CBR: Facebook and Google “Inspired” $1.5 Trillion Dark Web Entrepreneurs. “Cybercrime revenues now rival the GDP output of major world economies at a colossal $1.5 trillion annually, according to an independent academic study published today. Surrey University’s Mike McGuire spent six months researching cybercrime profit distribution for his ‘Web of Profit’ report; speaking with GCHQ, the FBI, Europol, global financial institutions and covert security workers that have infiltrated the dark web.”
Ars Technica: Thousands of hacked websites are infecting visitors with malware. “Thousands of hacked websites have become unwitting participants in an advanced scheme that uses fake update notifications to install banking malware and remote access trojans on visitors’ computers, a computer researcher said Tuesday. The campaign, which has been running for at least four months, is able to compromise websites running a variety of content management systems, including WordPress, Joomla, and SquareSpace.”
PC World: Microsoft adds ransomware protections to make OneDrive and Outlook.com safer. “If your PC is infected with ransomware, it will spread from file to file, encrypting them until you pay the bad guys for the digital key. But ransomware can also spread to your files stored in the cloud—and that’s what Microsoft’s new OneDrive protections are designed to address.”
MakeUseOf: How to Spot 7 Online Fakes Used by Scammers. “Anyone who’s used the internet (hopefully) knows that you can’t trust everything you see online. Just because something looks trustworthy doesn’t mean that it’s exactly what it claims. But knowing there are fakes in the wild and being able to spot them are different.” Good roundup article with excellent examples.
Naked Security: Crooks infiltrate Google Play with malware in QR reading utilities. “SophosLabs just alerted us to a malware family that had infiltrated Google Play by presenting itself as a bunch of handy utilities. Sophos detects this malware as Andr/HiddnAd-AJ, and the name gives you an inkling of what the rogue apps do: blast you with ads, but only after lying low for a while to lull you into a false sense of security.”
The Register: Less than half of paying ransomware targets get their files back. ” Paying off a ransomware demand is a great way to end up losing both your money and your files. This according a study from security company CyberEdge, which found that for those hit by a ransomware infection the best bet is probably to just restore from a backup. The survey, based on a poll of information security professionals, found that less than half of those who pay a ransom demand end up getting their data back.”
Ars Technica: Potent malware that hid for six years spread through routers. “Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide. Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation-state that also remained hidden for years.”