Blog Archives

Microsoft engages cybergang that stole $500 million

Microsoft has orchestrated the bust-up of another top-tier botnet operation.

These bad guys – operators of the sprawling Citadel botnet — make the fictional band of sophisticated thieves from the movie Ocean’s 11 look like amateurs. Authorities estimate they’ve scored more than $500 million from banks in the United States and abroad by accessing online accounts and rerouting funds.

The software giant and the FBI, working with law enforcement and tech officials from some 80 countries, knocked out 1,000 of 1,400 of the Citadel botnets.

A botnet is a collection of hundreds to thousands of infected PCs that respond to commands routed through a command-and-control server, which is also an infected PC.

The bad guys running Citadel commanded as many as 5 million infected PCs, making Citadel one of the biggest botnet operations. Botnets are the engins that drive cybercrime. They fuel spam, denial of service attacks and cyberespionage. And they are used in big operations, like Citadel, to systematically hijack online financial accounts.  Read More

U.S. Spent $21B to Fight Global Cybercrime Last Year

Cyber Warfare

Every second, 18 people fall victim to cybercrime, and the U.S. is shelling out $21 billion a year to stop that.

According to the most recent Norton Cybercrime Report, the $110 billion global price tag of consumer cybercrime is equal to the amount of money Americans spent annually on fast food.

Based on data collected last year from 13,018 online adults ages 18 to 64 in 24 countries, antivirus firm Norton reported that two out of every three Internet users have been victimized at some point in their lifetime. On a grander scale, almost half of all online adults have been attacked by malware, viruses, hacking, scams, fraud, or theft.

But, as consumers go mobile, so do cybercriminals. Two out of three adults use a mobile device to access the Internet, which has led to the number of mobile-based vulnerabilities to double since 2010.

According to the Norton report, a majority of Internet users are concerned that cybercriminals are now setting their sights on social networks, which, based on data, might not be such a crazy idea. In 2011, four out of 10 social network users were the victim of social networking platform hacks.

Mobile users don’t have to live a life of fear, though. Norton suggested that cybercrime can be prevented, if people know how to handle their mobile devices.

According to the survey, 35 percent of adults have lost their phone or tablet, or had it stolen, and when two-thirds of people don’t set any sort of security solution on their device, it’s not hard for anyone to wiggle their way in.

A whopping 44 percent of people aren’t even aware, Norton said, that security for mobile devices exists.

It’s not only a matter of safeguarding your cell phone, but for those two-thirds of people surfing unsecure or public Wi-Fi networks, it could mean open access to personal emails, social networks, online shopping, or bank accounts.  Read More

Cyber Criminals Target Pinterest with Survey Scams

Pinterest, the third-most visited social networking site on the Web, “has become the social media platform of choice among criminals,” according to a report from Trend Micro, a security software firm.

Cyber Criminals Target Pinterest with Survey Scams

Cyber criminals are targeting Pinterest, a fast-growing social network with about 20 million unique users, Trend Micro announced in its quarterly threat report.

“Instead of targeting the biggest social networking site… [hackers] set their sights on smaller players like Pinterest,” the report said.

A favorite con aimed at Pinterest members is the survey scam, the report said. Members are duped into pinning items on their Pinterest pages that lead to sites designed to coax personal information from them and sign them up for unwanted mobile services.

Pinterest has also been attracting spammers lately, too. So much so that last week it had to lock down a number of accounts because of a spam outbreak on the site.

Trend Micro also reported that malware exploiting Google’s mobile operating system, Android,continues to grow at an alarming rate. It said the number of malware programs aimed at Android devices reached 25,000 last quarter. By year’s end, the company is predicting that number to balloon to 129,000.

Cyber Criminals Target Pinterest with Survey Scams

“The large Android user base translates to big business not only for Google but also for those who constantly target the OS,” the report observed. “With more than 400 million active Android-based devices and more than 600,000 apps available on Google Play, the number of attacks has nowhere to go but up.”

“The fact that only 20 percent of Android-based devices have security apps installed does not help,” it added.

Malicious Android programs identified by Trend Mircro included Botpanda, which allows attackers to gain root privileges on a phone, and Spyera, with a repertoire that includes recording a target’s phone calls.  Read More

Cybercriminals offer bogus fraud insurance services

Security researchers from Trusteer have spotted a clever new technique used by cybercriminals interested in optimizing their malicious campaigns in an attempt to earn more revenue.

Here’s how it works:

The recent attack we discovered uses the Tatanga malware platform. In the configuration file we captured, Tatanga notifies the online banking victim via a web browser injection that their bank is offering free insurance protection against online fraud.The victim is then presented with a fake insurance account that claims to cover the total amount of funds in their bank account. This fake insurance account is actually a real bank account that belongs to a money mule. The victim is told that they will be protected against any losses from online fraud by this insurance coverage. In the final step, the victim is prompted to authorize a transaction that they believe is to activate the insurance coverage. In all likelihood, the victim does not expect any funds will be transferred out of their account.To approve the transaction the victim enters a one-time SMS password that is sent to their mobile device. Unfortunately, the victim is actually approving a transfer of funds from their account to the fraudster’s money mule account.

Despite the technological implementation behind the success of the campaign relies on the Tatanga malware platform, a central role for the success of the concept is played by money mules.

Recruited though bogus ‘work at home’ job offers offering up to 45% revenue sharing schemes for amounts starting from $5000 and going up to $7000, thousands of average Internet users unknowingly become active participants in the cybercrime ecosystem. The process, now largely standardized, relies on bogus companies set up for the purpose of recruiting unaware Internet users into processing fraudulently obtained funds.  Read More

Commercial enterprises are putting our critical infrastructure at risk

Cybercriminals have already figured out how to hack into enterprise infrastructure, and the critical infrastructure that controls our nation’s supply of water, gas, oil and electricity just might be next.

With so many connections and shared vulnerabilities between the two infrastructures, the inevitability of this is unsettling. If the critical infrastructure is successfully penetrated, electrical grids could be shut down, water supplies could be turned off, telecommunications channels could be severed, and transportation systems could come to a halt. Take the electrical grid offline and massive numbers of power-reliant entities could grind to a halt, including everything from banks to hospitals.


Each day brings media attention to yet another breach, but it seems we are unable to make headway on the security front. It’s certainly not from a lack of resources; we have plenty of technology, standards, and regulations to draw upon.

It seems to boil down to the fact that we continue to do stupid things. We still write insecure code. We still don’t patch our systems. We still don’t control user rights properly. We still use the same usernames and passwords across multiple accounts throughout both our personal and business worlds. And, you guessed it — these passwords we use aren’t even managed well. It’s no wonder corporations continue to get hacked.

But what we should be most concerned about is that our two infrastructures — the private/commercial/enterprise infrastructure and the critical/industrial/utility infrastructure — are interconnected in many ways, and security weaknesses within either therefore put both at risk.  Read More

%d bloggers like this: