By Stacy Shelley | October 24, 2014
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Think community financial institutions aren’t in the crosshairs for account takeover? Think again. (PhishLabs)
There is clear evidence that account takeover (ATO) is a big problem and growing worse. The Federal Reserve Bank of Atlanta sounded the alarm in a report delivered last year, estimating 69% growth in account takeover fraud and $69 billion in losses from 2011 to 2012.
- Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users (CSOonline)
A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365’s Outlook Web App.
Backoff malware linked to data breaches is spreading (ComputerWorld)
The number of computers in North America infected by the Backoff malware, which is blamed for a string of payment card breaches, has risen sharply, according to research from network security company Damballa.
TorrentLocker Ransomware Reaches Italy and Brazil, Affects Thousands (Softpedia)
TorrentLocker, the ransomware meshed from CryptoLocker and CryptoWall, has been spotted making victims in Italy and Brazil, thousands of computer users falling victim to its data encryption capabilities.
Banks: Credit Card Breach at Staples Stores (KrebsonSecurity)
Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides (TheRegister)
Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files.