Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Malware Bypasses 2-Factor Authentication (Bank Info Security)
A sophisticated spear-phishing and malware campaign, dubbed Operation Emmental, bypasses the Android-based two-factor authentication systems used at 34 banks. Customers of financial services firms in Switzerland, Austria, Sweden and Japan have been targeted. The attacks are characterized by volume and sophistication, including localized spam, non-persistent malware, rogue DNS servers and more.
Researchers discovered a new, highly sophisticated attack hitting Swiss bank customers, both online and via Android devices, that is capable of compromising systems, intercepting SMS tokens, poisoning DNS settings and manipulating SSL. The Trojan, known as “Retefe,” uses a combination of attack vectors, including classic man-in-the-middle attacks, while evading detection by hiding within victims’ systems. The malware can also prompt users to install a fake banking application that intercepts login activity.
- European Central Bank Blackmailed by Hackers (Security Week)
The European Central Bank (ECB), the organization that administers the monetary policy of the Eurozone, announced that it had suffered a data breach. The ECB became aware of the incident after the attackers tried to blackmail the organization with the compromised information. Approximately 20,000 e-mail addresses, telephone numbers and street addresses were lost.
- Feds: Hackers Ran Concert Ticket Racket (Krebs on Security)
A 30-year-old Russian, Vadim Polyakov, was detained in Spain on charges of running an international cybercrime ring that allegedly stole more than $10 million in electronic tickets from StubHub. The crimes were perpetrated with user credentials stolen from legitimate StubHub customers. Polyakov faces extradition to the United States, and more arrests are planned
WSJ Website Hacked, Data Offered for Sale for 1 Bitcoin (arsTechnica)
The Wall Street Journal website took down two servers after a confirmed intrusion by a hacker calling himself “w0rm.” Cybersecurity firm IntelCrawl discovered the hacker had posted an offer to sell the user information and server access credentials for the affected servers. The breach came in the form of a SQL injection vulnerability in the wsj.com website.