by Paul Ducklin
It’s been a while since we’ve written about card skimmers, which used to play a big part in global cybercrime.
These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three.
In ransomware attacks, the criminals don’t actually need to approach the scene of the crime in person, and their payoffs are extracted online, typically using pseudoanonymous technologies such as the darkweb and cryptocoins.
And in some cloud-based cybercrimes, notably those generally referred to as supply-chain attacks, the criminals don’t even need to access your network at all.
If they can find a third party to whom you regularly upload precious data, or from whom you routinely download trusted software, then they can go after that third party instead, and do the damage there.
In recent cyberextortion attacks, dozens of major brand names have been blackmailed over stolen employee and customer data, even though that data was stolen indirectly.
In the MOVEit attacks, for instance, the data was stolen from service providers such as payroll processing companies, who had used buggy file transfer software to accept supposedly-secure uploads from their own customers.
Unbeknownst to both the companies that ultimately got blackmailed and to the payroll processing services they used, the MOVEIt file transfer software allowed crooks to perform unauthorised downloads of stored data as well.
In-your-face cybercrime
Credit card skimming, in contrast, is a much more in-your-face crime, both for its perp ..
Support the originator by clicking the read the rest link below.
