Speaking of Security – The RSA Blog and Podcast

“What tender days, we had no secrets hid away. Now it seems about a hundred years ago” from 100 Years Ago by The Rolling Stones Over the past 6+ years at RSA I’ve seen a lot of changes at RSA from acquisitions to new product launches to the dreaded “end of life” of a product.  I’ve [...]

A new iFrame traffic service opened for business to service cybercriminals came from an underground operator who apparently wished to provide his fraudster-buyers with an easy online platform through which they could buy or sell web traffic. Evidently, when used in the context of fraud, one can expect to see junk traffic leading to exploit kit infections, Trojan drive-by download sites, and live phishing pages.

The constant hustle and bustle of underground fraudster markets is a bountiful source for any and all types of fraud commodities and partnerships formed between seemingly anonymous criminals in the virtual world. And yet, one very prominent vertical, if we may, stands far out from the rest—credit card shops and just about everything that has [...]

Around this time last year you may have read my SecurityWeek article, The Optimist’s Cybercrime Predictions for 2011. Now that the year is drawing to an end, I thought it would be an interesting opportunity to look back to my 2011 predictions and see how each of them panned out.

  Host Michelle Adams-Dixon talks with Angel Grant, Senior Manager, Identity Protection & Verification for RSA about protecting yourself while shopping online this holiday season. Podcast: Play in new window | Download

So Cyber Monday has arrived, and tens of millions of consumers will be hitting the cyber waves to shop for the best holiday deals around. Most of them will be doing it on company time (myself included, I admit), but hey, my son really wants that video game and I can save 50% today only. But while Cyber Monday is packed with unbelievable deals for holiday shoppers, it is also a time when consumers need to take notice to ensure they don’t fall victim to fraud, and retailers and banks need to be on guard.

In the short time I’ve been blogging, I’ve written relatively often about automated CC stores. These websites offer fraudsters an automatic way of buying stolen credit cards – simply fund an account with e-currency, choose which type of card you would like, pay and receive the full credential. Their popularity has reached such a fever pitch. Recently, we’ve encountered a new development in the underground in regards to these sites – forums opening “official” stores.

Did you think it possible that organized cybercrime generated fraud revenues in the magnitude of those generated by illicit drug trafficking? Surprised? Fraudsters specializing in turning stolen information into cash and goods in the real world are a burden on the global economy, expressed through billions of dollars of fraud losses suffered by businesses and consumers every year.

Whenever we present about the underground and mention that fraudsters often post compromised credit cards for free we often get the question “Why would they do that?” Considering that unlike the hacker communities of years past, the underground economy is all about the money (and not bragging rights), this is a very legitimate question. After all, if the fraudsters’ goal is to maximize profit, why would they give away stuff they can otherwise sell? The answer is pretty straightforward.

Hello Man in The Middle, so we meet again. It appears that lately, this older and slower adversary is back in the wire fraud business, this time more organized and featured in better-orchestrated Trojan attacks than ever before. MiTM attacks were rather prominent through 2009 and used by most fraudsters to commit online banking fraud. MiTM [...]