2014 and left earlier this year. Credited with preparing the UK for a new era of cyber challenges (he was behind the launch of the cyber centre), he is now advising businesses on how to prepare for future risks.

“Attacks used to be very crude misspelled [emails], now they are sophisticated – we have seen criminals researching targets, seeing where a CEO’s children go to school so an email looks like it comes from there,” he says, illustrating how hard it can be to spot a red flag. “These aren’t teenagers in a bedroom, these are seriously organised groups. They’ve taken the internet and gig economy model and hire people in.”

Having been Tony Blair’s adviser on Northern Ireland peace talks and a former director general of defence and intelligence at the Foreign Office, Mr Hannigan has seen first hand the changes in the way criminal gangs operate. Many have grown up with the internet, and with technology moving so fast one of the biggest challenges is trying to forecast what the techniques will be in 10 or 20 years, he says.

Trying to make that prediction will require a lot more specialists than are currently available. The UK has a shortage of experts, with start-ups competing to recruit convicted hackers for expertise. Lobby group TheCityUK told The Daily Telegraph this year that it wants to see cyber schools in each UK city with a big financial services presence so that institutions aren’t scrabbling for talent, with plans to transform Bletchley Park – used to crack codes in the Second World War – into the UK’s first National College of Cyber Security delayed by a year. Part of Ms McGuinness’s trip to Israel this week will be about learning how to draw cyber entrepreneurs to the UK.

Mr Hannigan, who is currently advising Lloyd’s of London insurer Hiscox on potential cyber risks ,warns that, while the finance sector is miles ahead of many others in terms of cyber security and awareness, institutions can be “naive” when it comes to state-linked cyber threats with many underestimating the extent to which some countries work with crime groups.

“As state and crime threats merge in some areas, that’s something which needs more work,” he said, using North Korea as an example. “Institutions tend to think that states wouldn’t want to damage the international financial system which they have a stake in, but of course North Korea doesn’t have a stake in it and doesn’t really care.

“That crossover of crime and state is here to stay. I think, thinking beyond fraud and crime, companies need to think about the motives of states that might want to access their data. Financial institutions hold very personal data about millions of people.”

“Cyber crime certainly is capable of causing the next financial crisis – anything that undermines confidence in the banking system could have that effect,” adds Mr Moir, underlining the severity of a potential attack. “Suppose hackers penetrate a bank’s systems and manipulate balances or mortgages so they can no longer be trusted?”


The post Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Toledo business owner says former employee hacked computers, bank accounts

Source: National Cyber Security – Produced By Gregory Evans

TOLEDO, OH (WTOL) – A Toledo business owner says a disgruntled worker brought his business to a halt following a cyber attack on the company’s computers, phones and bank accounts. “Its just not fair for somebody to be that malicious. And for what?” Jacob Lewandowski, owner Jacob’s Ladder Handyman Service…

The post Toledo business owner says former employee hacked computers, bank accounts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures