Recent Posts

Recent Blog Posts

The PhishLabs Blog

Vishing campaign hits dozens of banks, IE Zero-Day, Security vs Compliance Redux | TWIC - May 2, 2014

Posted by Stacy Shelley on May 2, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

PhishLabs investigated a recent vishing attack and uncovered a cache of stolen payment card data belonging to customers of dozens of financial institutions. We estimate the vishing crew responsible for the attack has stolen the data of 250 cards per day in this vishing campaign.

More than 25% of Web browsers in use are vulnerable to a zero-day IE exploit uncovered by FireEye. It appears the exploit has been used in targeted attacks. But it won't be long before it's included in exploit kits and used in broader attacks. Microsoft patched the vulnerability on Thursday.

As Anton says in his post, "security =/= compliance" isn't exactly a new concept. Compliance is often a budget driver though, and can be a convenient way for savvy security leaders to actually make needed security improvements. That being said, there are a lot of organizations that have a complete disconnect between what they're doing for compliance versus what they're doing to actually be secure. And that's a problem.

The research team at Bromium makes a great point about layered security strategies being only as strong as the weakest link in the security chain. The post focuses on endpoint security (Bromium is an endpoint security product), but the same principle applies more strategically as well. We frequently run into financial institutions that have invested  in layers upon layers of network and data security for their own environment while cybercriminals point their arsenal at banking customers instead... 


 

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Posts by Topic

see all