Speaking of Security – The RSA Blog and Podcast

I have written about the mobile based threats, specifically mobile app-based threats before and I am writing again, because I want to highlight a couple of proof points that we have seen in the last couple of months.

The FraudAction Research Lab has recently analyzed a Zeus 2.1.0.1 variant downloading an additional Trojan into infected PCs by fetching a Citadel Trojan. RSA is witness to many Zeus botmasters who upgraded and moved up to Ice IX neighborhoods, and now, to yet another summer home – Citadel infrastructures.

Word of yet another historical moment in cybercrime is quickly spreading through the fraud underground and through the legitimate web – the Zeus Trojan’s source code has been made public and is now freely available to anyone wanting a piece of the infamous old “King of Trojans.”

The RSA FraudAction Research Lab recently discovered evidence of cybercriminal attempts to sabotage the Swiss white hat site, abuse.ch through new plug-ins to the latest SpyEye Trojan variants found in the wild. This move is significant in that it shows how fraudsters are eager to damage the non-profit website’s availability and credibility – a sign of the apparent effectiveness of SpyEye Tracker and that it represents more than just a thorn in the side of many Zeus- and SpyEye-toting botmasters.

Some good folks and I wrote a security brief detailing strategies for effectively evolving security operations in the face of escalating APTs. Rather than just put it out there, I thought it would be worth diving into why SOCS need to be more intelligent!

Zeus 2.1 offers additional improvements worth noting such as helping botnet operators to gain better insight into his/her victims – insight which could later be monetized.

I don’t know about you, but I was a bit disappointed with the whole WikiLeaks thingy. I mean, come on. The build up was brilliant: you would have thought we’ll finally have irrefutable evidence that a UFO landed in Roswell, that JFK’s assassination was indeed a CIA ploy, and that the 1969 moon landing was a NASA concocted hoax.

IT people have always been the metaphorical sort. Turning technology issues and solutions into real-life oriented allegories allows us to express esoteric or complex ideas in simple, relatable terms. Metaphors help us turn the 1s and 0s, the bits and bytes, into tangible examples that allow us to communicate the complex ideas. Information Security has traditionally taken many of its metaphors from the military world – defense in depth, bastion hosts, DMZs, honey pots… ok, well honey pots are more of a Winnie the Pooh thing but you get the point. The fact remains that Information Security professionals have always looked to this universe of conflict and war to get its metaphors.

While the name Qakbot may sound funny, the Trojan is targeting business and corporate accounts—and no one is laughing. Named after its main executable file, _qakbot.dll, the Qakbot Trojan is not new; however the RSA FraudAction Research Lab has uncovered some unique attributes of Qakbot rarely seen before in other financial crimeware.

…focusing on mules and mule herders is a relatively new, necessary direction. Mules should get the attention not only from law enforcement, but from the banking and security industries as well. We all have to remember that no mules = no cash.