The FBI is reporting big increases in US-based cybercrime, and there are two new great examples of it this month.  Here’s what is happening right now in the world of cybersecurity.

FBI: Reported Ransomware Losses up 20% in 2020

The FBI recently reported a 20% year-over-year increase in reported theft from cybercrime in 2020.  The number of complaints, however, was up 70%, due to the massive rise in cybercrime-related web traffic in 2021.

These numbers aren’t good news, but they do have a silver lining.  The fact that a 70% increase in complaints led to only a 20% rise in reported losses is likely a reflection of businesses taking the issue more seriously.  Even as attack success rate falters, the costs per successful attack continue to increase; a recent ransomware attack on PC maker Acer came with a $50 million ransom, the largest known demand to date. [Read more at Bleeping Computer]

“Clubhouse” App Stealing Data from Android Phones

The App Store copycat trick never gets old – because it never stops working.

There’s no Android version of the popular audio-chat app Clubhouse.  But there is a website advertising one – and it isn’t an accident that it looks just like Clubhouse’s website.  Following the download link on this fake website installs an app that, instead of letting you drop in on an audio chat with friends, steals credentials from up to 458 applications and services installed on the phone. [Read more at Threatpost]

Well-Executed Credential Theft Campaign Targets Company Executives

An exceptionally well-executed credential theft campaign recently aimed at C-level executives may be the future of cybercrime.  Aimed at financial, insurance and retail companies, this campaign used individually crafted emails aimed at executives named in the emails.  These emails came from Microsoft-branded domains, referenced a Microsoft security patch, and linked to well-designed pages that looked exactly like Microsoft login pages.  But they weren’t Microsoft login pages – they were web forms that siphoned off usernames and passwords and sent them to criminals.

These campaigns demonstrate the importance being extra careful when entering login credentials.  Never complete username and password fields in a form that appears after clicking an email link.  Instead, go to that company or product’s website and login from there.  Just because the domain includes “Microsoft”, “Google” or any other company name, doesn’t mean that company owns it! [Read More at Area 1 Security]