Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Join Stacy Shelley, VP at PhishLabs, as he explores the reasons common ATO fraud prevention measures are insufficient and how financial institutions can move forward with a more comprehensive and robust anti-fraud strategy. Watch the webcast here.
- Neverquest Trojan Targets Regional Banks in Japan (SC Magazine)
Cybercriminals are using financial malware, called Neverquest, to attack several regional banks in Japan. Neverquest’s capabilities include key logging, screenshot and video capturing, remote control access and stored credential and digital certificate theft. Researchers indicate that Japan, the United Kingdom and Germany are the most impacted by the malware.
Kaspersky Lab researchers discovered that attackers are exploiting security vulnerabilities in an open source search and analytics application known as Elasticsearch to get Amazon’s cloud service to wage denial-of-service attacks. The list of DDoS victims includes a large regional U.S. bank, as well as a large Japanese electronics maker and service provider. In response, Elasticsearch has published a list of recommended security practices.
- Credit Card Fraudster Gets 9 Years (Bank Info Security)
Alper Erdogan, from Turkey, was sentenced to more than nine years in federal prison for his part in a fraud scheme that involved the compromise of payment card details at a San Diego hotel. Acting as a broker, Erdogan provided criminals with thousands of stolen credit card numbers and the personal information of Americans, according to authorities. In addition to his prison sentence, Erdogan has been order to pay $1.1 million in restitution.
- 'Crouching Yeti' Attack Campaign Targeting Industries Worldwide (Security Week)
Kaspersky Lab researchers revealed a detailed analysis of an advanced attack campaign, nicknamed Crouching Yeti, which has struck approximately 2,800 victims across multiple industries. Attackers used three tactics to distribute malware: spear-phishing using PDF documents, waterhole attacks using a variety of exploits and Trojanized software installers. Industries targeted include mining, manufacturing, construction, information technology and the energy industry, with the most targeted countries being Spain, Japan, Germany, France, Italy, Turkey, Ireland, Poland, China and the United States.
Security researchers Karsten Nohl and Jakob Lell plan to demonstrate a proof-of-concept, called BadUSB, that can be installed on a USB device to completely takeover a PC, invisibly alter files installed from the memory stick, or even redirect the user’s Internet traffic. BadUSB resides in firmware, rather than flash memory, which means the attack code can remain hidden long after the contents of the USB device’s memory would appear to have been deleted. Currently, there is no easy fix for BadUSB, save banning the use of USB devices.