An APT Case Study

The RSA IR team deals with APT actors on a daily basis on networks of various sizes. Regardless of the size of the network, or the number of advanced actors we find in them, one thing is paramount to both us and our customers during investigations: the ability to quickly scope severity of the intrusion. …

Read More
Media Provided by :

Wolves Among Us: Abusing Trusted Providers for Malware Operations

Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and Control (C2) server. By leveraging trusted content providers, such as popular shopping sites and discussion forums, adversaries can perform operations within a network in plain…

Read More

RSA Uncovers New POS Malware Operation Stealing Payment Card & Personal Information

In a recent investigation, RSA researchers uncovered the server infrastructure used in a global Point-of-Sale (PoS) malware operation responsible for the electronic theft of payment card and personal data from several dozen retailers, mostly based in the U.S. Infection activity has also been detected in 10 other countries including Russia, Canada and Australia. While the malware used in the operation is not new, RSA researchers discovered that, beginning October 25th, it had logged track 1 and 2 data of payment cards it had scraped from infected PoS systems.

Read More

RSA Peeks into the Bits of New Linux-based Trojan Hand of Thief #INTH3WILD

Although the malware has not been traced in the wild yet, the RSA FraudAction team has obtained its builder and created Hand of Thief binaries, testing its actual functionality, exposing the operational features, as well as revealing the bugs that can prevent it from stealing data from Linux users. RSA’s research and analysis shows that, in reality, the Hand of Thief Trojan’s grabbing abilities are very limited if not absent, which would make the malware a prototype that needs a lot more work before it can be considered a commercially viable banking Trojan.

Read More

Got an Extra $40,000 Lying Around? Carberp is Back on the Market!

In a surprising move that came about earlier this week, team Carberp decided to offer their Trojan to cybercriminals for monthly usage fees ranging from $2,000 to $10,000 per month depending on the number of modules and plugins desired. Those wishing to purchase the Trojan can opt to invest a whopping $40,000 for a full kit, including the malware’s builder and an improved bootkit version. At no point in cybercrime history has any developer asked such price for a banking Trojan.

Read More

Cyber Gang Seeks Botmasters to Wage Massive Wave of Trojan Attacks Against U.S. Banks

In one of the most interesting cases of organized cybercrime this year, a cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign. Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters. RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date.

Read More