The notorious Joker's Stash cybercrime marketplace, which specializes in selling stolen payment card data, has a new listing for 1.3 million credit and debit cards, almost all of which appear to have been issued by Indian banks, reports threat intelligence firm Group-IB.
A newly discovered remote access Trojan called Dtrack has been targeting banks in India for well over a year, Kaspersky researchers say. The malware, which can steal data from ATMs and doubles as a cyberespionage tool, appears to be linked to North Korea's Lazarus Group.
Cybercrime is surging thanks, in part, to the availability of inexpensive hacking tools and services. A recent look by security firm Armour at black market offerings finds stolen payment card data, RDP credentials, ransomware and DDoS services are widely available for sale.
"Silence," a Russian-speaking criminal group that has stolen $4.2 million from ATMs and financial institutions since 2016, has become more active this year, using new tools and tactics in its attacks and expanding its reach globally, according to the security firm Group-IB.
The scary fact is that human error is a contributing factor in more than 90% of breaches. With so many technical controls in place hackers are still getting through to your end users, making them your last line of defense. How are they so easily manipulated into giving the bad guys what they want? Well, hackers are...
Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
A recent $3 million bank heist in Bangladesh is likely the handiwork of "Silence," a Russian-speaking gang known for its slow and methodical attacks against banks and ATMs, according to an analysis by security firm Group-IB.
Despite India's move to EMV-chip payment cards, ATM fraud continues to take place. Experts say risk of skimming is not eliminated with chip cards if they still have magnetic stripe and ATMs continue to read these stripes.
Known for targeting banks and ATMs in Russia and other Eastern European countries, the "Silence" gang apparently is now expanding into other regions, using a combination of custom malicious tools and "living-off-the-land" techniques, researchers report.
Although the Reserve Bank of India mandated that banks complete the shift from magnetic stripe debit and credit cards to EMV chip-and-PIN cards by Jan. 1 to help reduce fraud, there's still plenty of work to be done.
Although CERT-In says the hacking of Indian websites declined dramatically this year, based on reports it has received, some security experts argue that many hacking and other cybercrime incidents are never reported.
ISMG's Security Summit in Mumbai on Nov. 29 will offer insights from CISOs and other experts on hot topics, including setting the boardroom security agenda, using cyber threat intelligence, preventing fraud through the use of blockchain, securing digital payments and preparing for a breach notification law.
Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.
Pakistan says the nation's banks have not been hacked, but adds that they are taking defensive steps after nearly 20,000 payment card details appeared for sale online. The State Bank of Pakistan says banks are implementing restrictions on international transactions.