Today, our research team has confirmed a massive spam campaign leveraging ZeuS GameOver, is now targeting major banks, social networks, and other enterprises.
How is the spamming taking place?
Hundreds of unsolicited emails, impersonating “Broad Oak Toiletries Ltd”, are targeting these organizations. To inspire trust, the emails have the word Invoice and a few random numbers on the subject line and pretends to have been scanned by Symantec Email Security cloud service. In the body of the email, the recipients are being asked to communicate a payment date to an account administrator for the invoice attached.
The email includes a ZIP archive named ‘Invoice [random number] March 2014.zip’ and contains an executable file posing as a Word document. Upon opening, the file will attempt to download a binary form of 55 different URLs. Following this, approximately 35 websites will be serving up the payload of ZeuS GameOver, with the Narcus rootkit and some ransomware.
One of the many services we provide our clients is brand intelligence. This service is usually used by banks and credit unions that want to keep an eye on their brand presence online, as well as any “chatter” about pending or on-going attacks against their infrastructure.
Every April, procrastinators hurry to get all of their paperwork together to file their taxes, while accountants also strive to make every minute count. As it turns out, everyone is busy in April, even cybercriminals.
The end of tax season is prime time for fake phishing e-mails asking taxpayers to log in and check the status of an income tax return, messages claiming that updated tax documents have been issued, and even e-mails asserting that there is an error with your tax return.
It almost seems like a day doesn’t go by without someone reporting the discovery of hundreds of millions of pieces of user-specific information related to credit and debit cards, e-mail addresses, or log-in credentials being sold on underground markets. If these numbers are true, the banks are paying the price for these leaks in a big way.
The MITM attack using PAC (Proxy Automatic Configuration) Files is a method of fraud widely used by Brazilian hackers in order to control the HTTP traffic of an infected machine and redirect it to a proxy owned by the delinquent.
On January 21st, another huge batch of over 2 million cards hit the black market forums. After inspection y the Easy Solutions team, it appears that this batch is from the Target breach as well, which took place with some degree of uncertainty between November 27th and December 15. Evidence of the Target breach was first detected by Easy Solutions on December 11th and the breach was confirmed on December.
On New Year’s Eve, researchers unveiled that hackers had been able to physically hack into ATMs throughout Europe, using USB drives. This came as little surprise to those who follow ATM security, and understand the inherent weaknesses in the model.
On Jan 4th, we saw a dump of 2 Million cards onto the black market - one of the largest single day drops we've seen in a while. While we can't definitively say what the source of the breach was, the percentage of Extremely High Value cards is significantly higher than we see on average. These are cards like the Amex Centurion card - an invite-only card that comes with a $7500 setup fee, and $2500 annual fee. While it is hard to determine from a single black market, this would indicate these could come from a high end source, such as Neiman Marcus.
It looks like it isn’t just American consumers dealing with the fall-out from the Black Friday Target breach. A huge batch of 500,000 cards from non-US banks, with a big percentage from Latin America, have shown up on the black market for sale. These “world dumps” fetch a premium and are selling from about $60 to well over $100 per card.
As we are in the midst of the largest online holiday shopping phenomena ecommerce has ever experienced, it’s pretty safe to assume that fraudsters are looking for new and even more ways to put a little jingle in their wallets this season and beyond. So in a year where we are seeing data from various sources indicating financial fraud is climbing faster than Santa can slide down your chimney, we have pulled out our crystal ball to make some 2014 Financial Fraud Predictions here at Easy Solutions to help you stay head of the game in the coming year. While these are just predictions, they are based off of some very real trends and data we are seeing here at Easy Solutions:
Mobile fraud will evolve faster than defenses for at least another year. In the last month, the four major US mobile carriers announced that they will begin blocking premium or paid SMS charges, otherwise known as cramming. Around 75% of all existing mobile malware uses this method to monetize mobile fraud. Cutting off this revenue source for fraudsters will accelerate innovation of mobile malware and take more advanced techniques like SMS OOB interception into the mainstream.