The MITM attack using PAC (Proxy Automatic Configuration) Files is a method of fraud widely used by Brazilian hackers in order to control the HTTP traffic of an infected machine and redirect it to a proxy owned by the delinquent.
On January 21st, another huge batch of over 2 million cards hit the black market forums. After inspection y the Easy Solutions team, it appears that this batch is from the Target breach as well, which took place with some degree of uncertainty between November 27th and December 15. Evidence of the Target breach was first detected by Easy Solutions on December 11th and the breach was confirmed on December.
On Jan 4th, we saw a dump of 2 Million cards onto the black market – one of the largest single day drops we’ve seen in a while. While we can’t definitively say what the source of the breach was, the percentage of Extremely High Value cards is significantly higher than we see on average. These are cards like the Amex Centurion card – an invite-only card that comes with a $7500 setup fee, and $2500 annual fee. While it is hard to determine from a single black market, this would indicate these could come from a high end source, such as Neiman Marcus.
As we are in the midst of the largest online holiday shopping phenomena ecommerce has ever experienced, it’s pretty safe to assume that fraudsters are looking for new and even more ways to put a little jingle in their wallets this season and beyond. So in a year where we are seeing data from various sources indicating financial fraud is climbing faster than Santa can slide down your chimney, we have pulled out our crystal ball to make some 2014 Financial Fraud Predictions here at Easy Solutions to help you stay head of the game in the coming year. While these are just predictions, they are based off of some very real trends and data we are seeing here at Easy Solutions:
Mobile fraud will evolve faster than defenses for at least another year. In the last month, the four major US mobile carriers announced that they will begin blocking premium or paid SMS charges, otherwise known as cramming. Around 75% of all existing mobile malware uses this method to monetize mobile fraud. Cutting off this revenue source for fraudsters will accelerate innovation of mobile malware and take more advanced techniques like SMS OOB interception into the mainstream.
Easy Solutions Labs today issued an advisory that it is seeing increased activity, aimed at conducting account takeovers, targeting specific banks in Colombia and Venezuela. Read more
|Unveiling our New Webcast….Building for Tomorrow: Creating a Flexible and Effective Multi-layer Approach Against the Fraud of Today and Tomorrow featuring Gartner Expert Avivah Litan|
|In this increasingly mobile, fast-paced world, organizations contend with ever-more sophisticated fraudsters across an array of channels. The bad guys always have the ‘first mover advantage’, since they’re designing the attacks. They’re likely to be younger, smarter, and more aggressive than ever. Knowing the emerging fraud trends to catch the bad guys in the act is only part of the fraud puzzle – there is in fact an entire life cycle to an electronic attack, each requiring a different fraud prevention practice and technique along the way. For example, the recent $45M heist is a great example of a compromise that involved vulnerabilities at every stage of an attack, across multiple transactional channels. This was a very well planned attack, where the perpetrators leveraged vulnerability in the Middle East for the setup and launch of the attack, but ultimately leveraged ATMs in New York and around the world to extract the cash. The ability to stop them at any stage along the way could have been a crucial difference.Often times we find companies spending significant time and resources on prevention strategies and tools that are incompatible, insufficiently address each part of the life cycle or, may miss the target all together depending on the organization’s business nature. This all can be daunting. We hear it all the time. You have to find a trusted partner to go to war with, because you can’t keep up with all of this by yourself.So, what are the biggest challenges customers face in protecting themselves from today’s fraudsters? And how can they protect themselves against new threats while leveraging their legacy systems?
In our latest webcast, Building for Tomorrow: Creating a Flexible and Effective Multi-layer Approach Against the Fraud of Today and Tomorrow– Gartner Research Vice President and Distinguished Analyst Avivah Litan and Easy Solutions’ CTO Daniel Ingevaldson – answer these questions and more. They will discuss the biggest challenges customers face in protecting themselves from today’s fraudsters. We invite you to learn how a multi-layer approach can help you secure all of your transactional environments from fraud, and more importantly, help you find the right solution for your fraud prevention needs.
Other key topics in the webcast include:
The webcast can be accessed by visiting http://www.easysol.net/newweb/Resources/webcast-featuring-Gartner
Half a Million Americans’ IDs and bank data stolen and sold online – and that’s just the tip of the iceberg
Last week, the Justice Department indicted a 24 year old Vietnamese man with 15 counts of wire fraud, identity fraud, access device fraud and conspiracy charges, for his part in stealing and helping to sell ‘fullz’ packages of IDs online for over 500,000 people. These ‘fullz’ packages include a person’s name, date of birth, social security number, bank account number and bank routing number, and payment card data. Read more
Large national savings and loan secures their online banking platform with Easy Solutions’ Total Fraud Protection
A large, national mutual savings and loan association, founded in 1971, is in the business of providing financial services to help families begin saving for large purchases. Today, the organization processes transactions for hundreds of thousands of clients. Read more