Блог

On November 25, 2020, the long-awaited 5th issue of the SOC magazine was released. Special issue project: SICP platform for tracking suspicious transactions and ensuring blockchain security.

The article says that the field of cryptocurrencies is technically more complex than traditional finance, noticeably more decentralized and less controllable. Therefore, tools are required to help the use of cryptocurrencies in a legal manner and for legitimate purposes. At the same time, the main systemic problem associated with the use of cryptocurrencies is the possibility of their use for illegal operations, in particular for the legalization of criminal income, as well as for financing prohibited activities.

Also, the services of the Russian platform are considered, the peculiarities of their functioning in the Russian realities. The most detailed descriptions of the recently launched CryptoCERT service. Combined with the threats and risks inherent in digital assets...

Source: Information Security

Magazine: ITSec.ru

Friday, 27 November 2020 18:18

FRAUDERS USE NAME OF BIG PLAYERS

Written by

On November 2, 2020, the Polymetal international investment phishing site was launched. Its contents have been copied almost entirely from the original Polymetal International website. Most of the pages were copied and modified for the needs of the attackers. However, the link in the clone logo leads to the original site.

The home page of the fake site contains information about investment packages (5 types), with a profit of 5 to 50 percent in 8 days. The same information is available in the investor's personal account after registration. Investments can only be made in bitcoins.

 

In less than a month, the scammers sold 34 packages worth about 0.19 BTC. The criminals' consolidating crypto wallet received 250 transactions at 53.44 BTC. Most of the funds are withdrawn on the Hong Kong crypto exchange Binance.

It is noteworthy that on the same hosting in Phoenix (California, USA) there is another project of Lugwise Asset Management (Lugwiseinvest). The project was launched on October 5 and is positioned as a London-based asset management firm. Although the legal address on the site is listed in San Francisco (California, USA).

Judging by the activity and the amount of funds on the associated purses of the scammers, this is not a complete list of their illegal services and projects.

If you or your loved ones have suffered at the hands of fraudsters, please send notifications to the service mailbox of the CryptoCERT service (This email address is being protected from spambots. You need JavaScript enabled to view it.).

Original: Polymetal International

Scam: Polymetal International Investment

In 5 days, the conference on Information Technology Security (BIT St. Petersburg 2020) will take place in the Northern capital. The IX meeting will be devoted to information security and cybersecurity issues, the focus of attention will be on the discussion of CII and the implementation of the requirements of 187-FZ.

By tradition, Victor Minin (Chairman of the Board of ACISO) will deliver a welcoming speech and present a plenary report for the current year. In two sections (trends, practice), leading experts in the field of cybersecurity will share their experience. Among them, Natalia Manuylova (Chief Compliance Officer SICP) - Cryptocompliance for the security of CII, Alexander Podobnykh (CISO SICP, Special Development Department of Technopark St. Petersburg) - Digital financial assets and CII subjects, as well as other respected experts.

The conference will be held on October 15, in compliance with the requirements aimed at preventing the spread of the new coronavirus infection...

Source: BIT-Aciso

Tuesday, 06 October 2020 16:44

CRYPTOCOMPARE EXCHANGE BENCHMARK JULY 2020

Written by
Published on July 10, 2020. CryptoCompare Exchange Benchmark ranks more than 165 global spot exchanges to bring transparency and accountability to the cryptoasset exchange landscape by providing a framework for assessing risk. The Benchmark assigns a AA - F grade to help identify the lowest risk venues in the industry.
 
Key Highlights
 
The analysis reveals that US exchanges retained the top spots, with Gemini ranked first. Gemini is followed by Coinbase (2), Kraken (3), itBit (4) and Bitstamp (5).
  • Lower-Tier exchanges (grades C-E) have continued to lose market share to Top-Tier exchanges (grades AA-B), quarter on quarter.
  • Top-Tier exchanges (grades AA-B) accounted for 32% of global volumes in Q4 2019. In 2020, they accounted for 36% in Q1 and 40% in Q2.
  • The top three decentralised exchanges (DEXs) based on our refined DEX methodology are Binance DEX, Switcheo, and IDEX.
Friday, 04 September 2020 18:45

BUSINESS INFORMATION SECURITY SUMMIT 2020

Written by

The Business Information Security Summit will be held at the end of September, online (September 24-25). Topic of the event: Demo version of the new reality. Information security strategy for change management. The participants of the meeting will answer questions and tell about approaches: what strategy is chosen by information security for managing change, from the VUCA world to BISSEXTUS 2020, turbulence as a springboard or a struggle for survival.

Day 1. Discussion 1. Welcome, or No unauthorized entry is allowed. Experts: Natalya Kasperskaya (President of InfoWatch Group), Alexander Malkevich (Deputy Chairman of the Commission for the Development of the Information Community, Mass Media and Mass Communications of the Public Chamber of the Russian Federation), Alexander Maslyuk (expert on HR transformation in SAP CIS), Vladimir Dubrovin (Technical Advisor on Information Security Mail.ru Group).

Discussion 2. Information security in an era of change - here and now: risks, consequences, expectations. Speakers: Dmitry Manannikov (director of corporate security at Ozon), Mona Arkhipova (co-founder and COO at sudo.su (MIRTs), Roman Bondarenko (deputy head at SB FC Pulse), Stepan Deshevykh (head of InfoWatch product development department).

Discussion 3. Security of the digital future: what are digital assets and how to protect them. Speakers: Mikhail Smirnov (director of the InfoWatch expert and analytical center), Alexander Podobnykh (independent information security expert SICP), Vladislav Pak (IT director of Stoloto).

Day 2. Round table. Regulatory requirements 2020-2021. Speakers: Artyom Sychev (First Deputy Director of the IB Department of the Bank of Russia), Vitaly Lyutikov (Deputy Director of FSTEC of Russia), Dmitry Sytin (General Director of TEK-Torg CJSC), Evgeny Tsarev (Managing Director of RTM Group), Konstantin Samatov (Director of the Center Information Security Institute of Management and Information Technologies USUE).

Also, the opinions of vendors will be presented, taking into account new approaches, and a master class on the preparation of a Disaster Recovery Plan (DRP) will be organized. Closing discussion: Who should be “shot” for the incident? Lev Paley (head of the information security department of SO UES), Vasily Okulessky (deputy head of the information security service of Vozrozhdenie bank), Sergey Sherstobitov (general director of Angara), Kirill Ermakov (CTO QIWI).

Source: BIS Summit

The European Union Agency for Law Enforcement Cooperation, or Europol, 09/10/2019 released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms of prevalence and financial damage.

While the IOCTA report talks about online threats that both consumers and businesses face on a daily basis, it also puts data at the center of it all. We rely on it—often, all too much—and criminals know this. And yet, most threat actors behind attack campaigns rely on our data to make their attacks more successful, compelling us to take action. After all, nowadays an attack that doesn’t use data against its owners wouldn’t be much of a money-earning scheme.

Threat actors can deprive organizations and individuals’ access to their own files by encrypting and holding them for ransom, such is the case for ransomware. And they can also deny the average user access to an organization’s data (and services) through Distributed Denial of Service (DDoS) attacks. According to Europol, such attacks with an extortion element in them are the most prevalent.

Data also enables other forms of online crime like fraud. Criminals are primarily after financial data, such as credit card information, online banking credentials, and cryptocurrency wallet data. They are also after personally identifiable information (PII) and other login credentials. Such data fuels other profitable, targeted attacks like business email compromise (BEC) scams, spear phishing, and account takeovers.

There is also the challenge of data overload, particularly in the realm of child sexual exploitation (CSE) crimes. The staggering amount of material online detected by law enforcement and private companies continues to increase to the point that it’s putting a strain on law enforcement resources to investigate these crimes. One contributing factor to the increase of availability of CSE material online is that more underage users are accessing and using social media, thus, criminals reach and communicate with them via these platforms.

Other IOCTA findings:

  • The IOCTA report also noted that key infection vectors are phishing and remote desktop protocol (RDP) vulnerabilities. Simple patching can address vulnerabilities. As for phishing, did you know that you can be targeted on your desktop and smart phone?
  • Organizations are growing more concerned about sabotage performed by malicious insiders.
  • Ransomware tactics have shifted, from a scattergun approach of infecting systems to a more focused and refined targeting of profitable victims. This means that ransomware proponents target those with a greater ability to pay a ransom than the average, normal user.
  • BEC is evolving. There have been campaigns wherein threat actors used malware and network intrusion.
  • Self-generated explicit material (SGEM) is on the uptick. Young children now have access to high-quality smart phones, which enables them to produce and share SGEM, either voluntarily or under coercion. The rising number of SGEM victims will likely to continue. Parents and guardians: Please talk to your kids about this, and other online risks.
  • Jackpotting, also known as black-box attacks, against ATMs are becoming more widespread and accessible due to tools like Cutlet Maker being more available on the dark web.
  • Card-not-present (CNP) fraud and skimming continue to plague financial institutions. Don’t be a victim of skimming.
  • Due to law enforcement activity and extensive DDoS attacks against hidden services, many have grown distrustful of the onion router (Tor) environment. While underground market administrators are currently exploring alternatives, a migration to a new platform will not likely happen yet.

Source: Europol

Source: Malwarebytes Labs

Monday, 03 August 2020 18:25

SICP ANNOUNCED THE LAUNCH OF CRYPTOCERT

Written by

On July 30, the SICP (Security Intelligence Cryptocurrencies Platform) platform announced the launch of the first Russian commercial Center for monitoring cryptocurrency transactions, identifying the risks of cryptocurrency wallets and responding to incidents in the field of cryptocurrency circulation (CryptoCERT).

This service is the first in Russia and the UIS. Today, any citizen or organization can send information about fraud (another threat or risk) related to cryptocurrencies. Additionally, the publicly available interactive map displays profiled crypto wallets by country. The custom menu allows you to display one or more profiles. The legend displays the share and number of wallets associated with the profile. For registered and verified users, a wider visualization functionality is available.

It should be noted that on July 22, the State Duma of the Russian Federation adopted in the 3rd reading the law "On digital financial assets". The new rules will enter into force on January 1, 2021. The law "On digital currency" is expected to be considered in the coming autumn.

Remarkably, today is World Day Against Trafficking in Persons. It is a serious crime and gross violation of human rights. The United Nations Office on Drugs and Crime (UNODC), as the guarantor of the United Nations Convention against Transnational Organized Crime and the Protocols thereto, assists States in their efforts to implement the Trafficking in Persons Protocol.

By the way, this factor is taken into account when assessing the risks of crypto wallets, in the SmartEcho service, and identifying suspicious transactions ...

Source: sicp.ueba.su

Source: k4y0t.ru

Fraudsters are trying to make money amid the coronavirus pandemic and the fight against it. In particular, at the beginning of this week the number of spam mails allegedly on behalf of the World Health Organization (WHO) has increased. The letters speak of fundraising for COVID-19 Funds worldwide.

Specialists of the portal SICP.ueba.su analyzed one of these letters, which was sent from This email address is being protected from spambots. You need JavaScript enabled to view it.. It turned out that the second-level domain is actually used by WHO, but it was this letter that was sent from a mail server located in the state of Colorado in the United States of America and in transit passed through a reference mailer in the German municipality of Mauern.

Experts also learned that a link to a picture with a QR code (the address of a bitcoin wallet for donations) leads the reader directly to the portal of the investment company Five Stand Capital, located in the US city of Atlanta from Georgia. As follows from the official information on the company's website, it is a partner of large US investment funds in the United States. The portal itself is hosted by GoDaddy in Oregon (Portland). Still there are three site mirrors - for various domain zones.

This email was first sent from the SendGrid.net mail server, which is also located on GoDaddy’s resources in Colorado, Denver. And, judging by the information bases, another 13 resources are located on this IP address, nevertheless, only one of them is displayed - a web-based mail gateway.

It is important to consider that on the official website of the WHO there is no way to donate funds in the form of cryptocurrency - bitcoin. The same is true of their dedicated donation collection site. And there is even a warning that they do not send any letters.

Apparently, fraudsters are trying to cunningly take advantage of the global crisis situation, possessing a good knowledge of modern technology. Or maybe the owners of WHO decided to use all available tools to raise funds. And experts are wondering, where is the hosting site for WHO?

Interestingly, so far, no funds have been received to the cryptocurrency wallet, which is indicated in the letter of the scammers. The wallet is constantly monitored by SICP platform experts, however, like other malicious purses known to them.

Source: CryptoRussia.ru

О КОСАтка

Корпоративная система аналитики Транзакция Криптовалюта Актив - кибербезопасность инфраструктуры блокчейнов и антифрод в криптовалютной сфере (антискам, прозрачность, комплаенс).

Связаться

Российская Федерация, Москва

Тел.: +7 (911) 999 9868

Факс: 

Почта: cosatca@ueba.su

Сайт: www.ueba.su

Наше сообщество

Зарегистрируйтесь, чтобы получать по почте самую свежую информацию
© 2023 КОСАтка. Все права защищены.                                                                                                                        Грант BTC 1CdD6Xk9RDZ9wyeRqq1uXkktgdaPpGpt8f

Search