Speaking of Security – The RSA Blog and Podcast

Whether it is to Phish, to infect, or to sell credentials, cybercriminals have always required an infrastructure to commit their crimes – servers, PHP scripts, vulnerabilities and more. Many of the trends in recent years, such as the explosion of botnets and credit card stores, have led to the rapid expansion of this infrastructure.

Online banking losses have increased 28% year-on-year. UK Cards offered some explanation quoting the fact that phishing attacks had increased by 199% over the past 12 months. The only reason I can think of why phishing attacks continue to rise is because fraudsters are still catching victims. Phishing is still a viable form of credential harvesting providing a meaningful return on investment for fraudsters.

Evolution isn’t just about making things better but to adjust living creatures to their ever changing surroundings. Fraud in that sense is also adapting, but instead of searching for food like a giraffe, it adapts to obtaining as much money as possible. If money from one fraud chain depletes, it would adapt and create a different one.

To me, online dating these days is not much different than online fraud. I speak from personal experience on both – as someone who has experienced the thrills of online dating sites (NOTE sarcasm here) and has the privilege of witnessing the latest online scams that fraudsters pull on a daily basis. I live in both worlds – and trust me, they are not much different.

They say history repeats itself, or perhaps this is the story of a community recovering from a catastrophe. Either way, the underground is returning to its former glory, and not just in how much business is being conducted – but how it is conducted.

Fraudsters continue to extend their global reach through geo-targeted services and crimeware strains: Country-specific malware-infection services are readily sold to bot-herders via dedicated websites, with rates ranging from $30 to $250 per 1,000 infected computers. Ready-made botnets can be purchased in the underground along with HTML injections that target the region’s largest financial institutions, enabling [...]

Everybody knows that the Russian fraudsters are more sophisticated than their English-speaking counterparts. However, this isn’t the only geographic-related difference between fraudsters.

Over the past few weeks, there have been several reports about the ways in which cybercriminals are making it harder to detect fraud by concealing what they’re doing as evidenced by a new kind of man-in-the-middle attack on Facebook users.

In one of its recent findings, RSA FraudAction Research Labs has uncovered yet another new underground shop which was opened a few weeks ago, selling fraud commodities e-commerce style. The new shop offers access to compromised resources, compromised webmaster credentials, and custom PHP coding for their cybercrime clientele.

Of all the terms describing identity theft methods, “Vishing” (which stands for “Voice Phishing”) is perhaps the most ambiguous one. A simple Google query for the definition of the term shows just some of its multiple interpretations. But why are fraudsters using this type of attack?