Speaking of Security – The RSA Blog and Podcast

To me, online dating these days is not much different than online fraud. I speak from personal experience on both – as someone who has experienced the thrills of online dating sites (NOTE sarcasm here) and has the privilege of witnessing the latest online scams that fraudsters pull on a daily basis. I live in both worlds – and trust me, they are not much different.

They say history repeats itself, or perhaps this is the story of a community recovering from a catastrophe. Either way, the underground is returning to its former glory, and not just in how much business is being conducted – but how it is conducted.

Fraudsters continue to extend their global reach through geo-targeted services and crimeware strains: Country-specific malware-infection services are readily sold to bot-herders via dedicated websites, with rates ranging from $30 to $250 per 1,000 infected computers. Ready-made botnets can be purchased in the underground along with HTML injections that target the region’s largest financial institutions, enabling [...]

Everybody knows that the Russian fraudsters are more sophisticated than their English-speaking counterparts. However, this isn’t the only geographic-related difference between fraudsters.

Over the past few weeks, there have been several reports about the ways in which cybercriminals are making it harder to detect fraud by concealing what they’re doing as evidenced by a new kind of man-in-the-middle attack on Facebook users.

In one of its recent findings, RSA FraudAction Research Labs has uncovered yet another new underground shop which was opened a few weeks ago, selling fraud commodities e-commerce style. The new shop offers access to compromised resources, compromised webmaster credentials, and custom PHP coding for their cybercrime clientele.

Of all the terms describing identity theft methods, “Vishing” (which stands for “Voice Phishing”) is perhaps the most ambiguous one. A simple Google query for the definition of the term shows just some of its multiple interpretations. But why are fraudsters using this type of attack?

A new iFrame traffic service opened for business to service cybercriminals came from an underground operator who apparently wished to provide his fraudster-buyers with an easy online platform through which they could buy or sell web traffic. Evidently, when used in the context of fraud, one can expect to see junk traffic leading to exploit kit infections, Trojan drive-by download sites, and live phishing pages.

The constant hustle and bustle of underground fraudster markets is a bountiful source for any and all types of fraud commodities and partnerships formed between seemingly anonymous criminals in the virtual world. And yet, one very prominent vertical, if we may, stands far out from the rest—credit card shops and just about everything that has [...]

Around this time last year you may have read my SecurityWeek article, The Optimist’s Cybercrime Predictions for 2011. Now that the year is drawing to an end, I thought it would be an interesting opportunity to look back to my 2011 predictions and see how each of them panned out.