I recently shared my thoughts with Dark Reading on why email is worth saving. In the piece, we ask ‘What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available?’ It is, it’s called the DMARC specification, and we should be using it. Read more
Home Depot Breach: Time to Value of Black Market Cards Changes as Banks and Retailers Improve Detection
With the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including:
• integrated Bitcoin funding
• good customer support
• good commerce features
The latest in a recent string of lawsuits between businesses and their commercial banks is the case of Tennnessee Electric Company vs. TriSummit Bank. In the complaint, Tennessee Electric alleges in six counts, from gross negligence to fraud, that TriSummit didn’t honor its agreement to protect the security of ACH initiated payroll transactions. Read more
One of the things that we do at Easy Solutions, to help protect banks from fraud, is perform passive monitoring on paste sites, social media sites, and the black market. We see all kinds of crazy things and we wanted to share this example. In the case below, we found what appeared to be source code for one of our client’s mobile banking apps. We pay attention to this kind of thing because evidence of publication of source code can lead directly to increased attacks-especially as they relate to mobile apps.
This week we were greeted with news of a new banking trojan malware variant named Zberb. This trojan was described breathlessly by the security community as an “evil monster” and a “hybrid beast” in one hyperbole-laced article. Why is Zberb so terrifying and why should we take all of our money out of the bank, convert it to bullion and bury it in the yard? Well, from a technical perspective, Zberb was designed and built by combining features already in the wild from two major bank trojan families, Zeus/Zbot and Carberb.
Both of these trojans have been in the wild for a long time and have been consistently improved with new attack vectors, new detection migitations and new communications mechanisms.
Heartbleed – Hackers Posting Massive Lists of Vulnerable Domains; Huge Account Takeovers More Likely Over Time
One of the many services we provide our clients is brand intelligence. This service is usually used by banks and credit unions that want to keep an eye on their brand presence online, as well as any “chatter” about pending or on-going attacks against their infrastructure.
On January 21st, another huge batch of over 2 million cards hit the black market forums. After inspection y the Easy Solutions team, it appears that this batch is from the Target breach as well, which took place with some degree of uncertainty between November 27th and December 15. Evidence of the Target breach was first detected by Easy Solutions on December 11th and the breach was confirmed on December.
In light of the Target and Neiman Marcus breaches, many are pointing to EMV “chip and pin” technology as the silver bullet that could have saved Target and its customers a lot of heartache. However, while EMV is a good step forward for card security, it’s inaccurate to say that EMV would have stopped the Target breach.
The Truth about EMV
- EMV would not have prevented the Target breach from happening.
EMV began as a joint effort conceived by Europay, MasterCard and Visa to replace the mechanism to provide customer identifiable information (Account number, CVV, etc.) to the terminal initiating a transaction. Instead of a magnetic strip for this purpose, EMV cards use a smart chip and require the entry of a PIN number that only the customer should know (hence the term “chip and PIN”). Once the information has been passed into the terminal, the transactional process remains the same – the account information is loaded into the terminal’s memory, a transaction frame is built to request authorization, and so on.