Banks Face Sophisticated Attacks, Hacker Attempts Blackmail, WSJ Breached and more | TWIC - July 25, 2014

Posted by Lori Gildersleeve

Jul 25, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

A sophisticated spear-phishing and malware campaign, dubbed Operation Emmental, bypasses the Android-based two-factor authentication systems used at 34 banks. Customers of financial services firms in Switzerland, Austria, Sweden and Japan have been targeted. The attacks are characterized by volume and sophistication, including localized spam, non-persistent malware, rogue DNS servers and more.

Researchers discovered a new, highly sophisticated attack hitting Swiss bank customers, both online and via Android devices, that is capable of compromising systems, intercepting SMS tokens, poisoning DNS settings and manipulating SSL. The Trojan, known as “Retefe,” uses a combination of attack vectors, including classic man-in-the-middle attacks, while evading detection by hiding within victims’ systems. The malware can also prompt users to install a fake banking application that intercepts login activity.

Read More

Topics: The Week in Cybercrime

Why ATO Is a Huge Problem, Gameover ZeuS Revives, Shylock Botnet Disrupted and more | TWIC - July 18, 2014

Posted by Lori Gildersleeve

Jul 18, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO. And financial institutions are rightly concerned. According to a study conducted last year, losses due to ATO fraud have grown 69 percent and account for more than $4.6 billion in losses (yes, that's billion with a B).

Cybercrooks recently began attempting to resurrect the Gameover ZeuS botnet by sending out spam with phishing lures that include zip files booby-trapped with a new variant of the malware. This revival attempt comes nearly a month after the FBI joined with several nations, researchers and security firms in a global effort to shutdown the botnet. The original Gameover ZeuS botnet, which has been blamed for the theft of more than $100 million worldwide, remains locked down; this new variant appears to be rebuilding the botnet from scratch.

Read More

Topics: The Week in Cybercrime

The 3 reasons why account takeover is still a big problem

Posted by Stacy Shelley

Jul 15, '14

There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO. And financial institutions are rightly concerned. According to a study conducted last year, losses due to ATO fraud have grown 69% and account for more than $4.6 billion in losses (yes, that's billion with a B). 

The growth in ATO is counter-intuitive. Financial institutions have been beefing up online banking controls since the FFIEC issued their Supplement to Authentication in an Internet Banking Environment back in 2011. You would think those sector-wide improvements in authentication and other fraud prevention controls would have stemmed the ATO tide, but they clearly have not done so.

Which begs the question: Why is ATO still a huge problem for banks, credit unions, and their customers?

Read on to get some answers.

Read More

Topics: Strategy, ATO, Account Takeover

New Commercial Malware for Sale, Zeus Evolves, Microsoft Apologizes and more | TWIC - July 14, 2014

Posted by Lori Gildersleeve

Jul 14, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Widely available, free clones of Zeus, as well the arrests of several crimeware kit developers, have left the commercial malware market barren until now. The developer of a new financial crimeware, called Pandemiya, has begun selling the banking Trojan for between $1,500 and $2,000. The malware features Web injection capabilities, password-grabbers, task automation, a file grabber, encrypted command-and-control communications and the ability to capture screen grabs.

Websense Security Labs researchers announced the discovery of evolving Zeus strains that implement information-stealing procedures. These new Zeus variants are being used in low-volume e-mail campaigns that target users’ financial data. While a recent malware campaign appeared to focus on Canadian banks, U.S. businesses are also being targeted.

Read More

Topics: The Week in Cybercrime

ATO|Prevent: A new approach to curbing account takeover fraud

Posted by John LaCour

Jul 10, '14

I'm very excited to announce that we've launched a new, comprehensive service for community banks and credit unions that goes beyond internal anti-fraud controls to stop account takeover. It's called ATO|Prevent, and we developed it because it's plainly evident that these defensive controls no longer pose a major barrier to cybercriminals seeking to takeover online banking accounts and carry out fraud. 

In fact, we believe that just playing defense against these attacks is a losing battle. The simple truth is that you aren't going to win many fights if you don't fight back. That's why we created ATO|Prevent -- to proactively fight on the behalf of banks and credit unions against the attacks that lead to account takeover fraud. 

Read More

Topics: Company News, ATO, Account Takeover

Phishing Attacks Surge in Q1 2014, Microsoft's Proactive Cyber Fight, and more | TWIC - July 3, 2014

Posted by Lori Gildersleeve

Jul 3, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

The Anti-Phishing Working Group (APWG) reports in its new Phishing Activity Trends Report that the number of phishing sites in the first quarter of 2014 grew 10.7 percent over the previous quarter. The APWG detected an average of 41,738 new phishing attacks per month in the first quarter, resulting in the second-highest number of phishing attacks ever recorded in a first quarter.

Brobot, a powerful botnet specializing in attacks against American financial institutions, appears to be back in action after a year's hiatus. But this time, its operator appears to be unknown.  

Read More

Topics: The Week in Cybercrime

APWG: Phishing Jumps 10.7% in Q1 of 2014

Posted by Stacy Shelley

Jul 1, '14

The Anti-Phishing Working Group has published a new Phishing Activity Trends Report providing analysis of global phishing attack data collected in the first quarter of this year. The key takeaway is a 10.7 percent increase in the number of phishing sites in Q1 compared to Q4 of 2013 (the total number of phishing sites in Q1 was 125,215).

In prior years, phishing attack volumes have generally been higher later in the year. If that trend holds true in 2014, it will be a lively year for phishing. 

Read More

Topics: Phishing, APWG, Strategy

Banks, ePayments are Top Phishing Kit Targets, the Luuuk Banking Fraud Campaign, and more | TWIC - June 27, 2014

Posted by Stacy Shelley

Jun 27, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Over the last month, PhishLabs analyzed nearly 9,000 phishing kits and variants available on compromised and clandestine servers, file sharing services, underground scammer forums, and various user-generated content sites such as blogs. 

From the "Well, that didn't take very long" department. Last week, the Yo app launched and rocketed up the mobile app charts last week. Within days, it was hacked. Yo bills itself as being incredibly simple, having taken only 8 hours to build. Looks like they'll be spending a bit more time addressing vulnerabilities moving forward. 

Read More

Topics: The Week in Cybercrime

Banks, ePayment Services Top List of Phishing Kit Targets

Posted by Don Jackson, Director of Threat Intelligence

Jun 25, '14

Over the last month, PhishLabs analyzed nearly 9,000 phishing kits and variants available on compromised and clandestine servers, file sharing services, underground scammer forums, and various user-generated content sites such as blogs. 

The following chart displays a breakdown of phishing kits we analyzed, based on the type of brand targeted. Financial Institutions, ePayment & Money Transfer Services, Social Networking Sites, and Email Services were the brand categories most frequently targeted by phishing kits, representing a combined 77% of kits analyzed.

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Phish Kit

P.F. Chang's goes vintage post-breach, Feedly fights DDoS extortion, and more | TWIC - June 13, 2014

Posted by Stacy Shelley

Jun 13, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Faced with a DDoS extortion threat, Feedly decided not to pay up. It may be more painful in the short term, but it is the right decision in the long run. Attackers depend on victims not fighting back. If you can prove you're a hard target, you're less likely to be targeted in the future than victims that pay up. Some additional thoughts on handling DDoS extortion.

Soon after a report of payment card data stolen from P.F. Chang's being up for sale on an underground "dumps" shop, the restaurant chain announced they had indeed been breached. Unlike other breach victims, P.F. Chang's decided to move back in history by switching to manual card imprinting and dial-up card readers to protect diners. Not ideal, but better than using a compromised payment system.

Read More

Topics: The Week in Cybercrime

    

Subscribe to Email Updates