Informative

From the Archives: Automation of Fraud – The Voxis Platform

During the recent months RSA  FirstWatch has identified a growing demand for tools to automate fraud related operations among the cybercriminals in their online communities and blackmarkets. Voxis is a fraudulent platform used by criminals to monetize stolen credit card credentials and increase their illicit revenues by automating fake transactions through multiple payment gateways. The FirstWatch…

Terracotta VPN: Enabler of Advanced Threat Anonymity

Today, RSA Research published an in-depth report on a commercial VPN network, originating in China, which we are calling “Terracotta”.  It is being used as a launch platform for APT actors including the now well-known Shell_Crew / Deep Panda group (which RSA exposed in a January 2014 report, http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf ). Terracotta’s network of 1500+ VPN…

CARIS Workshop Summary and Reflection

The Internet Architecture Board (IAB) and the Internet Society (ISOC) hosted a day-long Coordinating Attack Response at Internet Scale (CARIS) workshop which took place last Friday in coordination with the Forum for Incident Response and Security Teams (FIRST) Conference in Berlin. The workshop included members of the FIRST community, attack response working group representatives (APWG,…

CVSS Scoring: Why your Smart Refrigerator does not need to be Patched (Yesterday)

Is a CVSS score of 10, really a 10 in your environment? Vulnerability Risk Management is a work in progress for most organizations. Having dealt with many customers in this space, we have seen it all – the mature folks who utilize asset management to define ownership to multiple remediation teams – all the way…

Wolves Among Us: Abusing Trusted Providers for Malware Operations

Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and Control (C2) server. By leveraging trusted content providers, such as popular shopping sites and discussion forums, adversaries can perform operations within a network in plain…

End-to-End Message Encryption — Can it be done?

End-to-end (e2e) encryption for email is hard.  We know this from OpenPGP and S/MIME efforts with the main problem being around obtaining, installing, and exchanging keys.  While there are a number of positive efforts to fix e2e encryption for email, it may take a while for a viable easy to use solution to be deployed…