It has been an eventful year in cybercrime. We hope you have been able to follow our blog for updates in the cyber security arena but in case you missed one or two, we’ve compiled the most popular posts published by PhishLabs in 2014:
- New Man-in-the-Middle attacks leveraging rogue DNS (Don Jackson, Director of Threat Intelligence)
PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted.
- Targeted Wire Transfer Scam Aims at Corporate Execs (Don Jackson, Director of Threat Intelligence)
PhishLabs has discovered a fraudulent invoice campaign targeting corporate executives. The scammers attempt to convince their targets to wire funds to various accounts controlled by the fraudsters in order to settle the terms and outstanding balances on legitimate invoices from other companies.
- Vulnerabilities found in Dendroid mobile Trojan (Paul Burbage, Threat Analyst)
Dendroid is a popular crimeware package that targets Android devices and is sold on underground forums for $300. On Friday, the full source code of a Dendroid Remote Access Trojan (RAT) was leaked.
- Vishing campaign steals card data from customers of dozens of banks (John LaCour, CEO)
Multiple recent vishing attacks (Voice over IP phishing) have been stealing payment card data from the customers of U.S. banks. In an attack last week, customers of a midsize bank received SMS text messages claiming their debit card was deactivated and requesting they provide the card and PIN numbers to reactivate it.
- 1,700+ Google Docs and Drive phishing scam sites currently active (Brad Warneck, Security Operations)
Over the past several months, we've noticed a growing number of "all-in-one" webmail phishing sites using Google Docs or Google Drive as bait. More than 1,700 are active as of this posting, many of which have been up for months.
- Phishing @Home: Phishers set up sites on residential broadband hosts (Don Jackson, Director of Threat Intelligence)
PhishLabs is studying a wave of phishing attacks that utilize spam to distribute links to phishing sites installed and hosted on the personal computers of residential broadband customers
- Zeus malware distributed through browser warning: social engineering at its finest (Paul Burbage, Threat Analyst)
Zeus malware continues to plague the Internet with distributions through spam emails and embeds in compromised corners of the web – all designed to exploit unsuspecting consumers. PhishLabs’ R.A.I.D. recently observed the Zeus malware being distributed through an alarmingly convincing browser warning that prompts viewers to download and “restore settings.”
- Vawtrak Gains Momentum and Expands Targets (Don Jackson, Director of Threat Intelligence)
Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.
We’re looking forward to keeping you up to date on the latest cyber security news in 2015. Please follow our blog and join the conversation.