Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial crime. Show all posts
UNC9344
ALPHV CyberCrime Cybersecurity CyberThreat Financial crime IT Help Desk malware Rasnomware Scattered Spider UNC9344

Scattered Spider Broadens Attack Techniques in Latest Cyber Incidents

 


Known by aliases such as UNC3944, Scatter Swine, and Muddled Libra, Scatter Spider is an extremely persistent and adaptable cybercriminal group focused on financial gain. In the current cyber threat environment, the Scatter Spider group stands out as one of the most persistent and adaptive threat actors. Having been active since May of 2022, the group has built a reputation for targeting high-value organisations in several sectors, including telecommunications, outsourcing companies, cloud providers, and technology companies. 


A deliberate strategy to exploit industries that have large customer bases and complex IT infrastructure has been demonstrated by their focus on expanding further in recent months to include retail giants, financial institutions, and airlines. 

Scattered Spider is known for its sophisticated use of social engineering, specifically utilising the manipulation of IT help desks to gain unauthorised access to enterprise networks. That is why Scattered Spider has become one of the world's leading social engineering firms. As a result of this approach, the group has been able to bypass conventional perimeter defences and move laterally inside victim environments with alarming speed and precision, often without any detection. 

Despite the group's continuous evolution, both in terms of their technical abilities and their operational scope, recent breaches involving large UK retailers and airline companies highlight their continued evolution. A cybersecurity practitioner is strongly advised to gain a deeper understanding of the evolving techniques used by Scattered Spider because their operations are escalating in frequency and impact. 

It is vital to implement proactive defence measures to combat the threat posed by this increasingly sophisticated adversary, including training employees on security risks, implementing rigorous access controls, and monitoring the network continuously. With Scattered Spider, there is a significant shift in the threat landscape since it emphasises identity-based attacks over technical exploits, which represents a disruptive shift in the threat landscape that differs from traditional threat actors who tend to exploit technical vulnerabilities and deploy advanced malware. 

They use social engineering as their main attack vector rather than zero-day vulnerabilities, which means their operations are rooted in human manipulation rather than zero-day vulnerabilities. They typically attack outsourced IT services providers and help desks as their entry points. They usually pose as legitimate employees and exploit routine support workflows by impersonating them. 

With the help of social engineering, Scattered Spider bypasses many conventional security controls and gains privileged access to any network with minimal resistance. Once within a network, Scattered Spider does not rely on complex backdoors or stealthy implants to gain access to the network. By exploiting identity systems, they can move laterally and escalate privileges by utilising legitimate credentials and internal knowledge.

In addition to their ability to mimic internal users, use company-specific jargon and employ familiar tools, they are able to blend seamlessly into normal operations with ease. Despite the fact that it is common for commonly trusted administrative tools like PowerShell, remote monitoring and management (RMM) platforms, and cloud service provider consoles to be misused, detecting these threats can be a challenge. Scattered Spider performs independent attacks regularly.

It has been linked to notorious ransomware collectives such as ALPHV (BlackCat) and DragonForce and often acts as an initial access broker or even the operator of the attack, although their alliances are only opportunistic at best. Throughout their history, the group has demonstrated a willingness to abandon or undermine partners if that would serve their own objectives. This is an unpredictable behaviour that has earned them a reputation for being volatile. In their operations, Scattered Spider has demonstrated agility, resourcefulness, and defiance towards conventional hierarchies, the mindset of a rogue start-up. 

The combination of this unpredictability with their deep knowledge of enterprise environments makes them a formidable adversary that is unique in the industry. As a result of recent developments, Scattered Spider has been increasing its operational reach, which has heightened concerns within the cybersecurity community. In a public statement shared with me via LinkedIn, Sam Rubin, a representative of Palo Alto Networks' Unit 42, confirmed that the threat actor has been actively targeting the aviation sector for some time. 

The expert stressed that organisations, particularly those within critical infrastructure and transportation sectors-have to remain vigilant against sophisticated social engineering campaigns. Specifically, Rubin advised that suspicious requests for multi-factor authentication resets (MFA) were becoming increasingly common among identity-centric intrusion groups, a hallmark of their approach to identity theft. 

Similarly, Google's cybersecurity company Mandiant echoed these concerns as it observed Scattered Spider's activities as well. In response to this, Mandiant also issued a warning. In its recent report, Mandiant highlighted a pattern of attacks affecting airline and transportation companies in the U.S., as well asthe  recent targeting of companies within the U.S. insurance industry. 

As the firm says, the numerous incidents of this group closely align with its established method of operation, particularly in terms of impersonation, identity abuse, and exploitation of IT support workflows, which are all part of the group's established modus operandi. It is clear that Scattered Spider is continuing to broaden its attack surface and has increasingly targeted industries that handle large amounts of personal and financial data, as well as those that have intricate supply chains and third-party dependents that need to manage large amounts of sensitive data. 

In late June of 2025, Scattered Spider demonstrated an even more dramatic strategic shift as it aggressively focused its efforts on the global aviation industry. In a matter of hours, what seemed like isolated and unconfirmed cyberattacks on a few airlines quickly escalated into a coordinated series of cyberattacks that had global repercussions. 

A report issued by the Federal Bureau of Investigation (FBI) confirmed that the Scattered Spider was targeting major airline operators as well as the general public in an official advisory. This alert occurred at a time when two prominent Canadian carriers, WestJet, as well as Hawaiian Airlines, experienced disruptions caused by suspected cyberattacks, both of which experienced service interruptions as a result of these cyberattacks. 

Additionally, Australia’s flagship airline, Qantas, also recently reported a significant security breach that was allegedly perpetrated by a third-party service provider. One of the systems compromised was the call centre platform used to handle customer service, highlighting a recurring pattern in Scattered Spider's operations: exploiting the weakest links in the supply chain to achieve its objectives. 

Approximately 6 million Qantas passengers' sensitive data was accessed by hacker groups, including their full names, contact information, birth dates, and frequent flyer numbers, and was exposed in this manner. In spite of the fact that no financial or passport information was reported to have been taken, the breach underscores the dangers associated with third-party access points in highly interconnected environments. 

A preliminary investigation into each of these three incidents revealed that the threat actors used a phone-based phishing technique that is commonly known as "vishing" in order to manipulate airline IT departments and contractors in all three incidents. It was aimed at obtaining VPN credentials and resetting Multi-factor authentication (MFA) security settings in order to impersonate internal employees and escalate privileges within corporate systems by impersonating internal employees. 

Rather than relying on traditional technical exploits, Scattered Spider takes advantage of the trust placed in third-party vendors, such as those able to manage ticketing systems, call centres, and backend IT services. In addition to a deep understanding of aviation operations, Scattered Spider's tactical preference is to attack through a social engineering-based and identity-based attack vector rather than a traditional technical attack vector. 

Scattered Spider has been evolving its operational sophistication, and its focus is increasingly on high-ranking executives, according to a recent report from security firm ReliaQuest. In an incident disclosed last Friday, a threat group infiltrated an unidentifiedorganisationn by targeting its Chief Financial Officer (CFO), who is a role that is generally granted access and authority to the organization. 

As stated by ReliaQuest, the attackers conducted extensive reconnaissance to map the CFO's digital footprint before launching a highly targeted social engineering campaign to compromise the CFO's identity and credentials. The attackers succeeded in persuading staff members to reset the multi-factor authentication device linked to the account in order to start the intrusion process. 

They impersonated the CFO and reached out to the IT help desk in order to convince them that their account could not be protected. In the course of verifying their identity via the company's public login portal, they used previously collected information, including the CFO's birthdate and the last four digits of his Social Security Number, further legitimising their access.

As a result of their broad privileges and the high priority that their support requests receive, Scattered Spider strategically targets C-suite executives as a target due to their strategic use of these systems, allowing them to successfully impersonate C-suite executives. With impressive speed and precision, the attackers were able to escalate privileges and move laterally across the organisation's infrastructure with remarkable speed and precision once inside the organisation by using the CFO's account. 

In the post-compromise activity, it was evident that the group had an extensive understanding of enterprise environments. In order to identify privileged accounts, groups, and service principals, they initiated Entra ID enumeration to establish a platform for escalation and persistence of privileges. Moreover, they performed a SharePoint discovery to determine where sensitive data was located and how business workflows worked, followed by compromising Horizon Virtual Desktop Infrastructure (VDI), which was accompanied by further account takeovers by social engineering. 

In order to ensure that remote access would remain uninterrupted, Scattered Spider breached the organisation's VPN network infrastructure. To access VMware's vCenter platform, the group reactivated and created new virtual machines that had been decommissioned. Using elevated access, they then compromised the CyberArk password vault, taking over 1,400 credentials. In addition to disabling a production domain controller, they also extracted the NTDS.dit database containing critical Active Directory information. 

They used legitimate tools such as ngrok for persistent remote access to compromised accounts to firmly establish themselves in control of compromised accounts. When the attackers were discovered, they switched tactics, deploying a destructive "scorched-earth" attack — deleting entire policy rule collections from Azure Firewall as well as causing significant disruptions in operations. 

It is clear from this incident that Scattered Spider is an incredibly adaptable and ruthless cybercriminal organisation, which reinforces its reputation as one of the most dangerous and unpredictable cybercriminals around today. In light of Scattered Spider's increasing activity and its increasingly tailored, identity-based attack strategies, organisations should reassess the security posture of their organisation beyond conventional perimeter defences and evaluate how resilient they are. 

The threat vectors posed by this group continue to exploit human behaviour, trust-based processes, and fragmented digital ecosystems, which require defenders to adopt a proactive and intelligence-driven approach to threat detection and response. To accomplish this, robust identity verification workflows must be implemented for privileged access requests, behavioural analysis of high-value accounts must be conducted regularly, and third-party risk management policies should be strengthened. 

Additionally, organisations need to ensure that cross-functional incident response plans are in place that take social engineering intrusions, privilege abuse scenarios, and other types of threat models into account-threat models that are no longer theoretical but operationally routine for adversaries such as Scattered Spider. 

There is no doubt that cybercriminals are evolving with startup-like agility, and so defenders must also adapt to meet these demands. It is important to work collaboratively, share threat intelligence, and foster an organisational culture in which security is not just a technical function, but a core responsibility of the organisation. 

Data loss is not the only issue that is at stake anymore-the stakes now include operational continuity, brand trust, and strategic resilience as well. Rather than simply building technical defences to protect against threats such as Scattered Spider, organizations should cultivate a culture of security resilience and go beyond technical defenses. 

The purpose of red team exercises that simulate identity-based attacks, aligning executive leadership, IT, and security teams around shared accountability, and conducting adversary emulation exercises to continuously validate security assumptions is all part of the process. Keeping an organisation safe from attackers, regardless of the level of trust they exploit, requires vigilance across all levels of the organisation - strategic, operational, and human. 

Organisations that have invested in adaptive, intelligence-driven defence programs are better equipped not only to withstand such threats, but also to recover quickly and decisively if they do occur. It is no longer about building higher walls when it comes to cybersecurity—it is about outsmarting the intruders already at the gate with your help. 

With Scattered Spider utilising surgical precision and manipulating human trust, hijacking identities, and exploiting operational vulnerabilities, organizations have to reconsider what resilience is really about. The era of static defenses has come to an end. In order to respond to incident effectively, security teams need to implement adaptive strategies based on intelligence, behavior analytics, and proactive incident management. 

In order to accomplish this, rigorous identity verification processes need to be implemented, privileged user behaviour needs to be continually monitored, and third-party integrations should be more tightly vetted—areas that are increasingly exploited by cybercriminals with startup-like agility. But resilience is more than just tools and tech. 

A shared responsibility exists between executive leadership, IT, and security operations. Simulated red-team exercises that mimic real-world identity breaches are effective at exposing hidden vulnerabilities while adversary emulation challenges long-standing security assumptions. In the end, if people are going to defend themselves against adversaries such as Scattered Spider, they must adopt a defensive-in-depth philosophy where they integrate people, process, and technology.

Those companies that are committed to investing in continuous readiness—not just in the prevention of a disaster, but also in responding to one when it happens and recovering from it—will be better positioned to counter tomorrow's threats and emerge stronger from them.
Read more »
National Cybersecurity
Cyber Security CyberCrime CyberThreat Financial crime National Cybersecurity

Australia's New Cyber Law Combats Emerging Threats

 


A new Cyber Security Act has been passed into law by the Australian government, which we should consider a very important step in our mission to protect Australians from threats posed by cyberspace. Having adopted this package, Australia will gain a cohesive legislative toolbox allowing the country to move forward with clarity and confidence in an ever-evolving cyber landscape as the law develops. Specifically, the Cyber Security Act enacts seven initiatives, first described in the Cyber Security Strategy, that will strengthen cyber security. 

A ransomware attack, also known as a crypto locker, remains one of the most common forms of cyberattack, and they are particularly dangerous because they can have such powerful effects. By 2031, it is estimated that the total cost of ransomware damage will exceed $265 billion in the world. The level of vulnerability of an organization to these attacks can vary from the smallest to the largest.

As part of the attack on Indonesia, a hacking group infected critical systems at a national data centre in July, causing over 230 government agencies and services to be down for about a week. During the past week, after the passing of Australia's first-ever Cyber Security Act, various measures have been introduced into the nation's defences to improve their security. 

A key provision of this legislation is that organizations are required to inform the government if they pay ransomware criminals - a practice that has gained popularity across the globe increasingly in recent years. Cyber Security Act 2013 is implemented under the Australia 2023-2030 Cyber Security Strategy. According to the policy, Australia was aiming to reposition itself as a leader in cyber resilience through some steps in the law, including the creation of a National Cyber Security Coordinator to coordinate a cohesive national response to cyber incidents. 

Australia's Cyber Security Minister Tony Burke made a statement in a media release regarding the Act, saying that it was "the cornerstone of the mission to protect Australians from cyber threats" and that "it forms a cohesive legislative toolbox which will enable Australia in the face of a rapidly evolving cyber landscape to move forward with clarity and confidence." 

As a result, experts have strongly urged IT leaders to update their cyber security incident response plans to take into consideration the legislative changes. Should a cyber security attack or crisis occur, they will need to communicate with the government in new ways to make sense of the confusing situation. A major change that has a direct impact on Australian organizations is the introduction of a mandatory reporting requirement for ransomware payments, as well as a new voluntary reporting regime for cyber incidents, which is intended to become mandatory over time as a consequence of the upcoming changes. 

There will be an obligation for organizations of a certain size to report ransomware payments to the government. According to the local law firm Corrs Chambers Westgarth, although the size threshold hasn't been determined, it's expected the mandate will apply to businesses with a sales turnover of more than AUD 3 million when the mandate becomes effective. The Department of Home Affairs and the Australian Signals Directorate are obligated to receive a report stating that a ransomware payment was made within 72 hours of receiving it.

Corrs is telling The Australian Financial Review that if organizations fail to report these payments, they could face a civil penalty of AUD $93,900, which is currently the value that Corrs is claiming. The report notes that despite the new mandate, the government's policy remains the same that organizations should not pay ransoms to avoid being held hostage. As per the government's view, paying ransoms to cyber-crime gangs does not contribute to the functioning of their business model, but rather only helps them keep their operations viable - and it cannot be guaranteed that organizations will be able to get their data back or keep it private from other people. 

With the new Act, a new framework was enacted for the voluntary reporting of cyber incidents, which was an excellent development. When an organisation suffers a cyberattack, the measure aims to encourage more free information sharing during those times when there is a risk of harm to other parties in the public and private sectors as well as a wider community, in order to benefit both.

In addition to the NCSC overseeing the system, any organization doing business in Australia can report incidents to the organization with the understanding that they are protected somewhat by a "limited use" obligation, which limits what the NCSC can do with the information it receives. As an example, it is important to note that by reporting a significant cyber security incident, the NCSC will be able to utilize the information for a variety of purposes under the law, such as preventing or mitigating threats to critical infrastructure and national security, and supporting intelligence agencies or law enforcement agencies, according to Corrs. 

As a result of the new regulatory obligations, organizations will have to adjust their plans in order to ensure compliance with the regulations. To ensure that these changes will be incorporated into future cyber security tabletop exercises, the CISOs and security teams will be vital in adjusting plans to account for these changes. According to Corrs, the trigger for a company to report a ransomware payment to the authorities is the payment itself rather than the fact that they receive a demand for payment from the victim.

In addition, this will have an impact on both how organizations manage these cyber decisions and how they choose to communicate them to their stakeholders. Those organisations that are classified as critical infrastructure companies under Australian privacy laws and the SOCI Act may also be required to report on an overlapping basis and within different timelines. In addition to that, if they are listed on the Australian Stock Exchange, they will be required to make continuous disclosures.
Read more »
Payment Fraud
Cyber Security FBI Financial crime Fraud Detection FTC GDPR Online Payment Fraud Payment Fraud

The Rising Threat of Payment Fraud: How It Impacts Businesses and Ways to Counter It

 

Payment fraud continues to be a significant and evolving threat to businesses, undermining their profitability and long-term sustainability. The FBI reports that between 2013 and 2022, companies lost around $50 billion to business email compromise, showing how prevalent this issue is. In 2022 alone, 80% of enterprises faced at least one payment fraud attempt, with 30% of affected businesses unable to recover their losses. These attacks can take various forms, from email interception to more advanced methods like deep fakes and impersonation scams. 

Cybercriminals exploit vulnerabilities, manipulating legitimate transactions to steal funds, often without immediate detection. Financial losses from payment fraud can be devastating, impacting a company’s ability to pay suppliers, employees, or even invest in growth opportunities. Investigating such incidents can be time-consuming and costly, further straining resources and leading to operational disruptions. Departments like finance, IT, and legal must shift focus to tackle the issue, slowing down core business activities. For example, time spent addressing fraud issues can cause delays in projects, damage employee morale, and disrupt customer services, affecting overall business performance. 

Beyond financial impact, payment fraud can severely damage a company’s reputation. Customers and partners may lose trust if they feel their financial information isn’t secure, leading to lost sales, canceled contracts, or difficulty attracting new clients. Even a single fraud incident can have long-lasting effects, making it difficult to regain public confidence. Businesses also face legal and regulatory consequences when payment fraud occurs, especially if they have not implemented adequate protective measures. Non-compliance with data protection regulations like the General Data Protection Regulation (GDPR) or penalties from the Federal Trade Commission (FTC) can lead to fines and legal actions, causing additional financial strain. Payment fraud not only disrupts daily operations but also poses a threat to a company’s future. 

End-to-end visibility across payment processes, AI-driven fraud detection systems, and regular security audits are essential to prevent attacks and build resilience. Companies that invest in these technologies and foster a culture of vigilance are more likely to avoid significant losses. Staff training on recognizing potential threats and improving security measures can help businesses stay one step ahead of cybercriminals. Mitigating payment fraud requires a proactive approach, ensuring businesses are prepared to respond effectively if an attack occurs. 

By investing in advanced fraud detection systems, conducting frequent audits, and adopting comprehensive security measures, organizations can minimize risks and safeguard their financial health. This preparation helps prevent financial loss, operational disruption, reputational damage, and legal consequences, thereby ensuring long-term resilience and sustainability in today’s increasingly digital economy.
Read more »
unauthorised access
Cyber Fraud Financial crime Financial Loss Information Technology Online fraud Online Scam OTP unauthorised access

E-Challan Fraud, Man Loses Rs 50,000 Despite Not Sharing Bank OTP

 

In a cautionary tale from Thane, a 41-year-old man, M.R. Bhosale, found himself embroiled in a sophisticated online scam after his father fell victim to a deceptive text message. The incident sheds light on the dangers of trusting unknown sources and underscores the importance of vigilance in the digital age. 

Bhosale's father, a diligent auto-rickshaw driver in Ghatkopar, received a seemingly official text message from the Panvel Traffic Police, notifying him of a traffic violation challan against his vehicle. The message directed him to settle the fine through a designated app called Vahan Parivahan, with a provided download link. Unbeknownst to him, the message was a clever ruse orchestrated by scammers to dupe unsuspecting victims. 

When Bhosale's father encountered difficulties downloading the app, he sought his son's help. Little did they know, their attempt to rectify the situation would lead to financial loss and distress. Upon downloading the app on his device, Bhosale encountered a barrage of One-Time Passwords (OTPs), signalling a red flag. Sensing trouble, he promptly uninstalled the app. 

However, the damage had been done. A subsequent check of his bank statement revealed unauthorized transactions totalling Rs 50,000. With resolve, Bhosale wasted no time in reporting the incident to the authorities. A formal complaint was filed, detailing the deceptive mobile number, fraudulent link, and unauthorized transactions. 

In response, the police initiated an investigation, invoking sections 66C and 66D of the Information Technology Act to pursue the perpetrators and recover the stolen funds. This unfortunate ordeal serves as a stark reminder of the prevalence of online scams and the importance of exercising caution in the digital realm. To avoid falling victim to similar schemes, users must remain vigilant and skeptical of unsolicited messages or unfamiliar apps. 

Blind trust in unknown sources can lead to devastating consequences, as Bhosale's family discovered firsthand. Furthermore, it is essential to verify the authenticity of communications from purported official sources and refrain from sharing personal or financial information without thorough verification. 

In an era where online scams abound, skepticism and diligence are paramount. As the investigation unfolds, Bhosale's story serves as a cautionary tale for all internet users. By staying informed, exercising caution, and seeking assistance when in doubt, individuals can protect themselves from falling prey to online scams.
Read more »
secure public Wi-Fi
Cyber Crime Data Theft Financial crime Online Scam secure public Wi-Fi

Public WiFi Convenience Leads to Cyber Threats, Read to Know Everything

 

Cybersecurity experts are issuing a stern warning to Scots regarding the potential dangers lurking within public WiFi networks. While the convenience of accessing the internet on the go, such as during train commutes, may seem appealing, experts emphasize the significant cybersecurity risks that accompany such practices. 

One of the primary concerns raised by cybersecurity professionals is the phenomenon known as "session hijacking." In this scenario, cybercriminals exploit vulnerabilities present in public WiFi networks to gain unauthorized access to users' devices while they are browsing online. 

Let’s Understand ‘Session Hijacking’ in Simple Words 

Session hijacking, a prevalent cybersecurity attack, occurs when an attacker gains control of an individual's internet session while they are engaged in activities such as checking their credit card balance, paying bills, or shopping online. 

Typically, session hijackers target browser or web application sessions to perpetrate their attacks. Once a session hijacking attack is successful, the attacker gains the ability to perform any action that the victim could undertake on the targeted website. Essentially, the hijacker deceives the website into believing that they are legitimate users, thereby granting them unauthorized access and control over the victim's session.  And it can lead to various cyber-crimes and financial scams. 

Do You Know What Risks Lurking in Public WiFi Networks? 

Vincent van Dijk MSc a cybersecurity expert, warns individuals about the lurking dangers within public WiFi networks, highlighting three prevalent cyber threats: 

1. Man-in-the-Middle attacks 
2.  Evil Twin attacks 
3. Malware Present in Networks 

In a Man-in-the-Middle attack, hackers infiltrate the public network, intercepting data as it travels from a connected device to the WiFi router. Vincent explains the severity of this threat, stating, "If you are engaged in online banking during such an attack, hackers can easily access your passwords and account information. Your credit card numbers, email addresses, and other personal details become vulnerable to theft." 

Evil Twin attacks present another insidious threat. When users search for a public WiFi hotspot, they may encounter a fraudulent network pretending as a legitimate one. These malicious networks often bear names strikingly similar to authentic ones, such as 'Free University Wi-Fi2' or 'Station Wi-Fi04.' Therefore, connecting to these clones exposes users to scammers, compromising their private data and leaving them susceptible to exploitation. 

Further, Vincent explains that when hackers successfully infect a network with malware, they gain the ability to distribute harmful software bugs to any device connected to it. As a cautionary measure, he advises users to exercise caution if they encounter unexpected pop-up notifications while connected to such networks. Clicking on these pop-ups could inadvertently lead to exposure to infected links, putting users' devices and sensitive information at risk. 

Following the concerns related to public WiFi, experts suggested public to use Virtual Private Networks (VPNs) and verify network authenticity while using Public Wifi. By doing so users can mitigate the risks associated with public WiFi usage, safeguarding their sensitive information from cybercriminals.
Read more »
SEC
Cyber Crime Cyberattacks Cybersecurity CyberThreat Financial crime MarineMax Ransomware attack SEC

MarineMax's Cyber Resilience: Responding to SEC on Cyberattack Incident

 


MarineMax, a national retailer of boats and million-dollar yachts, reported on March 12 that a "cybersecurity incident" disrupted its operations, according to documents filed with the Securities and Exchange Commission (SEC). 

According to the company, unauthorized access to the information systems of the company was gained by a third party. However, the company has not indicated who the threat actor is, or what type of attack occurred, whether it was a ransomware attack or an incident of another nature. 

Many of MarineMax's internal systems were rendered unavailable as a result of the attack, which is believed to have started on Sunday, and caused significant delays in customer service, sales, and customer support for MarineMax customers across the country. 

There has also been a significant decline in MarineMax dealership sales and service as IT systems deal with the aftermath of the hurricane. In addition to financing approvals, inventory availability, and overall deal progression, many dealerships are reporting problems with the dealership's sales and service processes. 

As a result of the attack, MarineMax has not discontinued its operations, but cybersecurity experts were hired to assist in the investigation and law enforcement was also notified. People asked the company if it was dealing with a ransomware attack or another type of cyber incident, but they did not respond to my inquiry. 

As the filing indicates, the attack has not materially affected the company's operations. However, officials are still assessing whether it will at some point in the future based on their findings.  Although MarineMax has not responded to questions as to whether data was stolen, it doesn't maintain sensitive data in the environment impacted by the incident, which has mentioned in the filing that these are not stored there. 

During a recent cyber attack, MarineMax was subjected to an incident that was deemed a 'cybersecurity incident', as defined in rules provided by the Securities and Exchange Commission. The incident involved the compromise of portions of the company's information environment by an unauthorized party, as detailed in the filing by MarineMax. 

The Securities and Exchange Commission recently amended its incident-disclosure rules to require a Form 8-K to be filed within 24 hours of the organization determining a cyber-incident to be material. This means that it has a significant impact on operational performance and could have a potential impact on investors' investments.

Last year, several industry giants faced a cyberattack, including Brunswick Corporation, which manufactures boats and parts for ships, a company that has been in the boating industry since the late 1800s. 

An incident that affected the production of marine electronics at a subsidiary of the company in June, that cost the company more than $85 million, was reported by the company.  A German manufacturer of luxury yachts and military vessels also came under attack by ransomware over the Easter weekend in 2023, which occurred over the Easter holiday.
Read more »
UK Firms
Banking fraud Biometric Authentication Cyber Fraud Cybersecurity Financial crime UK Firms

Identity Fraud Affects Two Million Brits in 2023



In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their identity to open financial accounts. This percentage, when extrapolated to the adult UK population, equates to approximately 1.9 million people. While this marks a decrease from 2022 when 7.7% reported such incidents, there's a concern that the actual numbers could be higher.

According to Sarah Rutherford, senior director of fraud marketing at FICO, the data only represents those who are aware of their stolen identity being used for financial fraud. Many individuals might not immediately discover such fraudulent activities, and perpetrators often exploit stolen identities multiple times, amplifying the overall impact.

The report identifies this type of fraud as the most worrisome financial crime for UK citizens, with 30% expressing concern. Following closely are fears of credit card theft and bank account takeovers by fraudsters, at 24% and 20%, respectively.


Consumer Preferences and Concerns Drive Financial Organisations' Strategies

FICO's research emphasises the significant impact that robust fraud protection measures can have on financial organisations. Approximately 34% of respondents prioritise good fraud protection when selecting a new account provider, and an overwhelming 73% include it in their top three considerations. However, 18% stated they would abandon opening a bank account if identity checks were too challenging or time-consuming, highlighting the importance of achieving a balance between security and user convenience.

Biometric authentication emerged as a favoured choice among respondents, with 87% acknowledging its excellent security features. Fingerprint scanning ranked highest among biometric methods, preferred by 38% of participants, followed by face scans (34%) and iris scans (25%). In contrast, only 17% believed that the traditional combination of username and password provides excellent protection.

Sarah Rutherford expressed optimism about the shift in attitudes towards new verification tools such as iris, face, and fingerprint scans, as individuals increasingly recognise the benefits they offer in enhancing security.


Commercial Impact

The study suggests that financial institutions incorporating strong fraud protection measures may reap significant commercial benefits. With consumer preferences indicating a growing emphasis on security, financial organisations must navigate the challenge of implementing effective identity checks without compromising the ease of service. Striking this balance becomes crucial, especially as 20% of respondents indicated they would abandon the account opening process if identity checks were deemed too cumbersome.


Amidst growing concerns surrounding identity fraud affecting a significant portion of the British population, there is a discernible shift towards the acceptance of advanced biometric authentication methods. Financial organizations are urged to prioritise formidable fraud protection measures, not only to enhance consumer appeal but also to reinforce security protocols for sensitive information. This imperative reflects the industry's transformation, shedding light on the growing importance of heightened security measures address the increasing challenges of identity theft.


Read more »
Victim
bank account Cyber Fraud FBI warning Financial crime Identity Theft loss Phone Scam Security Breach Sim-swapping scam Victim

Phone Scam Siphons Over $200,000 from Bank Account Holder

A bank account holder recounts losing over $200,000 due to phone accessibility issues. Heidi Diamond became a victim of a cyber scam known as sim-swapping, resulting in the depletion of her bank account. Sim-swapping involves fraudsters deceiving cell phone companies by assuming someone else's identity, enabling them to access personal information and manipulate phone services.

The fraudulent tactic begins with perpetrators obtaining personal details online and contacting phone service providers, claiming the loss or theft of the targeted individual's device. Once convincing the company of ownership, they activate the phone using the victim's SIM card, thereby gaining control over the device and its data. This renders the original owner's SIM card and phone inactive.

Diamond said this factor made the ordeal particularly tedious,  according to InvestigateTV. “It was such a panic that you know that something was so out of your control,” she said.

Sim-swapping circumvents typical security measures such as two-factor authentication, allowing criminals to breach sensitive accounts like bank accounts. Despite her bank reimbursing the stolen funds, Diamond remains dissatisfied with the lack of apprehension of the perpetrators, expressing a desire for justice.

Acknowledging the increasing prevalence of sim-swapping, the FBI has cautioned the public about its risks. Many remain unaware of this form of fraud, unlike more commonly recognized scams. The FBI disclosed that sim-swapping has resulted in a staggering $141 million in losses thus far.

Echoing Diamond's plight, other victims have shared their harrowing experiences, including Sharon Hussey, who lost $17,000 despite having robust security measures in place. Hussey received an unauthorized purchase confirmation from Verizon before her funds vanished, underscoring the severity and sophistication of sim-swapping attacks.
Read more »
Thane
Banking fraud Cyber Crime Financial crime Money heist Payment Gateway Thane

Thane: Massive 16,180 Crore Bank Hacking Fraud Uncovered, National Probe Underway

 

An FIR has been filed by Thane Police against a group of individuals, among them an ex-banker, who is accused of hacking into the account of a supplier of payment gateway services and withdrawing money of Rs 16,180 crore. The heist was carried out over time using several different bank accounts. 

On Sunday, a police spokesperson from Thane stated that the fraud had been continuing for a while. However, it was discovered following the filing of a complaint regarding the hacking of the company's account and the theft of Rs25 crore. According to a Mint report, no arrests have been made as of yet in the Rs 16,180 crore robbery case. 

But when the police started investigating into the complaint, a major theft worth 16,180 crore rupees was discovered. Under Indian Penal Code sections 420 (cheating), 409 (criminal breach of trust), 467, 468 (forgery), 120B (criminal conspiracy), and 34 (common intention), an FIR has been filed against Sanjay Singh, Amol Andale @ Aman, Kedar @ Sameer Dighe, Jitendra Pandey, and another unidentified person. 

The suspected wrongdoers are charged with illegally forming unregistered partnership firms using fake documents in order to deceive the government. As many as 260 bank accounts have been found to be linked to these duplicitously formed partnership firms, enabling transactions totalling the enormous sum indicated.

A few months ago, an unknown person successfully breached the software of Safex Payout and carried out a Rs 25 crore fraud, which served as the initial impetus for this investigation. The legal counsel for the business quickly reported a hacking and cyber fraud incident to the Srinagar police station, which drove Thane police's cyber cell to take over the investigation. 

Investigators were able to further disentangle the complex web of deceit when they discovered a fraudulent transfer of Rs 1.39 crore to an account owned by Riyaal Enterprises, a company having branches in Navi Mumbai's Vashi and Belapur. Law enforcement authorities searched these places and found a treasure trove of paperwork, including multiple bank accounts and company contracts. 

When these documents were thoroughly examined, it became clear that five partnership firms had been created at the same address using forgeries and counterfeits to use several people's names. According to Nagpur Today, inquiries posed to workers of Riyaal Enterprises resulted in information on an astounding 250 bank accounts and notarized partnership company agreements, all of which raised red flags.
Read more »
Threat Landscape
Cyber Crime Cyber Crime Report Financial crime Global Economy Threat Landscape

Cybercrime to Cost Global Economy $10.5 trillion By 2025

 

A report from Cybersecurity Ventures estimates that by 2025, cybercrime will have cost the global economy up to $10.5 trillion. According to a recent Gartner survey, by then, more than half of all cybersecurity assaults will be attributable to human error or a lack of talent.

What areas are most vulnerable, and how can consumers defend themselves against fraud and other online crimes? 

Small-scale companies 

Small firms are subject to three times as many cyberattacks as larger organisations, according to a Barracuda Networks analysis that Forbes highlighted. Often, employee training can stop these attacks. When compared to a company with more than hundred employees, smaller businesses endure 350% more social engineering attacks. 

Threats exist in every sector, but reports suggest that user data is the target of the majority of attacks, which puts businesses in the retail and e-commerce, healthcare, and financial sectors at greatest danger. 

Productivity of employees 

Cyber threats not only put money at risk, but they also impact employee productivity. More than half of small firms said that after an attack, their website was down for up to 24 hours. Additionally, data breaches can increase workplace stress and lower the spirits of workers.

Healthcare 

Cyber attacks provide a serious threat to the healthcare sector. Based on the research from Nozomi Networks, healthcare is one of the most often targeted areas for cyberattacks, despite the fact that healthcare organisations in the U.S. must strictly adhere to specific regulations, known as HIPAA laws, to protect patient data. 

Banking and finance 

The financial services sector is more vulnerable to cyberattacks than many other industries, which is understandable given the reasons behind this. Financial institutions are 300 times more likely to be the target of cyberattacks than other kinds of organisations, according to a Boston Consulting Group analysis. Based on an IBM X-Force survey, 71% of those attacks are directed at banks, and 16% are directed at insurance companies. 

Safety measures

Businesses have a responsibility to deploy cybersecurity protective measures to safeguard their customers. However, you may also help to avoid cyberattacks as a customer or employee, particularly when it comes to shielding your own financial or medical data. 

As a first line of defence against fraud and cybercrime, follow these simple tips:

On public WiFi networks, never share any personal information, including passwords. Online banking and shopping can be done safely from home. Don't disclose private information to ChatGPT or other AI programmes, especially bank information or passwords. 

Additionally, set strong and secure passwords with a password manager and, when available, use 2-factor authentication systems at work and at home.
Read more »
STYX
Cash-out Cyber Fraud Dark Web Dark web marketplace Financial crime Resecurity STYX

STYX Marketplace: An Emerging Platform Aiding Financial Crimes


STYX, a new dark web marketplace is turning into a booming hub for purchasing and selling illicit services or stolen data. STYX is a new dark web marketplace that was launched earlier this year, and it seems to be on the right track for turning into a booming hub for purchasing and selling illicit services or stolen data. 

The platform provided services facilitating  financial crime like money laundering, identity theft, distributed denial-of-service (DDoS), bypassing two-factor authentication (2FA), fake or stolen IDs and other personal data, renting malware, using cash-out services, email and telephone flooding, identity lookup, and much more. 

The marketplace was officially launched on January 19. However, cyber analysts at threat intelligence at Resecurity, a threat intelligence company, claims to have sighted mentions of STYX on the dark web since early 2022, when the founders were still creating the escrow module. 

Apparently, STYX accepts payments using a variety of cryptocurrencies and has a dedicated section for approved vendors, in an effort to gain trust in the platform. 

All Things Financial-crime

Following the discovery of the notorious platform, it was further noted that STYX was involved in the post-pandemic menace of cyber-enabled financial crime. Adding to this is the threat it posses to financial institutions and their customers. 

STYX was discovered at the same time as Resecurity financial crime risk analysts noticed a sharp rise in threat actors providing services for money laundering that target cryptocurrencies and digital banking accounts. 

Resecurity’s research also determines some of the most used cyber-crime tactics by threat actors, namely cybercriminal cash-outs, and the use of virtual credit cards (VCCs) and NFC merchant terminals that are illicitly operated to aid in cybercrime activities. 

Moreover, the investigation led to the discovery of 100 mules account. Following which, the firm shared these accounts to the victims, allowing them to speedily identify money mule rings and other linked criminal organizations that were previously undetected. 

“Resecurity also identified a group of trending cash-out vendors that charge commissions based on the exact BIN of the card and brand of gift card,” the researchers stated in a report. 

Apparently, STYX accommodates a great number of cash-out shops across the world, that offers “clean” funds via Apply Pay, PayPal business accounts with merchant terminals, and other financial institutions in the U.S., U.K., and Canada. 

The emergence of STYX as a new platform for financially motivated cybercriminals demonstrates the continued profitability of the black market for services. 

To reduce the effectiveness of the services offered in these criminal markets, digital banks, online payment platforms, and e-commerce systems must accept the challenge and improve their KYC checks and fraud defenses.  

Read more »
Subscribe to: Posts (Atom)