Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
The RSA FraudAction Research Lab is made up of some of RSA's most experienced internet security researchers, engineers and intelligence professionals with expertise in vulnerability research, reverse engineering and in-depth malware analysis. In this blog we report real-time developments in electronic crime, those who perpetrate it and the tools and methods they use. Research Lab blog posts bring you this diverse team's unprecedented insight, findings and opinions on topics including Underground Economy and fraud trends, fresh news from the world of cybercrime, information about Trojans, Phishing techniques, Botnets and how fraud from the online realm touches day-to-day life in the real world. Subscribe to The RSA Fraud Action Research Lab's RSS feed
By Limor S. Kessem, Cybercrime and Online Fraud Communications Specialist, RSA Although the title of this blog may call to mind the first line of quite a number of old jokes, it appears that hacktivists, phishers and the everyday Internet user have enough in common to raise concerns of financial fraud, especially in light of [...]
A recent discovery by RSA researchers shows a new FaaS offering that is being marketed directly via a popular social network. The sale item: a customized botnet panel programmed to work with the Zeus Trojan – both reworked by what appears to be an Indonesian-speaking malware developer.
Beyond having compiled a working Zeus Trojan kit, the developer customized an attractive control panel for the admin (basic and familiar in functionality, and taken from previous Zeus versions), the developer and his team created a demo website for potential buyers – which they have no qualms about sharing publicly, and best of all—a Facebook page with frequent updates and information about botnets, exploits, cybercrime, and their own product (Zeus v 1.2.10.1).
As phishers will have it, phishing attacks are quite the seasonal trend. It seems that every April, right after a slow first quarter, fraudsters awaken and get back to working on vast spam campaigns that ride the tides of tax-filing season. This time of year brings a few flavors of spam into the mailboxes of online users, including malware attachments purporting to be tax statements, tax authority-themed phishing, and online tax filing scams. In this special highlight, we will cover the main types of online threats that star during the tax filing season, most of which are already rampant in the wild.
As we close out 2012, it’s safe to say that phishing has had yet another record year in attack volumes. The total number of phishing attacks launched in 2012 was 59% higher than the total calculated for 2011, up from 279,580 attacks to 445,004, costing the global economy over $1.5 billion dollars in fraud damages. According to RSA research, this amount is 22% higher than the losses recorded in 2011, part of the growing worldwide monetary losses associated with phishing attacks.
In a surprising move that came about earlier this week, team Carberp decided to offer their Trojan to cybercriminals for monthly usage fees ranging from $2,000 to $10,000 per month depending on the number of modules and plugins desired. Those wishing to purchase the Trojan can opt to invest a whopping $40,000 for a full kit, including the malware’s builder and an improved bootkit version. At no point in cybercrime history has any developer asked such price for a banking Trojan.
Over the past several weeks, RSA has been noticing more signs of the gradual withdrawal of the Citadel Trojan kit from the forums it has been sold on thus far. One example is a recent incident between Aquabox and one of his buyers – who accused Aquabox of becoming corrupt by all the money Citadel has been earning him. The case was publicly exposed on the board and ended in the banning of Aquabox from one of the largest online crime communities Citadel was ever part of. Aquabox did not even care to retort.
In one of the most interesting cases of organized cybercrime this year, a cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign. Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters. RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date.
The results are in for the first half of 2012, and once again, phishing attack numbers mark a notable increase on the global scale. Compared with H2 2011, end of June numbers show a 19% increase as phishers heavily target the UK, U.S. and Canada – and their associated brands – with the same old online [...]
Mobile apps, and the content they provide, are the reason smartphones and tablets are so popular; recent statistics show that mobile users around the globe download over 67 million app every day! Although these numbers are staggering, security-awareness did not follow, and it was a matter of time – and only logical for cybercriminals – before online threats, such as phishing and malware, became a reality on mobile devices.
