Photo of the suspect, who has not been named by authorities (Photo: Palo Alto's Unit 42)

Suspected Business Email Compromise Ringleader Busted

Mathew J. Schwartz • May 27, 2022

Police in Nigeria this week arrested a 37-year-old man who's been charged with masterminding "a criminal syndicate tied to massive business email compromise and phishing campaigns," Interpol reports. But with known BEC losses last year exceeding $2.4 billion, will the arrest have a noticeable impact?

Cloud Security

Cryptocurrency-Stealing 'Cryware' Malware Attacks Surge

Latest

Fraud Management & Cybercrime

Using the Right Tools to Investigate Fraud

Suparna Goswami • May 27, 2022

Many enterprises conduct fraud investigations on a regular basis but do not get value from them, says Richard Plansky, North America regional managing director for forensic investigations and intelligence practice at Kroll. He discusses the need for the right tools to investigate fraud.

Fraud Management & Cybercrime

Ransomware Costs City of Quincy, Illinois, $650,000

Mihir Bagwe • May 27, 2022

The City of Quincy, Illinois' administrative systems were hit by a ransomware attack on May 7, confirmed Mayor Mike Troup in a press conference held on Tuesday. Consulting fees and a ransom were paid but critical services continued to operate throughout the incident.

Governance & Risk Management

ISMG Editors: London Summit Highlights

Anna Delaney • May 27, 2022

Four editors at Information Security Media Group discuss highlights from ISMG's recent London Summit, including whether if collateral damage from the Russia-Ukraine war isn't necessarily all it was reputed to be, then what are the most concerning emerging threats; building a cyber risk playbook to help businesses...

Application Security & Online Fraud

Threat Actors Exploiting Free Browser Automation Framework

Prajeet Nair • May 27, 2022

An increasing number of threat actors are deploying a free-to-use browser automation framework as part of their attack campaigns. Automation tools are expected to become a more common element of the threat actor’s toolkit.

Business Email Compromise (BEC)

FBI: 2021 Business Email Compromise Losses Hit $4.3 Billion

Anna Delaney • May 27, 2022

The latest edition of the ISMG Security Report discusses how the leader of a "transnational cybercrime syndicate" has been arrested in Nigeria, according to Interpol. It also shares updates on U.S. privacy laws and how we can improve collaboration as an industry.

Fraud Management & Cybercrime

Twitter Fined $150M for Misusing Private Data to Sell Ads

Prajeet Nair • May 26, 2022

A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say. Twitter says it has paid the fine and ensured that personal user data is secure and private.

Cybercrime

Black Basta Claims Responsibility for AGCO Attack

Mihir Bagwe • May 26, 2022

Ransomware gang Black Basta, which came to prominence in April, has claimed responsibility on its leak site for a ransomware attack on AGCO. An AGCO spokesperson confirmed to ISMG that employee data was exfiltrated during an attack but did not comment on Black Basta's claims of responsibility.

Cloud Security

Lacework Announces Layoffs 6 Months After Raising $1.3B

Michael Novinson • May 26, 2022

Cybersecurity startup Lacework has announced layoffs - affecting 20% of its employees, according to one report - to strengthen its balance sheet, just six months after raising $1.3 billion. The company says it restructured its business in response to a large shift in the public and private markets.

Next-Generation Technologies & Secure Development

Cribl Raises $150M to Incubate New Observability Features

Michael Novinson • May 25, 2022

Cribl has raised $150 million to drive the development of new features such as hosted versions of the company's technology. The company will build out separate tools for each piece of the observability process rather than forcing customers to purchase a bundle with features they don't care about.

Fraud Management & Cybercrime

Attempted Ransomware Attack Grounds SpiceJet Flights

Mihir Bagwe • May 25, 2022

Indian passenger airline SpiceJet says an attempt at a ransomware attack was made against its IT infrastructure on Tuesday night. The airline says the attack was "contained," and it has resumed regular operations. Passengers continued to complain about takeoff delays until noon local time.

Fraud Management & Cybercrime

13% Spike in Ransomware Is Biggest in 5 Years

Brian Pereira • May 25, 2022

Ransomware has grown 13% year on year in 2022, a jump greater than the past five years combined, a Verizon Business 2022 Data Breach Investigations Report published on Tuesday shows. It says financial gain continues to be the primary motive for attacks, followed by espionage.

Application Security

WhiteSource, Renamed Mend, Takes on Remediating Code Issues

Michael Novinson • May 25, 2022

WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.