THE CURRENT STATE OF CYBER THREATS
INTH3WILD is an RSA thought leadership platform where we share our research findings, opinions and industry trends on external threats organizations face in the wild. Our focus is on Advanced Threats such as APTs and cyber espionage as well as Fraud & Cybercrime including but not limited to new malware families and attack methods.
Was that a typo? What is a “KINS”? Well, it appears that KINS is the name of a new professional-grade banking Trojan that is very likely taking its first steps in the cybercrime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors.
Be it internal disagreements within the Carberp team, or law enforcement pressure following the arrests in 2012, the Carberp cyber gang members have disbanded, leaving their Trojan code publicly available, following a failed attempt to sell it. Stop me if you’ve heard this before…
In somewhat tardy fashion, Bugat joins the lineup of banking malware that makes use of SMS capturing mobiles apps. The first occurrences of such malware were observed in use by Zeus and SpyEye Trojan variants, which were respectively dubbed ZitMo and SPitMo (Zeus-in-the-Mobile, SpyEye-in-the-Mobile).
Hacktivism and the Ever-Targeted Enterprise It’s no surprise that hacktivism continues to be top of mind. We are seeing the weaponization of financial Trojans such as Zeus variants being used in APT-style attacks and the Citadel financial Trojan which has the ability to map the corporate network. Hacktivism is also making waves in the underground for financially motivated criminals as they seek to buy the information stolen in these attacks to commit fraud.
Privatizing Financial Banking Trojans and other Malware Cybercriminals are slowly bringing malware development deeper into the underground due to fear of infiltration by undercover agents. Yet, development has not slowed down by any means. For cybercriminals that rely on commercial malware offerings, this past year showed Trojan development increase – beginning with the introduction of Citadel and ending with the return of the Carberp Trojan.
E-mail has long been used as an effective attack vector for delivering malware and conducting phishing attacks. We get unsolicited and potentially malicious emails like this in our inbox nearly every day, but what really makes an e-mail attack successful has more to do with trust than anything else. If an e-mail appears to be…
Did you know you that social media followers and “likes” are a hot commodity on the black market? People want to be popular and some will even pay big bucks for it. Lists of Twitter followers have been known to go for more than even stolen credit card information, and it appears that Instagram followers are the next big thing.
An unusual variant of the Zbot Trojan has recently been taking advantage of this trend. The typical charter of Zbot has been to attempt to swipe passwords, but now this variant has also started to check for availability of Instagram usernames – likely in an effort to create an army of fake Instagram users that can be sold as followers to help individual users or businesses create an image of popularity.
This week the RSA FirstWatch team released research that explores the realities associated with long-term Advanced Persistent Threat (APT) analysis. The report, The Cyber Espionage Blueprint Understanding Commonalities in Targeted Malware Campaigns, is the culmination of a year’s worth of research from the RSA FirstWatch team.
- User Define System
- log time is different
- if enable ssl communication, any impact on the performance
- ipdb rule not working after configuring the ipdb extractor
- how malware analysis works
- question regarding reimage/reinstall the SA appliances
- SA with SAN storage
- SA 10.2 SP1, Licensing and Update Problems
- Can anyone help me in configuring DAC with decoder and concentrator
- Share rules that are being used for investigation of large number of failed logins