Recent Posts

Recent Blog Posts

The PhishLabs Blog

Banks Face Sophisticated Attacks, Hacker Attempts Blackmail, WSJ Breached and more | TWIC - July 25, 2014

Posted by Lori Gildersleeve on Jul 25, '14


Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

A sophisticated spear-phishing and malware campaign, dubbed Operation Emmental, bypasses the Android-based two-factor authentication systems used at 34 banks. Customers of financial services firms in Switzerland, Austria, Sweden and Japan have been targeted. The attacks are characterized by volume and sophistication, including localized spam, non-persistent malware, rogue DNS servers and more.

Researchers discovered a new, highly sophisticated attack hitting Swiss bank customers, both online and via Android devices, that is capable of compromising systems, intercepting SMS tokens, poisoning DNS settings and manipulating SSL. The Trojan, known as “Retefe,” uses a combination of attack vectors, including classic man-in-the-middle attacks, while evading detection by hiding within victims’ systems. The malware can also prompt users to install a fake banking application that intercepts login activity.

The European Central Bank (ECB), the organization that administers the monetary policy of the Eurozone, announced that it had suffered a data breach. The ECB became aware of the incident after the attackers tried to blackmail the organization with the compromised information. Approximately 20,000 e-mail addresses, telephone numbers and street addresses were lost.

A 30-year-old Russian, Vadim Polyakov, was detained in Spain on charges of running an international cybercrime ring that allegedly stole more than $10 million in electronic tickets from StubHub. The crimes were perpetrated with user credentials stolen from legitimate StubHub customers. Polyakov faces extradition to the United States, and more arrests are planned

The Wall Street Journal website took down two servers after a confirmed intrusion by a hacker calling himself “w0rm.” Cybersecurity firm IntelCrawl discovered the hacker had posted an offer to sell the user information and server access credentials for the affected servers. The breach came in the form of a SQL injection vulnerability in the website.

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all