Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on 03 August 2025, with over 780 unique IP addresses participating in the effort. As many as 56 unique IP addresses have been detected over the past 24 hours. All the IP addresses have been classified as malicious, with the IPs originating from the United States, Canada, Russia, and the Netherlan
cybercrime (17)
Why hack when hackers are willing to sell guaranteed access to breached networks? Increasingly, cybercrooks agree they would rather outsource than bother with the tedium of actual network penetration, leading to a flourishing initial access market. Remote access to a victim's network now retails for an average price of $2,700, although about 40% of what's being sold goes for much less $500 to $1,000, noted in a report from cybersecurity firm Rapid7. Research is based on listings posted over
Homeland Security Investigations (HSI), in partnership with US and international law enforcement agencies, has dismantled the infrastructure behind BlackSuit ransomware, a major cybercriminal group and successor to Royal ransomware, in a coordinated global operation. The action targeted the backbone of the group's operations, including servers, domains, and digital assets used to deploy ransomware, extort victims, and launder proceeds. According to US Immigration and Customs Enforcement (ICE),
The Fortinet team recently investigated a cluster of virtual private servers (VPS) used for Monero mining. The identified samples are associated with prior H2miner campaigns that researchers documented in 2020 and have since been updated with new configurations. H2Miner is a Crypto mining botnet that has been active since late 2019.
Analysts also identified a new variant of the Lcryx ransomware, called Lcrypt0rx. Lcryx is a relatively new VBScript-based ransomware strain first observed in Nov
The Cybersecurity Team at SafetyDetectives has uncovered a post on a clear web forum where a threat actor claimed to be selling a database containing 61 million records allegedly belonging to Verizon customers. The data, packaged in a 3.1 GB CSV/JSON file and dated as “2025,” was offered for purchase on a platform known for hosting discussions on database leaks, cracks, and downloads. Clear web forums, accessible to anyone with an internet connection, are popular among hackers for sharing and
US insurance giant Allianz Life announced on July 26 that hackers had stolen the personal information of many of its customers, financial professionals, and select Allianz Life employees in the United States. The insurance giant's filing with Maine's attorney general did not immediately provide the number of customers affected. According to the filing, the data breach, which the company described as a hack, occurred on July 16 and was discovered on July 17.
TechCrunch first reported the data
Attackers continue to exploit insecure DNS configurations to hijack domain names and redirect users to malicious sites for scams, malware distribution, and other nefarious activities. Recently, a threat actor tracked by Infoblox as "Hazy Hawk" has been leveraging a different version of the attack vector to seize control of abandoned cloud resources, such as S3 buckets and Azure endpoints, linked to prominent organizations. Infoblox observed the threat actor using the hijacked domains to host a
Businesses are more likely to face a costly cyber-crime attack than a robbery or fire this year as hackers continue to employ devious social-engineering skills to lure unsuspecting victims. This reality has been highlighted in several reports by global cybersecurity experts who have analyzed cybercrimes, such as ransomware (where hackers encrypt and steal data), smishing (SMS link scams) and phishing (email link/attachment scams) in recent years and have warned that Artificial Intelligence (AI)
Cybercrime and cyber espionage activity continue to multiply against all industries and sectors, causing financial and material damage to targeted networks. Cyber insurance has assisted in mitigating the impacts of cyber malfeasance, offsetting costs associated with recovering from cyber-attacks. A Government Accountability Office report found that the increasing severity and frequency of cyberattacks led more organizations to seek cyber coverage, which has been increasing in price as the volu
Some new business models are too good to be true, especially if they serve criminals. Many ransomware-wielding attackers continue to rely on several Cybercrime-as-a-Service providers to support their ability to easily gain access to targets and steal data. An increasing number of ransomware operations also run data leak sites to pressure nonpaying victims into meeting attackers' ransom demands, researchers say. One star player in the ransomware ecosystem remains the initial access brokers.
Insurance 101: Income (premiums) must exceed outgoings (claims) by around 30% (operating costs + profit). If claims increase, so must premiums for the insurance model to remain viable. And for the insurance companies to remain solvent and in business.
Cyber Insurance 102: The cost of cybercrime is rising dramatically and has been doing so consistently for many years. Continually increasing premiums to counter continuously increasing claims is ultimately unsustainable. Soon, the cost of insur
U.S. crime-fighting agencies testified in front of Congress during the last week of July 2021, and the hearing had a chilling title: "America Under Cyber Siege: Preventing and Responding to Ransomware Attacks"
Since January 2021, ransomware attacks have disrupted critical infrastructure, the food supply, IT management, healthcare, education, transportation, and many other sectors of the economy.For the most part, criminal and nation-state actors continue to launch attacks with little fear of fac
Birds of a Feather, Flock together. An old, yet very true saying. Cybercriminals are stealing a staggering volume of data and money from companies around the world. The damage from cyber-attacks costs businesses US$400 billion a year. This has become a huge criminal enterprise and operators include state sponsored groups, such as Russia, China and North Korea.
Cybercrime groups have become more organized and specialized in the past few years. Gone are the days of single actors placing malwar
Global Cybercrime Market Revenue Surged to $1.7 Billion in 2020, Chainalysis reports. Underground markets continue to thrive despite being regularly targeted by international law enforcement agencies and site administrators often steal buyers' and sellers' cryptocurrency via "exit scams" and users get ripped off.
Darknet markets persist because users are willing to risk losing funds, risk arrest and will keep their loses quiet if scammed. Yet, for anyone who wants to buy or sell ‘illegal’ good
The number of attacks related to Emotet continue to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign that is primarily infecting devices with a banking Trojan, according to new research from HP-Bromium, an end-point security company.
Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014 and remains active, deemed one of the most prevalent threats of 2019. First versions o
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement agencies. But phishing campaigns, business email compromises, and other types of fraud that are now using COVID-19 themes are increasing. Red Sky Alliance has members, clients, and readers from around the world and this article has been written from the European Union viewpoint, which actually applies internationally to global defense against cyber-crimes. Our source is the seventh annual Internet Organized Crime T
