Recent Posts

Recent Blog Posts

The PhishLabs Blog

Lori Gildersleeve

Recent Posts

RAT Vulnerabilities Leaked, DDoS Activity Up and more | TWIC - August 22, 2014

Posted by Lori Gildersleeve on Aug 22, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

The full source code of the Dendroid Remote Access Trojan (RAT) was recently leaked. The popular crimeware, which targets the Android operating system, is typically sold on underground forums for $300. With the malware’s source code now available, an increase in its use, as well as the creation of new variants, will likely be seen.

Community Health Systems, with operations spanning 29 states, announced that cybercriminals operating from China stole information on approximately 4.5 million patients, including names, birth dates and Social Security numbers. The healthcare industry has suffered a large number of breaches in the past, but the CHS breach topped them all. BitSight, a security-ratings firm, recently released ratings that the healthcare industry had more security issues and signs of breaches than any other industry, including the retail sector.

Read More

Topics: The Week in Cybercrime

Lawsuit to Determine ATO Accountability, Blackphone Hacked and more | TWIC - August 15, 2014

Posted by Lori Gildersleeve on Aug 15, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Tennessee Electric Company Inc., which was the victim of a corporate account takeover scheme, has sued TriSummit Bank, alleging negligence, breach of contract and fraudulent concealment in relation to the bank’s handling of unauthorized transfers. Currently businesses lack the rigorous fraud liability limits that consumers enjoy. This lawsuit could help standardize who is at fault and for how much when businesses are the victims of cybercrime.

More than 75,000 iPhones have been targeted by Chinese AdThief malware, stealing nearly $22 million in advertisements. AdThief is designed to rely on Cydia Substrate, a platform for modifying existing processes, which only works on jailbroken iOS devices. Hackers were able to manipulate advertiser identities, redirecting the revenue each time an end-user viewed or clicked on a given advertisement. 

Read More

Topics: The Week in Cybercrime

Massive Data Breach Revealed, New POS Malware Identified and more | TWIC - August 8, 2014

Posted by Lori Gildersleeve on Aug 8, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

A Russian crime ring has collected more than 1.2 billion username/password combinations and 500 million e-mail addresses, according to researchers with Hold Security. The criminals appear to be using the stolen information to send spam on social networks at the behest of other groups, earning a fee in return. Victimized companies have not been named, due to nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable.

Researchers with FireEye and Fox-IT have launched a free online service to help victims unlock and recover files scrambled by the malware CryptoLocker. Cybercriminals used the malware to hold users’ personal files for a ransom, costing a few hundred to several thousand dollars for access. According to Fox-It, 1.3 percent of victims paid a CryptoLocker ransom.

Read More

Topics: The Week in Cybercrime

ATO Fraud Explained, Neverquest Strikes, Cloud Seeded with Bots and more | TWIC - August 1, 2014

Posted by Lori Gildersleeve on Aug 1, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Join Stacy Shelley, VP at PhishLabs, as he explores the reasons common ATO fraud prevention measures are insufficient and how financial institutions can move forward with a more comprehensive and robust anti-fraud strategy. Watch the webcast here.

Cybercriminals are using financial malware, called Neverquest, to attack several regional banks in Japan. Neverquest’s capabilities include key logging, screenshot and video capturing, remote control access and stored credential and digital certificate theft. Researchers indicate that Japan, the United Kingdom and Germany are the most impacted by the malware. 

Read More

Topics: The Week in Cybercrime

Banks Face Sophisticated Attacks, Hacker Attempts Blackmail, WSJ Breached and more | TWIC - July 25, 2014

Posted by Lori Gildersleeve on Jul 25, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

A sophisticated spear-phishing and malware campaign, dubbed Operation Emmental, bypasses the Android-based two-factor authentication systems used at 34 banks. Customers of financial services firms in Switzerland, Austria, Sweden and Japan have been targeted. The attacks are characterized by volume and sophistication, including localized spam, non-persistent malware, rogue DNS servers and more.

Researchers discovered a new, highly sophisticated attack hitting Swiss bank customers, both online and via Android devices, that is capable of compromising systems, intercepting SMS tokens, poisoning DNS settings and manipulating SSL. The Trojan, known as “Retefe,” uses a combination of attack vectors, including classic man-in-the-middle attacks, while evading detection by hiding within victims’ systems. The malware can also prompt users to install a fake banking application that intercepts login activity.

Read More

Topics: The Week in Cybercrime

Why ATO Is a Huge Problem, Gameover ZeuS Revives, Shylock Botnet Disrupted and more | TWIC - July 18, 2014

Posted by Lori Gildersleeve on Jul 18, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO. And financial institutions are rightly concerned. According to a study conducted last year, losses due to ATO fraud have grown 69 percent and account for more than $4.6 billion in losses (yes, that's billion with a B).

Cybercrooks recently began attempting to resurrect the Gameover ZeuS botnet by sending out spam with phishing lures that include zip files booby-trapped with a new variant of the malware. This revival attempt comes nearly a month after the FBI joined with several nations, researchers and security firms in a global effort to shutdown the botnet. The original Gameover ZeuS botnet, which has been blamed for the theft of more than $100 million worldwide, remains locked down; this new variant appears to be rebuilding the botnet from scratch.

Read More

Topics: The Week in Cybercrime

New Commercial Malware for Sale, Zeus Evolves, Microsoft Apologizes and more | TWIC - July 14, 2014

Posted by Lori Gildersleeve on Jul 14, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Widely available, free clones of Zeus, as well the arrests of several crimeware kit developers, have left the commercial malware market barren until now. The developer of a new financial crimeware, called Pandemiya, has begun selling the banking Trojan for between $1,500 and $2,000. The malware features Web injection capabilities, password-grabbers, task automation, a file grabber, encrypted command-and-control communications and the ability to capture screen grabs.

Websense Security Labs researchers announced the discovery of evolving Zeus strains that implement information-stealing procedures. These new Zeus variants are being used in low-volume e-mail campaigns that target users’ financial data. While a recent malware campaign appeared to focus on Canadian banks, U.S. businesses are also being targeted.

Read More

Topics: The Week in Cybercrime

Phishing Attacks Surge in Q1 2014, Microsoft's Proactive Cyber Fight, and more | TWIC - July 3, 2014

Posted by Lori Gildersleeve on Jul 3, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

The Anti-Phishing Working Group (APWG) reports in its new Phishing Activity Trends Report that the number of phishing sites in the first quarter of 2014 grew 10.7 percent over the previous quarter. The APWG detected an average of 41,738 new phishing attacks per month in the first quarter, resulting in the second-highest number of phishing attacks ever recorded in a first quarter.

Brobot, a powerful botnet specializing in attacks against American financial institutions, appears to be back in action after a year's hiatus. But this time, its operator appears to be unknown.  

Read More

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all