PoS Malware, Adobe Emergency Update, ATM 'Wiretapping' and more | TWIC - November 28, 2014

Posted by Lindsey Havens

Nov 28, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, Vulnerability, Adobe, The Week in Cybercrime, Data Breach

Citadel Trojan Targets Password Managers, Microsoft Emergency Patch, Charities Targeted and more | TWIC - November 22, 2014

Posted by Lindsey Havens

Nov 22, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Vulnerability, The Week in Cybercrime, Banking Trojan

Cybercriminals abuse charities to verify stolen credit card data

Posted by Don Jackson, Director of Threat Intelligence

Nov 21, '14

It should come as no surprise that cybercriminals have yet again displayed superior moral character with a scheme exploiting websites of non-profit organizations to verify stolen card data. PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered an underground service that allows cybercriminals to use an interactive chat bot to automate the verification of stolen payment card data. The bot is a script programmed to login to an online chat channel and monitor it for messages containing data such as credit card numbers, cardholder names, and expiration dates using a special input syntax. Miscreants are purposefully targeting websites of non-profits with this service to verify stolen credit card data.

Bot design and implementation

When cybercriminals join the online channel and "chats," the bot uses the data provided (cardholder name and information) to input and run transactions against the websites of charities and other non-profits in order to verify that the card data is correct and the account is active. The bot then reports the results and any transaction details back the crook.

The bot interacts as a user on an IRC (Internet Relay Chat) channel. Functions like card verification are handled through private messages between a moderator, the criminal service's customer, and the bot's own "user" ID on the same chat channel. These messages contain bot commands formatted using a specific syntax recognized by the bot. Using the private message feature allows the service's users to chat openly with each other but keep messages that contain things like valuable card data out of the hands of the other criminals on the channel.

The bot itself is a program implemented in the perl programming language. Although based on a design for IRC interactions that dates back many years, this bot uses specific modules and code customized for cybercrime purposes first seen in 2011. This particular strain of criminal tailored code is known for its use of Portuguese for comments and variable names.

The source code to those bots is available, but compared to those older bots that were coded for a single main purpose, the bot used in this case is larger and more complex, handling many different functions that cybercriminals may find useful. Indeed, in addition to automated card verification, this bot also includes modules for tasks such as:

  • Checking tracking numbers on packages, for example, used by the channel members to track items purchased using stolen cards through a "reshipper" network
  • Address and ZIP code verification for cardholder identity data

However, card verification seems to be the primary use, and that's the main draw for the service's customers. See Figure 1 for a snippet of code showing the card verification data.

Figure 1 - Bot source code snippet showing card data approval messages

Read More

Topics: Fraud

New iOS Vulnerability, Postal Service Investigates Possible Breach, Microsoft Bug and more | TWIC - November 14, 2014

Posted by Lindsey Havens

Nov 14, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, Vulnerability, The Week in Cybercrime, Account Takeover, Data Breach

What can community banks and credit unions do to mitigate account takeover attacks?

Posted by Lindsey Havens

Nov 13, '14

In the past six months we’ve seen one security breach after another with retailers, community banks, and credit unions targeted by criminals seeking to takeover accounts and commit fraud. The Home Depot breach resulted in 53 million email addresses compromised. As a result, we can expect to see a surge in phishing attacks geared at stealing login credentials of these individuals. When authentication isn’t enough to stop cybercriminals from taking over customer or credit union member accounts, what should financial institutions do?
Read More

4 reasons why authentication isn’t enough to stop account takeover

Posted by Lindsey Havens

Nov 12, '14

The prevalence of account takeover (ATO) attacks continues to grow with losses reported in the billions each year. Recent observations indicate an increase in community banks and credit unions being targeted with account takeover attacks. Cyber criminals have managed to circumvent most authentication tactics - even the more advanced techniques. Once authentication has been circumvented, all the financial institution can hope to do is minimize the number of successful fraudulent transactions.

Why is authentication not enough?

You can’t put too much faith in authentication methods for four main reasons:

  1. Basic authentication is trivial to bypass.
  2. Advanced authentication is too expensive to roll out to the majority of accounts.
  3. Cybercriminals continue to evolve techniques to circumvent security controls.
  4. Ultimately, if your customers can get to their accounts online, so can cybercriminals.
Read More

58 Million Email Addresses Stolen, New Mobile Malware, Contactless Payment Cards Vulnerability and more | TWIC - November 8, 2014

Posted by Lindsey Havens

Nov 8, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Malware, Vulnerability, The Week in Cybercrime, Account Takeover, Data Breach

Phishing scams likely after 53 million email addresses stolen in Home Depot security breach

Posted by Lindsey Havens

Nov 7, '14

After Home Depot’s massive data breach earlier this year the company is warning consumers to be on guard against phishing scams. With 53 million email addresses stolen as part of the breach, there is a high probability that cybercriminals will use these emails to dupe consumers into giving them their online banking credentials or other personal information. 

Cybercriminals use a variety of tactics to obtain information used in account takeover attacks including phishing, vishing and SMiShing. A recent study by Google found phishing emails to be surprisingly effective. With the news of the massive number of email addresses stolen, consumers are going to have to elevate suspicions when monitoring emails.

Who’s at risk?

Read More

Major CMS Vulnerability, Chinese Espionage Group exposed, Chip Card Charges, and more | TWIC - October 31, 2014

Posted by Lindsey Havens

Oct 31, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Vulnerability, The Week in Cybercrime, Data Breach, Cyberespionage

Cyberespionage Phishing Attack, Backoff Malware Spreads, Retail Breach and more | TWIC - October 24, 2014

Posted by Lindsey Havens

Oct 24, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Malware, Vulnerability, The Week in Cybercrime, Cyberespionage

    

Subscribe to Email Updates