Yearly Archives: 2012

Uptick in Cyber Attacks on Small Businesses

August 3, 2012

New data suggests that cyber attacks aimed at smaller businesses have increased markedly over the past six months, a finding that dovetails with my own reporting on businesses that are suffering six-figure losses from sophisticated cyber heists.

According to Symantec, attacks against small businesses doubled in the first six months of 2012 compared to the latter half of 2011. In its June intelligence report, the security firm found that 36 percent of all targeted attacks (58 per day) during the last six months were directed at businesses with 250 or fewer employees. That figure was 18 percent at the end of Dec. 2011.

Tech Support Phone Scams Surge

August 2, 2012

62 Comments

The bogus tech support boiler rooms must be working overtime lately. I’ve recently been inundated with horror stories from readers who reported being harassed by unsolicited phone calls from people with Indian accents posing as Microsoft employees and pushing dodgy PC security services.

These telemarketing scams are nothing new, of course, but they seem to come and go in waves, and right now it’s definitely high tide. One reader’s story in particular really creeped me out. “Ron” wrote in to say his friend’s young daughter was the latest target.

Dropbox: Password Breach Led to Spam

July 31, 2012

19 Comments

Two weeks ago, many Dropbox users began suspecting a data breach at the online file-sharing service after they started receiving spam at email addresses they’d created specifically for use at Dropbox. Today, the company confirmed that suspicion, blaming the incident… Read More »

Email-Based Malware Attacks, July 2012

July 31, 2012

45 Comments

Last month’s post examining the top email-based malware attacks received so much attention and provocative feedback that I thought it was worth revisiting. I assembled it because victims of cyberheists rarely discover or disclose how they got infected with the Trojan that helped thieves siphon their money, and I wanted to test conventional wisdom about the source of these attacks.

While the data from the past month again shows why that wisdom remains conventional, I believe the subject is worth periodically revisiting because it serves as a reminder that these attacks can be stealthier than they appear at first glance.

Tagging and Tracking Espionage Botnets

July 30, 2012

14 Comments

A security researcher who’s spent the last 18 months cataloging and tracking malware that was developed and deployed online specifically for spying on governments, activists and industry executives says the complexity and scope of these cyberespionage malware networks now rivals many large conventional cybercrime operations.

Joe Stewart, senior director of malware research at Atlanta-based Dell SecureWorks, said he’s logged over 200 unique families of custom malware used in cyber-espionage campaigns, and some 1,000 domain names registered by cyberspies for using in hosting networks used to control the malware, or for use in “spear phishing,” highly targeted emails that spread the malware.

ATM Skimmers Get Wafer Thin

July 24, 2012

52 Comments

It’s getting harder to detect some of the newer ATM skimmers, fraud devices attached to or inserted into cash machines and designed to steal card and PIN data. Among the latest and most difficult-to-spot skimmer innovations is a wafer-thin card reading device that can be inserted directly into the ATM’s card acceptance slot.

DoItQuick: Fast Domains for Dirty Deeds

July 23, 2012

19 Comments

A new service offered in the cybercriminal underground is geared toward spammers, scammers and malware purveyors interested in mass-registering dozens of dodgy domains in one go.

Top Spam Botnet, “Grum,” Unplugged

July 19, 2012

31 Comments

Roughly five years after it burst onto the malware scene, the notorious Grum spam botnet has been disconnected from the Internet. Grum has consistently been among the top three biggest sources of junk email, a crime machine capable of blasting 18 billion messages per day and responsible for sending about one-third of all spam.

Cyberheist Smokescreen: Email, Phone, SMS Floods

July 18, 2012

35 Comments

It was early October 2011, and I was on the treadmill checking email when I noticed several hundred new messages had arrived since I last looked at my Gmail inbox just 20 minutes earlier. I didn’t know it at the time, but my account was being used to beta test a private service now offered openly in the criminal underground that can be hired to create highly disruptive floods of junk email, text messages and phone calls.

Many businesses request some kind of confirmation from their bank whenever high-dollar transfers are initiated. These confirmations may be sent via text message or email, or the business may ask their bank to call them to verify requested transfers. The attack that hit my inbox was part of an offering that crooks can hire to flood each medium of communication, thereby preventing a targeted business from ever receiving or finding alerts from their bank.

Spammers Target Dropbox Users

July 17, 2012

16 Comments

“Always have your stuff when you need it with Dropbox.” That’s the marketing line for the online file storage service, but today users have had difficulty logging into the service. The outages came amid reports that many European Dropbox users were being blasted with spam for online casinos, suggesting some kind of leak of Dropbox user email addresses.