Shane Chambers No Comments

Irishman Arrested for Running Website That Sold Stolen Credentials

A man from Fermanagh has been arrested along with a Dutch national (both aged 22) for their part in running the illicit credential marketplace WeLeakInfo. A joint collaboration between law enforcement in the UK, Northern Ireland, Germany, the US and the Netherlands was kicked off in the summer of 2019, with the site alleged to have over 12 billion credentials for sale, from various nefarious sources.

The domain seizure notice displayed on the website weleakinfo.com after the operation.

The site WeLeakInfo was an online marketplace for email addresses, passwords and other credentials that had been obtained through various data breaches, with users able to search the giant database of over 12 billion records. Subscriptions to the site were available for as little as $2 per day, with longer access periods available.

Credential reselling is a growing market, as many would-be cyber criminals with little technical knowledge prefer to cheaply purchased hacked credentials in bulk online to actually obtaining credentials themselves.

A related trend that we wrote about last month is the rise of ‘combo lists’, where breached credentials are collated into lists that are then resold online, often with a view to crafting convincing and personalised phishing emails to send to the email addresses within.

Another online credentials reselling marketplace, LeakedSource, was taken down in a similar effort by international law enforcement back in 2017, however other sites still remain at large, such as Dehashed, Snusbase & Leak-Lookup.

Due to the increase in combo lists and credential reselling websites, it is becoming more important than ever that users use strong, unique passwords for each website or service that they use – otherwise, they are potentially leaving the door open to hackers.

Shane Chambers No Comments

Irish Businesses Hit by Invoice Redirect Scams, Gardaí Warn

Gardaí have reported a sharp increase in the number of invoice redirect and CEO fraud-style attacks on Irish businesses in the last few months. “We are getting a couple of cases every week now”, according to Detective Superintendent Pat Lordan, who said that both small and large companies are being hit for amounts ranging from €10,000 into the millions.

Staff should be very wary of any requests to change payment details from suppliers, and are advised to pick up the phone and speak to someone they know first.
Read more
Shane Chambers No Comments

281 Arrests Made in Massive Business Email Compromise Ring Bust

In a global sting, named Operation reWired, authorities in the US and around the world have arrested 281 individuals that were involved in a global Business Email Compromise (BEC) scam. The ring had been under investigation for months, during which they were found to have hijacked email accounts belonging to company executives, impersonated staff and ultimately tricked unsuspecting employees into wiring millions in funds into the group’s accounts.

Business Email Compromise is a common tactic by cyber criminals which users social engineering to trick staff into transferring money directly to them
Read more
Shane Chambers No Comments

Passwords Are Out, Passphrases Are In: How to Keep Your Accounts Secure in 2019

Just a few years ago, if you asked someone how to create a safe password, most people would all say the same thing: Use a mixture of upper- and lower-case letters, symbols and numbers so that it’s too complex for hackers to guess, and you should be safe.

Fast-forward to 2019, however, and you will find more and more people recommending that you use a ‘passphrase’ instead. But what is a passphrase, and why are experts all recommending we use them instead of the traditional password?

Passphrases are believed to be more secure and easier to remember than traditional passwords

There are two main reasons that passwords are becoming outdated – cyber criminals using increasingly sophisticated tools to crack them, and plain old human error when people create them.

Read more
Shane Chambers No Comments

Three Major Antivirus Companies Breached by Russian Hackers

In the latest major security breach to rock the business world, three major US-based antivirus companies have been hit by Russian hacker group Fxmsp. Fxmsp, who are well known in the cyber security community for previous high-profile breaches, began advertising the spoils of their latest venture on the dark web for upwards of $300,000, while providing strong evidence of their claims.

Fxmsp is known for selling access to large, global corporate networks on the dark web.
Read more