From Advanced Threats

JPG Encrypted PAC - A new Favorite for Pharmers

Share Button

The MITM attack using PAC (Proxy Automatic Configuration) Files is a method of fraud widely used by Brazilian hackers in order to control the HTTP traffic of an infected machine and redirect it to a proxy owned by the delinquent.

The Long Tail of the Target Breach

Share Button

Target_DogOn January 21st, another huge batch of over 2 million cards hit the black market forums. After inspection y the Easy Solutions team, it appears that this batch is from the Target breach as well, which took place with some degree of uncertainty between November 27th and December 15. Evidence of the Target breach was first detected by Easy Solutions on December 11th and the breach was confirmed on December.



Read more

In Light of USB ATM Hack, A Look at ATM Threats and How to Monitor For Ongoing Threats

Share Button

On New Year’s Eve, researchers unveiled that hackers had been able to physically hack into ATMs throughout Europe, using USB drives. This came as little surprise to those who follow ATM security, and understand the inherent weaknesses in the model.

Neiman Marcus breach - Extremely High Value cards hit black market

Share Button

ImageOn Jan 4th, we saw a dump of 2 Million cards onto the black market - one of the largest single day drops we've seen in a while. While we can't definitively say what the source of the breach was, the percentage of Extremely High Value cards is significantly higher than we see on average. These are cards like the Amex Centurion card - an invite-only card that comes with a $7500 setup fee, and $2500 annual fee. While it is hard to determine from a single black market, this would indicate these could come from a high end source, such as Neiman Marcus.

Target Breach Global Impact - Non-US Cards Hitting Black Market

Share Button
It looks like it isn’t just American consumers dealing with the fall-out from the Black Friday Target breach.  A huge batch of 500,000 cards from non-US banks, with a big percentage from Latin America, have shown up on the black market for sale.  These “world dumps” fetch a premium and are selling from about $60 to well over $100 per card.

Crystal Ball Time: 2014 Financial Fraud Predictions

Share Button

ImageAs we are in the midst of the largest online holiday shopping phenomena ecommerce has ever experienced, it’s pretty safe to assume that fraudsters are looking for new and even more ways to put a little jingle in their wallets this season and beyond.  So in a year where we are seeing data from various sources indicating financial fraud is climbing faster than Santa can slide down your chimney, we have pulled out our crystal ball to make some 2014 Financial Fraud Predictions here at Easy Solutions to help you stay head of the game in the coming year.  While these are just predictions, they are based off of some very real trends and data we are seeing here at Easy Solutions:

Mobile fraud will evolve faster than defenses for at least another year.  In the last month, the four major US mobile carriers announced that they will begin blocking premium or paid SMS charges, otherwise known as cramming.  Around 75% of all existing mobile malware uses this method to monetize mobile fraud.  Cutting off this revenue source for fraudsters will accelerate innovation of mobile malware and take more advanced techniques like SMS OOB interception into the mainstream.

Unveiling our New Webcast….

Share Button
Unveiling our New Webcast….Building for Tomorrow: Creating a Flexible and Effective Multi-layer Approach Against the Fraud of Today and Tomorrow featuring Gartner Expert Avivah Litan
In this increasingly mobile, fast-paced world, organizations contend with ever-more sophisticated fraudsters across an array of channels. The bad guys always have the ‘first mover advantage’, since they’re designing the attacks. They’re likely to be younger, smarter, and more aggressive than ever.  Knowing the emerging fraud trends to catch the bad guys in the act is only part of the fraud puzzle – there is in fact an entire life cycle to an electronic attack, each requiring a different fraud prevention practice and technique along the way. For example, the recent $45M heist is a great example of a compromise that involved vulnerabilities at every stage of an attack, across multiple transactional channels. This was a very well planned attack, where the perpetrators leveraged vulnerability in the Middle East for the setup and launch of the attack, but ultimately leveraged ATMs in New York and around the world to extract the cash. The ability to stop them at any stage along the way could have been a crucial difference.Often times we find companies spending significant time and resources on prevention strategies and tools that are incompatible, insufficiently address each part of the life cycle or, may miss the target all together depending on the organization’s business nature.  This all can be daunting. We hear it all the time.  You have to find a trusted partner to go to war with, because you can’t keep up with all of this by yourself.So, what are the biggest challenges customers face in protecting themselves from today's fraudsters? And how can they protect themselves against new threats while leveraging their legacy systems?

In our latest webcast, Building for Tomorrow: Creating a Flexible and Effective Multi-layer Approach Against the Fraud of Today and Tomorrow– Gartner Research Vice President and Distinguished Analyst Avivah Litan and Easy Solutions' CTO Daniel Ingevaldson – answer these questions and more.   They will discuss the biggest challenges customers face in protecting themselves from today’s fraudsters. We invite you to learn how a multi-layer approach can help you secure all of your transactional environments from fraud, and more importantly, help you find the right solution for your fraud prevention needs.

Other key topics in the webcast include:

  • Emerging market trends in web fraud
  • Best practices for web fraud prevention
  • The mobile threat landscape
  • Fraud prevention strategies for cloud technologies
  • What companies should look for in a fraud protection solutions provider

The webcast can be accessed by visiting

Summary: Building for Tomorrow: Creating a Flexible and Effective Multi-layer Approach Against the Fraud of Today and Tomorrow

Read more

Half a Million Americans’ IDs and bank data stolen and sold online – and that’s just the tip of the iceberg

Share Button

Last week, the Justice Department indicted a 24 year old Vietnamese man with 15 counts of wire fraud, identity fraud, access device fraud and conspiracy charges, for his part in stealing and helping to sell ‘fullz’ packages of IDs online for over 500,000 people. These ‘fullz’ packages include a person’s name, date of birth, social security number, bank account number and bank routing number, and payment card data. Read more

Large national savings and loan secures their online banking platform with Easy Solutions’ Total Fraud Protection

Share Button

A large, national mutual savings and loan association, founded in 1971, is in the business of providing financial services to help families begin saving for large purchases. Today, the organization processes transactions for hundreds of thousands of clients. Read more