European criminals combined cannibalized EMV chips from stolen cards with miniature microprocessors to build fake payment cards that defeated POS security checks, enabling them to steal as much as $680,000, French researchers say.
Attributing cybercrime to specific criminals is becoming increasingly critical, says Eward Driehuis of threat intelligence firm Fox-IT. Using the elusive Dridex campaign as an example, Driehuis explains in this video interview how many malware attacks are interconnected.
U.S. merchants that have not yet completed their migration to EMV should brace for upticks in chargebacks from international card issuers, says Gord Jameison, head of Canadian risk services for Visa, in a video interview.
ATM fraud losses are increasing globally, and we can expect to see this trend continue as the U.S. ramps up its migration to EMV at the point of sale. Unattended terminals are easy to compromise, and they will always be among fraudsters' favorite targets.
Unprecedented levels of collaboration among targeted financial services firms enabled the international law enforcement operation that disrupted the Dridex botnet, security firm Fox-IT says. Now, can that model be repeated going forward?
FBI Director James Comey's declaration that the Obama administration will not pursue legislation to require vendors to create a backdoor that would permit law enforcement to circumvent encryption on mobile devices isn't the end of the matter.
Target - the nation's second-largest discount retailer and best-known data breach poster child - has begun issuing its house-brand REDcards with chip and PIN. The move comes as the majority of card issuers have opted for chip and signature, which some security experts warn is a weaker choice.
An international law enforcement operation - spearheaded by the U.S. FBI and U.K. National Crime Agency - has disrupted the notorious Dridex banking malware and phishing campaign, which has been tied to at least $40 million in losses worldwide.
A cybercrime ring that employed the Angler Exploit Kit to earn an estimated $34 million per year - from ransomware infections alone - has been disrupted by security researchers at Cisco's Talos security intelligence and research group.
Prosecutors recommended that twin brothers Muneeb and Sohaib Akhter serve a six-year and a two-year sentence, respectively, after pleading guilty to hacking-related charges. But one of the men received a much lighter sentence.
As a result of Experian's data breach, 15 million T-Mobile subscribers are at risk from phishing attacks and fraud. But it's not clear what more T-Mobile can do to protect breach victims, says security specialist Mark James.
In the wake of the Oct. 1 EMV fraud liability shift date, U.S. merchants can expect to pay for counterfeit fraud losses previously absorbed by European issuers, says Jeremy King of the PCI Council. Longer-term, he expects European banks will experience more fraud as U.S. POS and card security leapfrogs other markets.
A Russian cybercriminal who used the Citadel banking Trojan to infect at least 7,000 PCs has received a 4.5 year jail sentence. Authorities tracked him in part thanks to his posts to a Citadel user group.
Reports that a Linux-based botnet has been lobbing 160 Gbps packet storms highlight how DDoS attacks remain alive and well. Experts also warn that DDoS attackers are mixing Windows and Linux malware and running extortion scams.