Keep up to date with the latest fraud-related news. 

Android Application Errors Expose Data of 100M Users

An analysis of mobile applications discovered a flaw in third-party cloud service integration that put 100 million Android user’s data at risk. The error exposed the users’ personal data and also made valuable organizational resources vulnerable to bad actors. The app developers did not follow best practices in integrating and configuring third-party cloud services into their applications. In addition, they did not utilize basic authentication practices, resulting in potential harm for their companies and customers.

 

E-commerce Fraud Expected to Jump 18% in 2021

Axel Springer España partners with BUSINESS INSIDER to launch BUSINESS INSIDER SpainOnline payment fraud is expected to exceed $20 billion worldwide in 2021. The pandemic’s transformation of consumer buying behaviors and poor fraud detection and prevention measures by merchants were the primary factors cited in the increase. 

The Juniper Research study stated, “Fraudsters have targeted consumers as they have increased their eCommerce use; exposing insecure fraud mitigation processes from merchants who are unfamiliar and unprepared with the continuing fraud challenges in this market. While merchants will be keen to reduce fraud rates from their current levels, they will be hesitant to introduce extra friction into the checkout process. Clear messaging around security checks and automated behavioral analytics leveraging AI are key capabilities in preserving the user experience.”

 

Darkside Ransomware Overview

Cybersecurity vs. Information Security vs. Network SecurityVideo analysis of the Darkside ransomware attack on Colonial Pipeline resulting in 17 states declaring a state of emergency.


Travel Industry Hit with Spear-Phishing Attacks

Microsoft: Threat actors target aviation orgs with new malwareMicrosoft is warning travel and aerospace companies of a sophisticated spear-phishing campaign that spoofs legitimate organizations and PDFs to exfiltrate sensitive data. The criminals are using multiple remote access trojans to harvest the data.

The company recently stated, “In the past few months, Microsoft has been tracking a dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT.” They have provided sample queries for use with Microsoft 365 Defender to help organizations locate and investigate suspicious behavior related to this phishing campaign.

More Ransomware Warnings

Alerts: Avaddon Ransomware Attacks IncreasingThe FBI and Australia’s Cyber Security Center are warning about an ongoing ransomware campaign. The targets are companies across the US, Australia, and other countries and from a broad swath of industries. The group utilizes a ransomware-as-a-service network and applies double extortion on their victims. The FBI issued a flash alert earlier that month that Avaddon ransomware affiliates are attempting to breach a variety of private sector organizations.

 

Energy Industry Breaches 

Verizon just unveiled a new logo - The VergeIn light of the Colonial Pipeline ransomware attack, there has been an increased focus on data breaches in the Energy industry. Verizon recently published updated industry statistics, including that social engineering accounted for 86% of the data breaches, primarily through ongoing phishing campaigns targeting specific companies. Other methods included system intrusions and basic web application attacks. In addition to social engineering attacks, the next most common type, not surprisingly, is Ransomware.

 

Learn More

Speak with a Fraud Prevention Specialist