OldGremlin uses spear-phishing emails to enter networks and then encrypts data for a ransom of around $50,000. Date Breach First Reported: 9/2/2019. Date Breach First Reported: 12/07/2021. Every other Friday we bring you interviews with leading experts in the fields of technology and psychology combined, with past guest speakers such as New York Times journalists, MIT Professors, and C-suite executives of top tech companies. No phone service, no debit, credit card nothing. In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the attack on the Nigerian bank, referencing the African Bank named in the U.S. Department of Justice 2018 indictment of Park Jin Hyok. The Android.BankBot.495 malware was designed to read the victims information when they logged into their mobile banking app. At least 150 fraudulent sites advertising investment opportunities to solicit funds were created as part of the scheme. On December 11, 2019, it was reported that 463,378 Turkish payment cards from Turkish banks had been posted for sale online between late October and late November, for an estimated total value of USD $500,000. The attackers accessed and exfiltrated data between June 10 and July 3, 2020 by entering through Waydev, a third party analytics platform used by the Dave engineering team. Date Breach First Reported: 11/2/2021. Cybersecurity firm Sophos has found evidence tying the operations of MrbMiner, a crypto-mining botnet, to a boutique software development firm in Shiraz, Iran. Location: United States, Canada, Australia In October 2017, the Korean Internet Security Agency thwarted an attack on 10 cryptocurrency exchanges in South Korea. On October 28, 2021, researchers from Positive Technologies discovered vulnerabilities in the Wincor Cineo ATMs, owned by Diebold Nixdorf, an American multinational financial and retail technology company. On Monday, November 16, Australia's stock exchange halted trading 20 minutes after opening due to a software issue that caused inaccurate market data. On October 26, 2021, the Nigerian Communications Commission announced the discovery of a new malware, dubbed Flubot, targeting Android devices with fake security updates and application installations. Date Breach First Reported: 11/6/2017. Date Breach First Reported: 12/3/19. He successfully stole over 400,000 credit and debit card numbers. NCC Bank and Prime Bank were also targeted, but both banks reported no financial losses associated with the attack. On December 31, 2019, Travelex, a major foreign exchange company, took all its computer systems offline after company systems were infected with Sodinokibi ransomware and the attackers demanded $6 million to remove it. Location: United States, Germany Retefe is a malware that installs the Tor internet browser to redirect infected devices to spoofed banking sites. Despite the claims, the bank said their investigation revealed that SBIs servers remained fully protected and that no breach had occurred. In the meantime, cyberattacks are becoming more and more sophisticated, and cybersecurity specialists now have to focus on being proactive and continuously developing their professional skills, rather than keeping pace with criminals. The group claiming responsibility for the extortion said it was part of the Armada Collective, which had previously targeted numerous businesses including Cloudflare and Proton Mail, although some investigators believed it might have been a copycat attack using the same name. Date Breach First Reported:5/28/2018. Date Breach First Reported:10/1/2017. The website vulnerability was present as early as 2008, according to Connecticut authorities. Date Breach First Reported: 9/22/2021. Location: Japan A source at the bank believes the motivation for the breach was to access the administrator's address book to send more phishing emails. At the beginning of January 2021, a cybersecurity firm discovered a new Android banking trojan dubbed as TeaBot. On February 21, 2020, hackers targeted PayPal accounts to carry out unauthorized purchases, estimated to be worth tens of thousands of euros, by exploiting PayPals Google Pay integration. On October 28, 2021, researchers from Positive Technologies discovered vulnerabilities in the Wincor Cineo ATMs, owned by Diebold Nixdorf, an American multinational financial and retail technology company. This incident prompted Mexicos central bank to raise the security alert level on its payments system. Date Breach First Reported: 6/8/2011. At one point, the portfolio of unauthorized trades was worth over 50 billion, approximately the same value as the entire firm. Location: N/A Location: United Kingdom Date Breach First Reported: 5/13/2019. Date Breach First Reported: 7/21/20. Location: Italy The Russian man accused of authoring both Zeus and Gameover Zeus remains at large. On February 13, the Bank of Valletta (BOV), Maltas largest and oldest bank, shut down operations after an attempted theft of 13 million. He was jailed for nine years, and the money was returned to its owners. The activist group Anonymous claimed responsibility for the incident, saying it acted out of sympathy for the Occupy Wall Street protests in New York. Fin7, the most prolific group using Carbanak, has stolen more than 1 billion from banks in more than thirty countries over the past three years, according to Europol. He also shares how Zeer will be able to alert users to danger through the use of data that factors in time of day, area, and temperature, to name a few. In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the theft. Vizom spreads through spam-based phishing campaigns and disguises itself as popular videoconferencing software, tools that have become crucial to business and social life due to the coronavirus pandemic. On July 10, 2021, Morgan Stanley, the American investment banking giant, reported a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance. On July 30, 2020, Rwanda Investigation Bureau (RIW) revealed that they had arrested a hacker suspected of stealing Rwf 22.5 million from Nesen Industry Company's bank. This is why we conduct Cyber Polygon, where industry professionals will exchange their experience and knowledge for the fourth consecutive year., Last year, the event sparked so much interest that we were able to accept just a fifth of all applicants. Shortly after the discovery, the actors behind it delivered a silent uninstaller to remove all traces of the said malware. The Australian government and other member states of the Five Eyes alliance reportedly helped with response and recovery efforts. Albert Gonzalez, an American known online as Soupnazi, was jailed in 2009 for twenty years. Date Breach First Reported: 4/30/20. On October 24, 2019, the City of Johannesburg reported a breach of its network and shut down its website and all e-services. Location: Estonia Date Breach First Reported: 10/20/2016. Location: Taiwan In late 2021, a long list of brands and online retailers were infected with the banking Trojan, Ramnit. [] submitted by /u/Publicize [link] [], [] Source: https://sociable.co/government-and-policy/cyber-polygon-postponed-russian-host-announces/ [], [] Cyber Polygon is postponed: Russian host announces [], [] Polygon 2022 was originally slated for July 8, but was postponed on May 25, and a new date still hasnt been []. Despite the fact that police found the accused attacker at the scene of the crime covered in Adams blood, and with Adams money in his pocket, it was considered a He said, she said case and he was found not guilty. The disruption happened when a backup system failed to kick in after a hardware malfunction, according to the Japan Exchange Group. On May 16, 2019, Europol, the U.S. Department of Justice (DoJ), and six other countries, dismantled a group of international cyber criminals that used the GozNym malware to steal over $100 million. DownSec Belgium claims to fight against corrupt government abuses. Date Breach First Reported: 8/11/2021, On August 10, 2021, Poly Network, a Chinese blockchain site, lost $600 million after hackers exploited a vulnerability in their system to steal thousands of digital tokens. Location: N/A This also impacted the exchange services of many major banks including Lloyds, Barclays, and RBS, who all use Travelex. Location: Middle East In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the theft. On October 4, 2019, it was reported that Sberbank, one of Russias largest banks, was investigating a suspected data leak that affected at least 200 customers, and potentially data on 60 million credit cards. Date Breach First Reported: 2/25/2020. Claiming over 30,000 victims within the United States, the large-scale cyberattack on Microsoft Exchange servers was first discovered by a security testing firm on January 6, 2021. Date Breach First Reported: 2/24/20. Location: Russia On January 15, 2020, hackers transferred $35 million from a Hong Kong-based bank, using "deep voice" technology to clone a bank directors speech. On October 14, FireEye reported that FIN11, a financial cybercrime group active since 2016, has recently switched to ransomware as its primary mode of attack. Date Breach First Reported: 5/14/20. Date Breach First Reported: 7/26/20. A fifth request for $20 million to be sent to an account in Sri Lanka was stopped due to the recipients name, Shalika Foundation, being misspelled fandation. The remaining transfers, which totaled somewhere between $850 and $870 million, were also stopped before they could be completed due to a stroke of good fortune: the name of the destination bank branch included the word Jupiter, which was the name of an unrelated company on a sanctions blacklist. Following the contentious relocation of a Soviet-era statue in Tallinn, Estonia fell victim to a series of coordinated DDoS attacks against government, bank, university, and newspaper websites that lasted three weeks. Location: Multiple Location: South Africa On March 10, 2021, Bitdefender reported re-emergence of the threat actor FIN 8 in 2020 and the subsequent updated versions of its point-of-sale malware, BadHatch. Location: Kenya Date Breach First Reported: 7/10/20. Date Breach First Reported: 9/1/2021. On October 29, 2021, the National Bank of Pakistan suffered a destructive cyber attack, which is said to have impacted some of its services including the bank's ATMs, internal network, and mobile apps. In 2010, a Bank of America employee was charged with computer fraud after installing malware on 100 ATMs to steal $304,000 over seven months, in an early example of ATM jackpotting., Location: United States While the UN Security Council Panel of Experts did not reveal the name of the bank in Kuwait, the Gulf Bank of Kuwait announced a technical failure in its system of international remittances on Twitter on March 27. First reported in 2018, Russian-speaking hackers, dubbed Silence by researchers at Group IB, targeted Russian banks, stealing $550,000 within a year. The ECB said most of the stolen data was encrypted, and no internal systems or sensitive market data had been compromised as the database was separate to those systems. Using the customised backdoor xPack, Antlion gained access to targets machines, from which they were able to exfiltrate vast amounts of data. On May 24, 2021, two ransomware groups, DarkSide and Ragnar Locker, demanded ransom from three small banks after posting evidence of stolen customer data belonging to the banks. Date Breach First Reported:8/11/2018. Chinese cybercrime group Rocke released an improved version of its cryptojacking malware Pro-Ocean targeting cloud applications with the goal of mining Monero, a decentralized cryptocurrency. On February 4, 2022, researchers reported that the Medusa Android banking Trojan has increased infection rates and the scope of geographic regions targeted. In May 2018, Banco de Chile suffered a $10 million theft after the attackers used destructive software as cover for a fraudulent SWIFT transfer. The indictment followed the landmark international deal to limit Irans nuclear capabilities in July 2015. However, no funds were stolen in the breach. CashMamas Amazon S3 bucket was left in open form, which exposed customers personal data and other sensitive information. Medusa has begun targeting victims in North America and Europe, using the same distribution service as FluBot malware to carry out their smishing campaigns. If you see somthing please say something! Location: United States In June, Citigroup announced that 360,000 card details in the United States were exposed after attackers exploited a URL vulnerability that allowed them to hop between accounts by slightly changing the website address. Location: South Africa Location: United Arab Emirates On February 17, 2021, a federal indictment charged three North Korean computer programmers with participating in a wide-ranging criminal conspiracy including conducting a series of destructive cyberattacks, stealing and extorting more than $1.3 billion of money and cryptocurrency from financial institutions and companies, creating and deploying multiple malicious cryptocurrency applications, and developing and fraudulently marketing a blockchain platform. Tesco Bank, a retail bank based in the UK, was the target of thieves who used vulnerabilities in its card issuing process to guess bank card numbers and steal 2.26 million in November 2016. On October 11, nearly 4000 clients of BetterSure, a South African home insurance company, experienced a phishing attack but no data was comprised. On October 10, 2021, Pichincha Bank in Ecuador was hit by a cyber attack that disrupted customers' access to bank services, including their online and mobile app tools. In January, ABN Amro, Rabobank, and ING suffered disruptions to online and mobile banking services, while the Dutch tax authority website was taken down for several minutes. On March 26, 2020, Insurer Chubb was targeted by Maze ransomware and the attackers claimed to have data stolen. Date Breach First Reported: 11/1/19. Location: United States Date Breach First Reported: 11/20/20. Over 1,700 credentials were also stolen from a single payment processor. Meanwhile, U.S. President Donald Trump announced the United States withdrawal from the Iran nuclear deal in May 2018. The applications contained names, dates of birth, credit scores, contact information, and some American and Canadian social security numbers. The malware terminates itself on devices outside of the country. Location: Serbia, Montenegro, Croatia, Slovenia, Bosnia and Herzegovina On November 4, 2021, the FBI warned that scams involving cryptocurrency ATMs and QR codes are on the rise. The DDos attack employed the now infamous internet-of-things Mirai botnet to crash large segments of the country's internet. On May 16, 2021, French insurer Axa said that its branches in Thailand, Malaysia, Hong Kong and the Philippines had been struck by a ransomware attack. The group gained access to a server that processed ATM withdrawals within 7-Eleven stores. Here, too, we have to move from simple protection to immunization. Location: Bulgaria, Chile, Costa Rica, Ghana Multiple credit unions in the United States were hit by spear-phishing emails impersonating compliance officers from other credit unions. The threat actor was able to inflate the price of the MONO token and use it to cash out all the other deposited tokens. In August 2019, the UNSC Panel of Experts indicated DPRK-affiliated actors were behind the attack. On June 10, 2018, approximately $37 million in virtual currency was stolen from Coinrail, a South Korean cryptocurrency exchange. Grandoreiro is a remote-overlay banking trojan that, upon a user accessing their online banking, can display images to impersonate said bank. It appears client data was accessed via credential stuffing but an actual data breach of their systems is yet to be ruled out. On September 14, 2007, online brokerage firm TD Ameritrade revealed that its database was the target of a data breach that led to the theft of 6.3 million customer account records. Date Breach First Reported: 4/15/2010. Date Breach First Reported: 05/10/21. Location: Pakistan They built the botnet by exploiting a known vulnerability in a popular content management software to install malware. The group has refined its techniques since it was first spotted in 2016. Location: Multiple Metel had infected 250,000 devices and more than 100 financial institutions in 2015, according to researchers at Group IB. In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the attempted theft. The federal authorities in New York said the man worked with an international syndicate from 2012 to 2015 to steal customer information, which was used in numerous crimes including a spam email campaign to falsely tout stocks and shares to ramp up the price. Group-IB identified more than 150,000 card details from at least three Pakistani banks. Zarefarid maintained that he was a whistleblower rather than a hacker. Location: Bangladesh On August 26, 2020, Kaspersky revealed a new hack-for-hire group, DeathStalker, had been targeting institutions worldwide since 2012, with a focus law firms and financial entities. On May 24, First American Financial Corp. suffered a data breach compromising around 885 million files related to mortgage deeds. Attackers made multiple transfer requests from the Maltese bank to accounts in the UK, United States, Czech Republic, and Hong Kong. Date Breach First Reported: 4/8/2021. Notably, the attackers claimed they decided not to encrypt Banco BCR data with ransomware because the possible damage was too high.. On May 13, Norfund, Norway's state investment fund, was subject to a $10 million heist that involved business email compromise. https://www.blacklistednews.com/article/82889/chinese-bank-run-turns-violent-after-angry-crowd-storms-bank-of-china-branch-over-frozen.html, An online conference with the participation of top executives from global organizations to discuss how to maintain business continuity and develop safely in the cloud era. The other indicted men are still at large. Date Breach First Reported: 5/16/2019, Type: Nonstate actors Date Breach First Reported: 3/4/21. The men were ordered to pay $8.9 million in penalties, and the trio were also indicted on criminal charges, which are ongoing. On March 17, 2021, the Federal Trade Commission (FTC) issued an alert warning individuals of an e-mail scam about COVID-19 stimulus payments. Three weeks previously on May 1, 2020, the operators announced that they had breached Banco BCR, first in August 2019, and then in February 2020 at which point they stole 11 million credit card credentials and other data. In May 2015, the Vietnamese bank Tien Phong announced it had blocked a fraudulent SWIFT transaction worth 1m several months before attackers successfully stole from the Bank of Bangladesh using the same method. Learn how your comment data is processed. Attribution: High confidence. They then registered similar domains to those on the other side of the conversation, diverted the legitimate communication and instead sent their own modified emails. Location: N/A Location: United Kingdom Location: Multiple Edenreds payment platform operates across 46 countries and in 2018 they managed 2.5 billion payment transactions. In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the attempted theft. Location: United States Shirbit, an Israeli-based insurance company, was hit by a ransomware attack that appears to be the work of the hacker group BlackShadow. Location: Indonesia Date Breach First Reported: 10/1/2014. Dont forget that back is March 2022, the World Economic Forum removed Cyber Polygon from its webpage, preparing us for their CYBER WAR. Location: N/A Location: United States Tesco Bank halted all online and contactless transactions after a day of struggling to block all the fake purchases reported in the United States, Spain, and Brazil. Date Breach First Reported: 2/18/21. In October 2014, a group claiming to be affiliated with the so-called Islamic State hacked the internal networks of the Warsaw Stock Exchange and posted dozens of login credentials for brokers online. He was caught when he forgot to leave the original accounts with zero balances, which HSBC staff in Malaysia spotted over the weekend. A technical cybersecurity training for corporate teams, during which participants worked through the actions of a corporate response team in a targeted attack on their hybrid cloud infrastructure (Canada was the taget?). On November 18, 2021, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency issued a joint final rule to establish computer security incident notification requirements for banking organisations and their service providers.