Recent Posts

Recent Blog Posts

The PhishLabs Blog

ATO Fraud Explained, Neverquest Strikes, Cloud Seeded with Bots and more | TWIC - August 1, 2014

Posted by Lori Gildersleeve on Aug 1, '14


Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Join Stacy Shelley, VP at PhishLabs, as he explores the reasons common ATO fraud prevention measures are insufficient and how financial institutions can move forward with a more comprehensive and robust anti-fraud strategy. Watch the webcast here.

Cybercriminals are using financial malware, called Neverquest, to attack several regional banks in Japan. Neverquest’s capabilities include key logging, screenshot and video capturing, remote control access and stored credential and digital certificate theft. Researchers indicate that Japan, the United Kingdom and Germany are the most impacted by the malware. 

Kaspersky Lab researchers discovered that attackers are exploiting security vulnerabilities in an open source search and analytics application known as Elasticsearch to get Amazon’s cloud service to wage denial-of-service attacks. The list of DDoS victims includes a large regional U.S. bank, as well as a large Japanese electronics maker and service provider. In response, Elasticsearch has published a list of recommended security practices.

Alper Erdogan, from Turkey, was sentenced to more than nine years in federal prison for his part in a fraud scheme that involved the compromise of payment card details at a San Diego hotel. Acting as a broker, Erdogan provided criminals with thousands of stolen credit card numbers and the personal information of Americans, according to authorities. In addition to his prison sentence, Erdogan has been order to pay $1.1 million in restitution.

Kaspersky Lab researchers revealed a detailed analysis of an advanced attack campaign, nicknamed Crouching Yeti, which has struck approximately 2,800 victims across multiple industries. Attackers used three tactics to distribute malware: spear-phishing using PDF documents, waterhole attacks using a variety of exploits and Trojanized software installers. Industries targeted include mining, manufacturing, construction, information technology and the energy industry, with the most targeted countries being Spain, Japan, Germany, France, Italy, Turkey, Ireland, Poland, China and the United States.

Security researchers Karsten Nohl and Jakob Lell plan to demonstrate a proof-of-concept, called BadUSB, that can be installed on a USB device to completely takeover a PC, invisibly alter files installed from the memory stick, or even redirect the user’s Internet traffic. BadUSB resides in firmware, rather than flash memory, which means the attack code can remain hidden long after the contents of the USB device’s memory would appear to have been deleted. Currently, there is no easy fix for BadUSB, save banning the use of USB devices.

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all