cybercrime | Page 3


eBay announced today that a breach of their systems has led to the loss of files containing encrypted copies of their users' passwords. At the moment, it's not known how those passwords were encrypted. Of course, it's hoped that each password was individually salted in order to make decryption much more difficult. Other information stolen in the breach include names, email addresses, home addresses, phone numbers and dates of birth. eBay's payment arm, PayPal claims to have been unaffected by the attack, and that PayPal data is "...encrypted and... [Read More]
by RSS Richard Henderson  |  May 21, 2014  |  Filed in: Industry Trends
We are in the age of information and for the past 25 years the internet has been an awesome force for good. It has created an incredible information economy across networks and won our trust as a viable platform for the exchange of just about anything. However, underneath it all, there is a terrible tempest brewing. In a time when any motivated person can raise a few hundred thousand dollars in crowdfunding, so too can any motivated person find a way to steal it. The hacking economy is booming and the barriers to entry are low. Prerequisite knowledge... [Read More]
by RSS Michael Perna  |  Mar 17, 2014  |  Filed in:
Once upon a time, cybercriminals had their sights set solely on large-scale corporations and national governments to elicit highly profitable returns. No doubt, major organizations still wear a big red X. But with the evolution and proliferation of sophisticated malware, the target pool has broadened to include just about every business. One reason is that the essence of cybercrime has fundamentally changed - in lots of ways. For one, more cybercriminals are equipped with a toolbox of cheap and generic weaponry. And the simplicity and accessibility... [Read More]
by RSS Stefanie Hoffman  |  Sep 13, 2013  |  Filed in: Industry Trends
Late last week, Microsoft's Digital Crimes Unit, working with the FBI and the U.S. courts, took a huge chunk out of the capabilities of the Citadel botnet. Citadel is a ZeuS variant that is responsible for infecting what is believed to be millions of computers across the globe in the hopes of stealing financial information through key logging and form grabbing and using that information to steal money from the bank accounts of infected victims. This latest takedown, known as Operation b54, disrupted the operation of over 1,400 different Citadel... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
Botnets for years have been leveraged as a cybercrime tool to commit any variety of nefarious activity ranging from Website defacement and DDoS to the proliferation of malware and theft of sensitive information. Lately, the cyber community can add one more to the list mining the digital currency Bitcoin. In the new Bitcoin heists, the botnets that take over a victim's computer aren't intended to steal a victim's money - although they are certainly capable of doing that, too. However, in the latest shenanigans, the malware compromises a computer... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in: Industry Trends
For most organizations, regardless of industry, forming strategic partnerships are critical in achieving objectives. In the case of security organizations, partnerships are vital for better sharing and disseminating threat information, disrupting malware and tracking down cybercriminals and handing them over to appropriate law enforcement channels for prosecution. The FortiGuard team at Fortinet, for example, has partnerships with organizations such as VirusTotal, an independent online service that analyzes files and URLs in an effort to aid the... [Read More]
by RSS Stefanie Hoffman  |  May 17, 2012  |  Filed in: Industry Trends
No doubt, the recent groundswell of legislation around cybercrime and cyber security has served to raise public awareness and could potentially spur security sales as the issue remains on the forefront of political and social debate. But with the barrage of newly introduced cybersecurity legislation, it’s easy to get lost in the melee of political, technical and legislative jargon, not to mention a sea of vaguely understood acronyms. Here is a bit of a guide that might make the path through this jungle a tad easier. ** Cyber Intelligence Sharing... [Read More]
by RSS Stefanie Hoffman  |  May 01, 2012  |  Filed in: Industry Trends
In prevision of the anticipated merge between the two infamous banking malware ZeuS and SpyEye, our Threat Analyst Kyle Yang spent some time dissecting the most current version of SpyEye we could get our hands on (W32/SpyEye.C!tr.spy). While SpyEye shares some similarities with ZeuS (encrypted/compressed configuration file, updateable injection scripts, drop zones, update zones for binary and config update, etc ...), an extra feature quickly caught our attention: SpyEye connects to a "log server" that is different than the server where it fetches... [Read More]
by RSS Guillaume Lovet  |  Nov 10, 2010  |  Filed in: Security Research
The papers Bryan, Guillaume and I presented at Virus Bulletin 2009 have been available on the FortiguardCenter since yesterday: 'I am not a numero!': assessing global security threat levels - Bryan Lu Fighting cybercrime: technical, juridical, and ethical challenges - Guillaume Lovet Botnet-powered SQL injection attacks: a deeper look within - David Maciejak & Guillaume Lovet It's the 4th year in a row that Fortinet has had at least one paper in the line-up, but the first time we hit a count of three presentations. The conference was held... [Read More]
by RSS David Maciejak  |  Oct 29, 2009  |  Filed in: Security Research