Babatunde Francis Ayeni, a 33-year-old Nigerian national was living in the United Kingdom at the time of his arrest. His operation leveraged a sophisticated business email compromise (BEC) strategy to intercept and exploit sensitive communications.

The primary target? Real estate professionals in the United States, including title companies, agents, and attorneys handling large financial transactions.

Over 400 people across the U.S. fell victim to the conspiracy, with 231 losing a total of $19,599,969.46 after failing to reverse wire transactions in time.

Ayeni, alongside co-conspirators based in Nigeria and the United Arab Emirates, executed their plan by sending phishing emails embedded with malicious links and attachments.

The emails were crafted to deceive recipients into divulging sensitive information, allowing the criminals to redirect substantial sums of money by altering banking details in transactional communications.

United States Attorney Sean P. Costello said, “Cyber-enabled crimes can cause substantial and lasting harm to victims in an instant,”

The post Nigerian National Sentenced To 10 Years Prison For Email Hacking – (BEC) Scheme  appeared first on Tech Business News.

The majority of these incidents were linked to phishing attacks—a tactic where scammers send deceptive emails designed to trick recipients into revealing sensitive information such as usernames, passwords, and financial details.

The alarming statistic underscores the need for stronger cybersecurity measures and increased awareness to combat the ever-evolving tactics of cybercriminals.

A 2023 report tabled in the Victorian Parliament by the Auditor-General’s Office sounded the alarm on the escalating threat of cyberattacks.

The report warned that such incidents could lead to severe consequences, including personal data breaches, disruptions to communication networks, and even the shutdown of critical services such as water supply, healthcare, and other essential facilities.

Over the past month, Jason Murrel and his team at the Australian Cyber Network (ACN) have been working tirelessly across Australia, engaging with government officials, business leaders, and industry experts to assess where the country’s focus must lie to ensure Australians remain cyber-safe.

What has emerged, particularly in Victoria, is a worrying pattern of cyber-attacks that highlight serious vulnerabilities within both government bodies and private sector organisations.

The post Cyber-Attacks In Victoria Expose Critical Vulnerabilities Across Government and Industry Sectors appeared first on Tech Business News.

Leveraging usernames and passwords stolen in data breaches, criminals contact victims and claim to have compromising content, allegedly from the victim’s computer, and threaten to publicly share it if victims don’t pay up.

• Barracuda threat researchers have identified evolving tactics being used by cybercriminals in targeted sextortion scams.
  
• Criminals are now frequently using victims’ addresses and photos of their homes to better personalise sextortion phishing attacks and increase the pressure to pay.
  
• Extortion demands are increasing from hundreds to thousands of dollars, and criminals are making it easier for victims to pay with quick response (QR) codes.

Evolving Tactics Add Personalisation And Pressure

Barracuda research shows that extortion emails make up roughly 3% of the total number of targeted phishing attacks detected annually.

Most of these are sextortion attacks. Every incident is a serious crime with potentially devastating impact that can range from monetary loss to significant emotional and mental distress.

Barracuda researchers have identified evolving tactics — including advanced personalization — being used by criminals in these targeted attacks.

Criminals are leveraging the personal data of targeted victims, including full names, telephone numbers, and addresses, to make their sextortion attempts more threatening and convincing.

The sextortion emails address the victim by their first and last name, and the opening sentences of the email include the victim’s telephone number, street address, and city.

In many cases, emails start with copy like this: “I know that calling [telephone number] or visiting [street address] would be a better way to have a chat with you in case you don’t cooperate. Don’t even try to escape from this. You have no idea what I’m capable of in [city].”

An image from Google Maps of the target’s location is now frequently being included in the sextortion email. In analyzed emails, images included either a residential or commercial location, depending on the address associated with the victim’s stolen data.

The post Sextortion Scams On The Rise And Growing In Sophistication appeared first on Tech Business News.

The consultation process with the AIIA demonstrates a commitment to collaborative policymaking that balances the needs of government, industry, and the wider community.

The AIIA is particularly encouraged by the Government’s efforts to harmonise cyber security standards with international frameworks, which is essential to reducing the compliance burden for Australian businesses operating in the global market.

By aligning domestic regulations with global best practices, businesses will face fewer regulatory obstacles, enabling them to focus on innovation and growth.

One of the key strengths of the proposed reforms is the emphasis on fostering cooperation between the government and industry in addressing cyber incidents swiftly and efficiently.

The introduction of a voluntary information-sharing framework and limited use obligation, led by the National Cyber Security Coordinator, will help both public and private sectors tackle cyber threats with less fear of punitive civil or criminal action.

The AIIA has consistently opposed Part 3A in the Security of Critical Infrastructure Act that allows step in and intervention powers of the government. It will also oppose further expansion in the bill to now apply to all hazards incidents impacting critical infrastructure assets and having cascading impacts to other critical infrastructure sector assets.

The post AIIA Welcomes Proposed 2024 Cyber Security Bill & Related Legislative Reforms appeared first on Tech Business News.

Building on the foundation laid by AustCyber, the federally funded Industry Growth Centre initiative, the ACN will focus on advocacy, capability building, and education to address the evolving needs of Australia’s cyber security industry.

“We will officially launch the Australian Cyber Network (ACN) – (9 October 2024) at Parliament House, Canberra.” said Chair of the Australian Cyber Network Jason Murrell.

Cyber threats are escalating at an alarming rate in Australia, with over 94,000 cybercrime incidents reported last financial year a 23% increase, equating to one report every six minutes.

Small businesses bear a significant financial burden, with the average cost of a cyber incident reaching $46,000, while for medium businesses, it’s even higher at $97,200. This underscores the urgent need for robust, coordinated cyber defences.

This launch event will bring together key government, industry, and academic figures, including:

• Dr Andrew Charlton MP, Special Envoy for Cyber Security and Digital Resilience
• LTGEN Michelle McGuinness CSC, National Cyber Security Coordinator
• Linda Cavanagh, Co-founder and CEO of the Australian Cyber Network (ACN)
• Jason Murrell, Co-founder and Chair of the Australian Cyber Network (ACN)

“This isn’t just another cyber security initiative… this is the next evolution of Australia’s cyber security landscape, built by industry, for industry,” said Murrell

“As we prepare to leap into this new chapter, it’s important to reflect on why ACN exists and what we aim to achieve,” he said.

The post Australian Cyber Network (ACN) Set To Officially Launch October 9 At Parliament House appeared first on Tech Business News.

It introduces six “cyber shields” that add layers of defense against cyber threats, focusing on:

• Strong businesses and citizens
• Safe technology
• World-class threat sharing and blocking
• Protected critical infrastructure
• Sovereign capabilities
• Regional resilience and global leadership

The goal is to create stronger cyber protections that allow businesses and citizens to thrive and recover quickly from cyberattacks.

This strategy marks a significant shift, turning cyber security from a technical issue into a nationwide priority, with a focus on stronger public-private partnerships and practical solutions for the challenges facing Australian communities and businesses.

The 2023-2030 Australian Cyber Security Action Plan supports the Strategy by outlining key initiatives to be implemented over the next two years.

Horizon 1 focuses on fortifying Australia’s cyber security foundations and addressing critical gaps through collaboration between industry and government.

To enhance cyber resilience, the government has also released a Consultation Paper alongside the Strategy, seeking industry input on proposed legislative reforms, including updates to the Security of Critical Infrastructure Act 2018.

The post The Australian Cyber Security Strategy 2023-2030 – Breakdown appeared first on Tech Business News.

The Move highlights Obsidian Security’s dedication to meeting the evolving needs of its customer base.

Obsidian says as the sensitivity of data within SaaS applications grows, businesses are increasingly prioritising the need to keep their data within their region.

“Organisations have moved business-critical data to SaaS for easier and faster business operations,” said Obsidian Co-founder Glenn Chisholm.

“However, traditional on-premise security is falling short of securing these apps, making the safety and locality of this data an urgent necessity,”

“Without the right security in place, attackers can simply steal one set of login credentials and gain access to your entire network of SaaS applications.” Chisholm said.

“Our platform is the only solution that combines application posture with identity security to offer customers complete SaaS security,”

The post SaaS Company Obsidian Security Opens New Data Centre In Sydney appeared first on Tech Business News.

Historically recognised for conducting covert influence operations against its enemies, Iran is now seen as a significant disinformation threat leading up to the November 5 presidential election.

The United States unveiled charges on Friday against three Iranians over a “wide-ranging hacking campaign,” with Attorney General Merrick Garland saying they were attempting to undermine Trump’s election effort.

A number of fake websites posing as news outlets are generating fabricated reports critical of Trump, according to disinformation researchers. Much of the content appears to be produced using inexpensive and widely available generative AI tools.

Dina Sadek, a fellow at the Atlantic Council’s Digital Forensic Research Lab (DFRLab), told AFP that these fake outlets demonstrate “the depth and coordinated planning of Iranian influence operations” aimed at swaying US voters.

The DFRLab released a report this week warning that “government-led Iranian operations have increased significantly in the lead-up to the 2024 elections.”

One site highlighted by the Microsoft Threat Analysis Center (MTAC) is NioThinker, which claims to be the “go-to destination for insightful, progressive news.”

The post Iran Ramps Up Efforts With With Fake News Websites And Hackers Ahead Of U.S Election appeared first on Tech Business News.

The lack of protection jeopardises data security and the customer experience, leading to serious consequences such as financial loss and reputational damage.

The research also found the luxury and e-commerce sectors are particularly vulnerable, with only 5% of luxury brand websites and 10% of e-commerce websites fully shielded against bad bots—posing a serious risk as the holiday shopping season approaches.

Furthermore, just 6% of media websites are adequately protected from bots, leaving 94% vulnerable to ad fraud, content scraping, and DDoS attacks. The findings highlight a strong connection between the growth of bad internet traffic and the susceptibility of high-traffic websites.

Bad bot creation has become an increasingly popular, quick, and cost-effective method for attackers aiming to automate online fraud.

“Consumer-centric industries are especially vulnerable to malicious bot activity, which heightens the risk of financial loss, data breaches, and reputational harm “said Antoine Vastel, Vice President of Research at DataDome,”

“As our research shows, the low barriers to creating and deploying bad bots have made them a preferred tool for fraudsters targeting high-traffic websites. The need for robust, multi-layered bot protection has never been more urgent,” Vastel said.

The post Research Finds 95% Of Advanced Bots Go Undetected On Websites appeared first on Tech Business News.

According to Austin Larsen, a senior threat analyst with Mandiant the hacker — known primarily “Judische,” but who also used other names online, including “Waifu” — continues to target software-as-a-service providers and other entities “as recently as today,”

Larsen did not identify Judische by name, but recent reporting by cybersecurity journalist Brian Krebs indicated that the hacker is a 26-year-old software engineer living in Ontario, Canada. Larsen said during the presentation that Mandiant has “moderate confidence” that Judische is in Canada.

The hacker is said to have been instrumental in the April breach that impacted up to 165 Snowflake customers, utilising credentials obtained through infostealer malware.

However, the actual number of companies that were extorted is significantly lower—”dozens,” according to Larsen, who spoke to CyberScoop after his presentation. Notable victims include AT&T, Ticketmaster, and Santander.

Mandiant has uncovered a series of private communications revealing that Judische and his associates were actively coordinating the Snowflake attacks, including specifying the IP addresses where they were dumping logs, according to Larsen’s presentation.

Judische and his close associates have reportedly extorted up to $2.7 million, although Judische told 404 Media’s Joseph Cox that the actual figure is closer to $2 million.

The post Snowflake Hacker Remains Active As Of This Week appeared first on Tech Business News.