Cyberespionage Phishing Attack, Backoff Malware Spreads, Retail Breach and more | TWIC - October 24, 2014

Posted by Lindsey Havens

Oct 24, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Malware, Vulnerability, The Week in Cybercrime, Cyberespionage

Think community financial institutions aren’t in the crosshairs for account takeover? Think again.

Posted by Stacy Shelley

Oct 24, '14

There is clear evidence that account takeover (ATO) is a big problem and growing worse. The Federal Reserve Bank of Atlanta sounded the alarm in a report delivered last year, estimating 69% growth in account takeover fraud and $69 billion in losses from 2011 to 2012.

Read More

Topics: Account Takeover

Shellshock Phishing Attacks, Windows Zero-day Vulnerability, Dropbox Hack and more | TWIC - October 17, 2014

Posted by Lindsey Havens

Oct 17, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, Vulnerability, The Week in Cybercrime

As expected, Shellshock is being used for phishing attacks

Posted by Stacy Shelley

Oct 17, '14

Via Lancope, a botnet built by exploiting the Shellshock vulnerability is being used for phishing attacks:

Read More

Topics: Phishing, Vishing, Shellshock

Dyre Banking Trojan, Tyupkin ATM Malware, iWorm Botnet and more | TWIC - October 10, 2014

Posted by Lindsey Havens

Oct 10, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, The Week in Cybercrime, Dyre Banking Trojan, Botnet

Enhancements to Dyre Banking Trojan

Posted by Don Jackson, Director of Threat Intelligence

Oct 9, '14

The Dyre banking Trojan made its first debut in June 2014, targeting large financial institutions across the globe. In September, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) observed a number of enhancements to the banking Trojan that further increases the danger of the threat.

Banking Trojans Expand Beyond Financial Targets

The most recent attack utilizing the Dyre Trojan targeted the cloud computing company, Salesforce.com. Historically, banking Trojans were used to steal account credentials of banking customers but now sensitive business data is being stolen from companies in the healthcare industry, retail, software industry and others. Malicious software developers are seeking access to organizational systems and operating systems to steal data that would aid in identity theft for purposes of committing fraud. Attackers remain patient and persistent; evolving the tools, harvesting the data and attacking when it is unexpected.

Read More

Topics: Lure, Trojan, Dyre Banking Trojan

Shellshock, Unpatchable USB Malware, iOS virus and more | TWIC - October 3, 2014

Posted by Lindsey Havens

Oct 3, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, The Week in Cybercrime, Shellshock

Mitigating the Impact of Shellshock on Financial Institutions

Posted by Don Jackson, Director of Threat Intelligence

Oct 2, '14

With the recent discovery of the Shellshock bug, many banking institutions are left wondering what the implications are to the financial industry and how to begin to secure systems. In this post, we've addressed common questions and mitigation tactics for banking entities to reduce the risk of exploitation through the Shellshock bug vulnerability. 

Read More

Topics: Threat Analysis, Shellshock

Shellshock Bug, POS Breach, Hackers Target Medical and more | TWIC - September 26, 2014

Posted by Lindsey Havens

Sep 26, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, The Week in Cybercrime, Data Breach, POS Attacks, Shellshock

Bash “Shellshock” Bug Rivals Heartbleed in Cyber Threat Severity

Posted by Don Jackson, Director of Threat Intelligence

Sep 26, '14

The recently discovered bug, Shellshock, also known as the “bash bug” was made public on September 24, 2014, causing widespread anxiety as bug patches failed to remediate all vulnerabilities. The bug is found in Bash – an almost ubiquitous system software used in millions of computers, Linux-based machines and even Mac computers. Essentially, the vulnerability allows for remote execution of arbitrary commands on web servers and computers with no authentication required.

Read More

Topics: Threat Intelligence, Shellshock

    

Subscribe to Email Updates