Pavel Sitnikov
Cybercrime Featured People

An Interview With Russian Hacker Pavel Sitnikov: ‘There Is No [Hacking] Scene Now, Only Commerce’

Hackers often go to great lengths to be discreet. That’s not the case with Pavel Sitnikov. The long-standing, Russian-speaking hacker until recently posted frequently on Twitter, where he listed his name, his alias (FlatL1ne), and his self-proclaimed connection with the infamous hacking group APT28, or Fancy Bear—his Twitter account is currently suspended…

israel code
Cybercrime Featured Government Leadership People Technology

Former Israeli CERT Chief: ‘A Cheap Incident Response Costs A Lot’

As the executive director of Israel’s National Computer Emergency Response Center, or CERT, Lavy Shtokhamer dealt with more cyberattacks in a week than many information security professionals would see in a year. The Center acted as a hub for information sharing and response in the country, with victims constantly informing Shtokhamer and his team of new incidents, which would then be anonymized and relayed to other companies and government organizations to help protect them from the similar attacks. Last week, I caught up with Shtokhamer via video conference—he will be taking on a new role in the coming days, and was open to talking about his experience in the Israeli government…

COVID Vaccine
Cybercrime Featured

Scammers Are Trying To Capitalize on the Race To Deliver COVID-19 Vaccines

In March and April, when fear and uncertainty about the coronavirus pandemic reached a high point in the U.S., hackers and scammers started incorporating language about COVID-19 into phishing attacks and new web domains to trick anxious victims into downloading malware, a U.S. cybersecurity agency warned. New research suggests that scammers are now pivoting their efforts—as governments and healthcare organizations race to deliver inoculations, hackers are embracing vaccine-related phishing lures…

chart
Chart of the Week Cybercrime Featured Technology

How Cybercrime Became a $1 Trillion Problem

Although the saying “crime doesn’t pay” may have some truth to it, a new report shows that cybercrime does in fact pay—and the numbers are only going up. Monetary losses from cybercrime are estimated to reach $945 billion in 2020, up from $522 billion in 2018 and $300 billion in 2013, according to a study released last week by The Center for Strategic and International Studies, a nonprofit research organization that focuses on national security issues, and the cybersecurity firm McAfee….

School desk
Cybercrime Featured Government

FBI, CISA Warn K-12 Schools of a Spike in Ransomware, With More Threats on the Horizon

On Thursday, the FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warned that 57% of ransomware attacks reported in August and September to MS-ISAC—a government-funded center that tracks cyberattacks on state, local, and tribal governments—hit K-12 institutions. That’s up from 28% between January and July. The alert suggests that the rapid transition to distance learning in 2020 contributed to cybersecurity gaps, which made schools more vulnerable to attack…

A hacker
Cybercrime Featured Technology

Exploit Kits, Once a Favorite of Cybercriminals, Move To Private Marketplaces

Hacking tools often follow a trend: They’re developed by an individual or group, others adopt it if it works well, and—once organizations become aware of it and start defending themselves—their use declines until they eventually disappear. On the surface, cybersecurity professionals might think that exploit kits are at the tail end of this trend. Exploit kits, which are essentially programs that automate the process of finding and exploiting vulnerabilities, have been around for more than a decade and likely reached their peak in the early 2010s…

Hack
Cybercrime Featured Nation-state Technology

What We Know So Far About the FireEye Breach—and Why It Matters

On Tuesday afternoon, cybersecurity firm FireEye announced what is likely one of the most significant cyberattacks of 2020—with itself as the victim. The attack was notable not just because the fallout could be immense, but because it required a brazenness and skill that only the most sophisticated hacking groups could pull off. Details will likely emerge as the FBI, FireEye, and its partners investigate the incident, but here’s what we know already…

Nintendo Switch
Cybercrime Featured

Hacker Who Stole Nintendo Switch Details Sentenced to Three Years in Prison

A California man who bragged about his hacking exploits on social media and his own online chat forum was sentenced to three years in prison on Tuesday for breaching Nintendo’s servers to steal confidential files on its consoles and games, including information about the Nintendo Switch before it was publicly announced…

Treasury Department
Cybercrime Featured Government Leadership People

A Government Insider on Navigating the New Guidance for Ransomware Payments

When attorney David Cohen was serving in the Treasury Department under the Obama administration—where he was known as the administration’s “financial Batman”—ransomware payments were hardly on the government’s radar, he said. In recent years, however, the ransomware threat has rapidly expanded, crippling countless schools, hospitals, municipalities, and businesses on a daily basis….

An interview with Bellingcat's Eliot Higgins
Cybercrime Featured

An Early Interview With The Dark Overlord: The Hacking Group That Forever Changed Cyber Extortion

In early 2016, Recorded Future analysts observed a threat actor selling stolen healthcare databases containing patient records on an anonymous hacking forum. The actor, who used the moniker “thedarkoverlord,” would soon make a name outside of the cybersecurity community for extorting high-profile targets and publicly demanding ransom payments to stop the release of confidential data. The group would slowly release stolen documents—a playbook that has since been copied by a wide range of ransomware purveyors….