Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted.
- Understanding Online Threats with ThreatData (Facebook)
There is a great deal of threat data out there being generated by the good guys. But the data is far from uniform in structure and quality, making it difficult to consume and apply the data in truly meaningful ways to protect users. The good news is that it's a known problem that several groups are trying to address. Earlier this week, the security team at Facebook jumped in with the ThreatData framework for capturing intelligence data, storing it, and applying it to security processes.
- Banks Sue Security Vendor Trustwave After Target Data Breach (American Banker)
Several banks have joined together and are filing suit against Trustwave, who performed Target's PCI QSA audits. It'll be interesting to see how the suit plays out. Breach liability has been a concern for many assessors and they generally have made a lot of effort to reduce exposure in contract language. One of the issues is that QSA audits are not exhaustive in large payment environments and the auditors have to rely on sampling. Which means there's always risk of non-compliance even with a clean audit report...
- Who Built the ID Theft Service SSNDOB.ru? (Brian Krebs)
Brian Krebs continues to connect dots within the cybercrime underground. This time it's to track down the likely identity of one of the fraudsters behind SSNDOB.ru, which sold stolen sensitive data that was used for ID theft.
- Spammers take advantage of Naked Security writing about spammers (Naked Security)
Cybercrime steals a page from Inception. Well, not exactly. The Naked Security team at Sophos found a ID theft spam campaign using an image they were hosting as part of a writup they posted about different spam campaign. Whoops.