Cybercriminals Find POS Terminals Easy Prey

Posted by Don Jackson, Director of Threat Intelligence

Sep 17, '14

Over the past few months an abundance of point-of-sale (POS) attacks on major retailers has left millions of consumers’ personal account information vulnerable. The Home Depot, Goodwill, Supervalu grocery chain, Dairy Queen, and the UPS Store were all recently in the spotlight for POS terminal attacks where memory-scraping malware was installed to nab customer information. What is the cause of the uptick in POS attacks and what can be done to mitigate future attacks?    

Read More

Topics: Fraud, Account Takeover, POS Attacks

Peter Pan Phishing Scheme, Malware on Foreign-Policy Website, Hackers Target Healthcare Industry and more | TWIC - September 13, 2014

Posted by Lindsey Havens

Sep 13, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, Exploit, The Week in Cybercrime, Data Breach

“Please Try Again” – Trending Tactics in Phishing

Posted by Don Jackson, Director of Threat Intelligence

Sep 12, '14

Have you ever received this message when logging into an account? Chances are you have and you likely  blamed the “error” on yourself. What did you do next? You probably carefully typed each letter of your password to ensure accuracy. After reading this post, we hope you will think twice about the next request to “please try again.”

With an increase in phishing activity (APWG recently reported a 10.7 percent increase), also comes evolving tactics of deceit. In the past month, PhishLabs' R.A.I.D. (Research, Intelligence, and Analysis Division) observed the rise of intentional errors into scammers' playbooks.

Read More

Topics: Phishing, Fraud, Hacker Tools, Account Takeover

Vawtrak Gains Momentum, Retail & Nonprofit Data Breaches and more | TWIC - September, 5 2014

Posted by Lindsey Havens

Sep 5, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: The Week in Cybercrime

Vawtrak Gains Momentum and Expands Targets

Posted by Don Jackson, Director of Threat Intelligence

Sep 3, '14

Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

What You Need to Know

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak

Smash & Grab Attacks, Mozilla Leak, Dairy Queen Breach and more | TWIC - August 29, 2014

Posted by Stacy Shelley

Aug 29, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations. 

Around 97,000 early testers of the Bugzilla bug tracking software have been warned that their email addresses and encrypted passwords were exposed for three months. The accidental exposure is the second disclosed by the Mozilla Foundation this month. On August 1st, the organization revealed that around 76,000 Mozilla Developer Network email addresses and 4,000 hashed and salted passwords had been left on a public-facing server for 30 days.

Read More

Topics: The Week in Cybercrime

“Smash & Grab” cybercrime attacks have been active since mid-June

Posted by Don Jackson, Director of Threat Intelligence

Aug 28, '14

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash  & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations.

Read More

Topics: Phishing, Malware, Threat Intelligence, Trojan, Crimeware

RAT Vulnerabilities Leaked, DDoS Activity Up and more | TWIC - August 22, 2014

Posted by Lori Gildersleeve

Aug 22, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

The full source code of the Dendroid Remote Access Trojan (RAT) was recently leaked. The popular crimeware, which targets the Android operating system, is typically sold on underground forums for $300. With the malware’s source code now available, an increase in its use, as well as the creation of new variants, will likely be seen.

Community Health Systems, with operations spanning 29 states, announced that cybercriminals operating from China stole information on approximately 4.5 million patients, including names, birth dates and Social Security numbers. The healthcare industry has suffered a large number of breaches in the past, but the CHS breach topped them all. BitSight, a security-ratings firm, recently released ratings that the healthcare industry had more security issues and signs of breaches than any other industry, including the retail sector.

Read More

Topics: The Week in Cybercrime

Vulnerabilities found in Dendroid mobile Trojan

Posted by Paul Burbage, Threat Analyst

Aug 18, '14

On Friday, the full source code of the Dendroid Remote Access Trojan (RAT) was leaked. Dendroid is a popular crimeware package that targets Android devices and is sold on underground forums for $300. Usually the source code for botnet control panels is encrypted, so it was surprising to find the full source code for the Dendroid control panel included in the leaked files. Analyzing the leaked code revealed multiple vulnerabilities due to a lack of user input validation including Cross-Site Scripting (XSS), Arbitrary File Upload, SQL Injection, and PHP Code Execution.

Read More

Topics: Malware, Threat Analysis, Trojan, Crimeware, Android

Lawsuit to Determine ATO Accountability, Blackphone Hacked and more | TWIC - August 15, 2014

Posted by Lori Gildersleeve

Aug 15, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Tennessee Electric Company Inc., which was the victim of a corporate account takeover scheme, has sued TriSummit Bank, alleging negligence, breach of contract and fraudulent concealment in relation to the bank’s handling of unauthorized transfers. Currently businesses lack the rigorous fraud liability limits that consumers enjoy. This lawsuit could help standardize who is at fault and for how much when businesses are the victims of cybercrime.

More than 75,000 iPhones have been targeted by Chinese AdThief malware, stealing nearly $22 million in advertisements. AdThief is designed to rely on Cydia Substrate, a platform for modifying existing processes, which only works on jailbroken iOS devices. Hackers were able to manipulate advertiser identities, redirecting the revenue each time an end-user viewed or clicked on a given advertisement. 

Read More

Topics: The Week in Cybercrime

    

Subscribe to Email Updates