From Advanced Threats

Hard Cheese –Defending against Multi vector, Combined, Intelligent Attacks like Operation Emmental

Share Button

Operation EmmentalLast week, reports flooded security forums and publications highlighting an increase in the rate of a fraud attack named Operation Emmental.

The threat type was first noticed by security companies approximately 5 months ago, but the recent rise in successful attacks against mobile banking users has been alarming and underlined the effectiveness of the attack. The fact that the majority of the successful attacks were aimed at Swiss banks led to the name of Operation Emmental, referring to the Swiss cheese containing holes, suggesting imperfections in security.
Read more

Risk of Major Mobile Banking Attack in the US Continues to Increase

Share Button

Mobile

Over the last two years, we have seen a tremendous increase in mobile malware, which grew 167 percent in the past year, according to the June 2014 McAfee Labs Threat Report.

Here are two major reasons why mobile malware is increasingly the preferred method of attack for fraudsters:

1. As EMV technology is deployed in the US, the amount of fraud attributed to counterfeit cards will decrease.

2. Telecommunications providers will no longer allow premium text message services to bill customers, lowering the volume of fraud via premium SMS messages.

Read more

“Zberb” — Banking Trojan du Jour – Here We Go Again

Share Button

trojanThis week we were greeted with news of a new banking trojan malware variant named Zberb. This trojan was described breathlessly by the security community as an “evil monster” and a “hybrid beast” in one hyperbole-laced article. Why is Zberb so terrifying and why should we take all of our money out of the bank, convert it to bullion and bury it in the yard? Well, from a technical perspective, Zberb was designed and built by combining features already in the wild from two major bank trojan families, Zeus/Zbot and Carberb.

Both of these trojans have been in the wild for a long time and have been consistently improved with new attack vectors, new detection migitations and new communications mechanisms.

How to Leverage Brand Intelligence for Fraud Management

Share Button

Social media brand intelligenceOne of the hardest responsibilities to tackle when it comes to fraud management is identifying and anticipating emergent attacks that seek to exploit your security controls. When I was in charge of rooting out fraud at a well-known financial services company, I spent a lot of time and money designing and deploying fraud solutions, as well as establishing proactive mitigation efforts to help identify threats in their planning stages. I know what it’s like to be on the client side of the fraud protection fence, regularly evaluating tools to see which ones are effective and which are a waste of time and money.

ALERT: ZeuS GameOver Massive Spamming Campaign Now Targeting Banks & Enterprises

Share Button

Today, our research team has confirmed a massive spam campaign leveraging ZeuS GameOver, is now targeting major banks, social networks, and other enterprises.

How is the spamming taking place?

Hundreds of unsolicited emails, impersonating “Broad Oak Toiletries Ltd”, are targeting these organizations. To inspire trust, the emails have the word Invoice and a few random numbers on the subject line and pretends to have been scanned by Symantec Email Security cloud service. In the body of the email, the recipients are being asked to communicate a payment date to an account administrator for the invoice attached.

The email includes a ZIP archive named ‘Invoice [random number] March 2014.zip’ and contains an executable file posing as a Word document. Upon opening, the file will attempt to download a binary form of 55 different URLs. Following this, approximately 35 websites will be serving up the payload of ZeuS GameOver, with the Narcus rootkit and some ransomware.

Heartbleed – Hackers Posting Massive Lists of Vulnerable Domains; Huge Account Takeovers More Likely Over Time

Share Button

HeartbleedOne of the many services we provide our clients is brand intelligence. This service is usually used by banks and credit unions that want to keep an eye on their brand presence online, as well as any “chatter” about pending or on-going attacks against their infrastructure.

Tax Season: A Perfect Phishing Opportunity, and a Reminder to Always Be Monitoring

Share Button

Tax fraud emailEvery April, procrastinators hurry to get all of their paperwork together to file their taxes, while accountants also strive to make every minute count. As it turns out, everyone is busy in April, even cybercriminals.

The end of tax season is prime time for fake phishing e-mails asking taxpayers to log in and check the status of an income tax return, messages claiming that updated tax documents have been issued, and even e-mails asserting that there is an error with your tax return.

Image courtesy of Fifth Third Bank

Tackling Today’s Evolving Fraud

Share Button

ImageIt almost seems like a day doesn’t go by without someone reporting the discovery of hundreds of millions of pieces of user-specific information related to credit and debit cards, e-mail addresses, or log-in credentials being sold on underground markets[1]. If these numbers are true, the banks are paying the price for these leaks in a big way.

JPG Encrypted PAC – A new Favorite for Pharmers

Share Button

The MITM attack using PAC (Proxy Automatic Configuration) Files is a method of fraud widely used by Brazilian hackers in order to control the HTTP traffic of an infected machine and redirect it to a proxy owned by the delinquent.

The Long Tail of the Target Breach

Share Button

Target_DogOn January 21st, another huge batch of over 2 million cards hit the black market forums. After inspection y the Easy Solutions team, it appears that this batch is from the Target breach as well, which took place with some degree of uncertainty between November 27th and December 15. Evidence of the Target breach was first detected by Easy Solutions on December 11th and the breach was confirmed on December.

 

 

Read more