By Daniel Ingevaldson, CTO

With over 15 years of experience protecting some of the world’s biggest organizations from next-generation threats, Daniel is our guru when it comes to developing fresh approaches to online security and fraud. As our CTO, he defines and executes the strategies for researching and creating the next generation of Total Fraud Protection® products. Daniel previously co-founded Endgame, a cutting-edge organization focused on building endpoint detection and response (EDR) solutions for large government and enterprise clients. Before Endgame, Daniel joined Internet Security Systems (ISS) in the late '90s as a member of the famed X-Force research team. While at ISS and through IBM’s acquisition of ISS in 2008, Daniel held various research, engineering and strategy positions. Daniel holds a bachelor’s degree in Computer Science from Purdue University.

Dark Reading – Why Email Is Worth Saving

Share Button

DR

I recently shared my thoughts with Dark Reading on why email is worth saving. In the piece, we ask ‘What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available?’ It is, it’s called the DMARC specification, and we should be using it. Read more

Home Depot Breach: Time to Value of Black Market Cards Changes as Banks and Retailers Improve Detection

Share Button

home depot teaching kids to buildWith the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including:
• integrated Bitcoin funding
• good customer support
• good commerce features

 

 

Read more

Tennessee Electric Company Inc. vs. TriSummit Bank – A Cautionary Tale

Share Button

Tennessee LawsuitThe latest in a recent string of lawsuits between businesses and their commercial banks is the case of Tennnessee Electric Company vs. TriSummit Bank.  In the complaint, Tennessee Electric alleges in six counts, from gross negligence to fraud, that TriSummit didn’t honor its agreement to protect the security of ACH initiated payroll transactions. Read more

Anatomy of a Hack – Mobile Banking Applications

Share Button

EasySol-Anatomy of a Hack 1One of the things that we do at Easy Solutions, to help protect banks from fraud, is perform passive monitoring on paste sites, social media sites, and the black market. We see all kinds of crazy things and we wanted to share this example. In the case below, we found what appeared to be source code for one of our client’s mobile banking apps. We pay attention to this kind of thing because evidence of publication of source code can lead directly to increased attacks-especially as they relate to mobile apps.

“Zberb” — Banking Trojan du Jour – Here We Go Again

Share Button

trojanThis week we were greeted with news of a new banking trojan malware variant named Zberb. This trojan was described breathlessly by the security community as an “evil monster” and a “hybrid beast” in one hyperbole-laced article. Why is Zberb so terrifying and why should we take all of our money out of the bank, convert it to bullion and bury it in the yard? Well, from a technical perspective, Zberb was designed and built by combining features already in the wild from two major bank trojan families, Zeus/Zbot and Carberb.

Both of these trojans have been in the wild for a long time and have been consistently improved with new attack vectors, new detection migitations and new communications mechanisms.

Heartbleed – Hackers Posting Massive Lists of Vulnerable Domains; Huge Account Takeovers More Likely Over Time

Share Button

HeartbleedOne of the many services we provide our clients is brand intelligence. This service is usually used by banks and credit unions that want to keep an eye on their brand presence online, as well as any “chatter” about pending or on-going attacks against their infrastructure.

Kickstarter for Advanced Mobile Malware – New Carrier Policy Will Drive Malware Innovation

Share Button
ImageLate last year, AT&T, Sprint and T-Mobile together announced that they will no longer offer or support Premium SMS services (with Verizon following shortly after).  Premium SMS supports things like ordering ring-tones, checking horoscopes and all sorts of other things I have never done.  It also supports legions of spammers, shady SMS aggregators and 3rd parties who try to bill people a few dollars here and there and hope they get away with it.  This service has been around for a long time and carriers love(d) it because they received a cut of each transaction. Lookout did a great blog post on how the whole process works (https://blog.lookout.com/blog/2012/10/03/avoid-premium-sms-scams/).

The Long Tail of the Target Breach

Share Button

Target_DogOn January 21st, another huge batch of over 2 million cards hit the black market forums. After inspection y the Easy Solutions team, it appears that this batch is from the Target breach as well, which took place with some degree of uncertainty between November 27th and December 15. Evidence of the Target breach was first detected by Easy Solutions on December 11th and the breach was confirmed on December.

 

 

Read more

EMV Technology Alone Is Not Enough to Stop Fraud

Share Button

ImageIn light of the Target and Neiman Marcus breaches, many are pointing to EMV “chip and pin” technology as the silver bullet that could have saved Target and its customers a lot of heartache. However, while EMV is a good step forward for card security, it’s inaccurate to say that EMV would have stopped the Target breach.

The Truth about EMV

  • EMV would not have prevented the Target breach from happening.

EMV began as a joint effort conceived by Europay, MasterCard and Visa to replace the mechanism to provide customer identifiable information (Account number, CVV, etc.) to the terminal initiating a transaction. Instead of a magnetic strip for this purpose, EMV cards use a smart chip and require the entry of a PIN number that only the customer should know (hence the term “chip and PIN”). Once the information has been passed into the terminal, the transactional process remains the same – the account information is loaded into the terminal’s memory, a transaction frame is built to request authorization, and so on.

In Light of USB ATM Hack, A Look at ATM Threats and How to Monitor For Ongoing Threats

Share Button

On New Year’s Eve, researchers unveiled that hackers had been able to physically hack into ATMs throughout Europe, using USB drives. This came as little surprise to those who follow ATM security, and understand the inherent weaknesses in the model.