Hiding in Plain Sight: The Growth of Cybercrime in Social Media

Social media attracts all kinds. These sites are used for catching up with friends on Facebook, instant news dissemination on Twitter, partisan political viewpoints expressed in online forums, real-time reach outs on Snapchat, professional networking on LinkedIn — and now, not surprisingly, they’re used as global havens for cybercrime. Today, we are announcing the release…

The Role of Tor in Cybercrime

In a previous blog, we explored the layers of the deep web, and briefly explained how anonymity technologies (such as Tor) facilitate illegal, underground commerce.  This post aims to explain the underlying concept of how Tor functions, thus, how anonymity on the Internet is accomplished. An Overview of Tor and Internet Anonymity To understand how…

What is the Deep (Dark) Web?

Billions of people use the web on a daily basis. However, most of them usually consume less than 5 percent of its content. This 5 percent is known as the Surface Web, the part of the web whose content can be indexed and found by standard search engines that use link-crawling techniques, like Google, Bing, Yahoo,…

The Carberp Code is #INTH3WILD – Now What?

By Daniel Cohen, Head of Knowledge Deliver and Business Developments, RSA FraudAction Group   History Repeats Itself…. “History repeats itself, and that’s one of the things that’s wrong with history.” – Clarence Darrow Be it internal disagreements within the Carberp team, or law enforcement pressure following the arrests in 2012, the Carberp cyber gang members…

Cyber Gang Seeks Botmasters to Wage Massive Wave of Trojan Attacks Against U.S. Banks

By Mor Ahuvia, Cybercrime Communications Specialist, RSA FraudAction™  In one of the most interesting cases of organized cybercrime this year, a cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign. Planned for this fall, the blitzkrieg-like series of Trojan…

Whitehats vs. Blackhats: Techniques of the Cybercrime Elite Trickle Down to the Public Domain

By Mor Ahuvia, Cybercrime Communications Specialist, RSA Advances made in the cybercrime world over the past year prove that the trickle-down effect does not only apply to tablet computers and space tourism. Rather, much like real world products, techniques that were once reserved for the cybercrime elite have trickled down to the public domain, bestowing…

HURRY! CITADEL IS GOING OFF THE OPEN MARKET!

Citadel – Yesterday and Today Citadel started as a Zeus v2 Trojan, deployed and tweaked by a crime gang using it for their own banking fraud operations, however once Citadel was released into the Russian-speaking underground in January 2012, it took on a life of its own being supported by a skillful, relentless development team.…

Life Grabbers and LinkedIn Passwords

The recent LinkedIn accounts compromise in which 6.5 million password hashes were published in the Russian hacker community grabbed a lot of media attention. In a hellish period of publicly known breaches that hit the front page news, with perimeter security defenses failing left and right in any possible vertical and geography, this incident stirs…

Eternal Flame

The Eternal Flame is something you’ll probably recognize as the ever burning fire in ancient Greece; but in fact it has deeper roots in the Middle East. The first records of such custom are, interestingly enough, set in ancient Iran and Israel. The security industry’s skies are now alight with Flame, the latest discovery in…

The eDead Trojan: A Synopsis of Geo-Targeted Spyware

While RSA FraudAction Research Labs does not usually focus on pure-play spyware, which is solely interested in users’ keyword searches and browsing habits, over the past year, the Lab has repeatedly detected and handled strains of malware called the eDead Trojan[1]. This highly-targeted spyware code was developed for the sole purpose of collecting keyword search…