blog trackingRealtime Web Statistics Cybercriminals Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Cybercriminals’

Europol launches taskforce to fight world’s top cybercriminals

Source: National Cyber Security - Produced By Gregory Evans

Europol launches taskforce to fight world’s top cybercriminals



Cybercrime experts from police forces around the world are coming together to form a new body, the Joint Cybercrime Action Taskforce (J-CAT), aiming to tackle the smartest online criminals. Andy Archibald, deputy head of the National Cyber Crime Unit with […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Europol launches taskforce to fight world’s top cybercriminals appeared first on National Cyber Security.

View full post on National Cyber Security

Investigators No. 1 Challenge is Identifying Cyber-Criminals

A hacker known as “Track2″ helped steal more than 200,000 credit card numbers from small retailers across the United States and sold them online to other criminals for more than $2 million, according to a federal indictment. “This is a […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Investigators No. 1 Challenge is Identifying Cyber-Criminals appeared first on National Cyber Security.

View full post on National Cyber Security

Cybercriminals abusing Microsoft Azure for phishing attacks

NCS_FBI11-145x150

CyberCriminals usually host fake web pages on hacked websites, free web hosting, more recently they abused Google Docs.  These fake pages(phishing pages) trick unsuspecting users into handing over their personal and financial information. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Cybercriminals abusing Microsoft Azure for phishing attacks appeared first on National Cyber Security.

View full post on National Cyber Security

Cybercriminals honing Android malware skills in Russia

Sophos says they’re starting in Russia, but will expand with success

View full post on Techworld.com security

View full post on National Cyber Security » Computer Hacking

Cloud payroll services the target of cybercriminals using Zeus malware

Cybercriminals are using the Zeus online banking malware to target companies that use cloud-based payroll services, according to researchers from security firm Trusteer.

The researchers have come across a Zeus configuration that monitors the log-in web page of a Canadian provider of human resources and payroll services called Ceridian Canada, with the purpose of stealing authentication information from its customers.

The malware steals user IDs, passwords and company numbers when users authenticate on Ceridian’s clients.powerpay.ca website from infected computers and automatically takes screenshots of their answers to the site’s image-based verification system.

Trusteer expects payroll services to become increasingly targeted by cybercriminals who can more easily steal large amounts of money through them than from regular online banking accounts, the company’s chief technology officer, Amit Klein, said.

In general, the authentication protection measures used by payroll services lag a few years behind those used by online banking websites, Klein said.

Also, because payroll services can be accessed from anywhere, it’s not always necessary for attackers to break into a corporate network to perform fraud, he said. The authentication credentials can be stolen and abused through a laptop that’s regularly removed from the enterprise premises.

Once in possession of the stolen authentication credentials, the cybercriminals can add fake employees in the payroll system and transfer considerable sums of money to accounts the criminals control.

Last year, a group of cybercriminals used this method to steal $217,000 from a nonprofit organisation called the Metropolitan Entertainment Convention Authority (MECA) based in Omaha, Nebraska.

The attackers transferred money through MECA’s payroll system to the bank accounts of US residents hired through work-at-home scams, who then wired the funds out of the country, Klein said.

Unfortunately, running an antivirus program is often not enough to prevent Zeus infections, because cybercriminals who use this Trojan horse perform reconnaissance before launching their attacks in order to learn what security products their targets use. They then alter the malware to evade detection by those applications.

Products like Trusteer’s Rapport are designed to secure web browsing sessions so that malware can’t tamper with them and steal credentials. However, security experts have advised organisations in the past to only perform sensitive financial activities from dedicated computers that aren’t used for other tasks, or to do so by booting from a Linux live CD in order to decrease the chances of malware interference.

Article source: http://rss.feedsportal.com/c/270/f/470440/s/1e4b2270/l/0Lnews0Btechworld0N0Csecurity0C3350A4150Ccloud0Epayroll0Eservices0Etarget0Eof0Ecybercriminals0Eusing0Ezeus0Emalware0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Virus/Malware/Worms

Cybercriminals Use Zeus Malware to Target Cloud Payroll Services

Cybercriminals are using the Zeus online banking malware to target companies that use cloud-based payroll services, researchers from security firm Trusteer said Monday.

The researchers have come across a Zeus configuration that monitors the log-in Web page of a Canadian provider of human resources and payroll services called Ceridian Canada, with the purpose of stealing authentication information from its customers.

The malware steals user IDs, passwords and company numbers when users authenticate on Ceridian’s clients.powerpay.ca website from infected computers and automatically takes screenshots of their answers to the site’s image-based verification system.

Trusteer expects payroll services to become increasingly targeted by cybercriminals who can more easily steal large amounts of money through them than from regular online banking accounts, the company’s chief technology officer, Amit Klein, said in a blog post.

In general, the authentication protection measures used by payroll services lag a few years behind those used by online banking websites, Klein said via email.

Also, because payroll services can be accessed from anywhere, it’s not always necessary for attackers to break into a corporate network to perform fraud, he said. The authentication credentials can be stolen and abused through a laptop that’s regularly removed from the enterprise premises.

Once in possession of the stolen authentication credentials, the cybercriminals can add fake employees in the payroll system and transfer considerable sums of money to accounts the criminals control.

Last year, a group of cybercriminals used this method to steal US$217,000 from a nonprofit organization called the Metropolitan Entertainment Convention Authority (MECA) based in Omaha, Nebraska.

The attackers transferred money through MECA’s payroll system to the bank accounts of U.S residents hired through work-at-home scams, who then wired the funds out of the country, Klein said.

Unfortunately, running an antivirus program is often not enough to prevent Zeus infections, because cybercriminals who use this Trojan horse perform reconnaissance before launching their attacks in order to learn what security products their targets use. They then alter the malware to evade detection by those applications.

Products like Trusteer’s Rapport are designed to secure Web browsing sessions so that malware can’t tamper with them and steal credentials. However, security experts have advised organizations in the past to only perform sensitive financial activities from dedicated computers that aren’t used for other tasks, or to do so by booting from a Linux live CD in order to decrease the chances of malware interference.

Article source: http://www.pcworld.com/businesscenter/article/253505/cybercriminals_use_zeus_malware_to_target_cloud_payroll_services.html

View full post on National Cyber Security » Virus/Malware/Worms

GFI Labs Observes Cybercriminals Exploiting High-Profile Brands to Capture Victims’ Attention

CLEARWATER, Fla., April 3, 2012 /PRNewswire/ – GFI Software today released its VIPRE® Report for March 2012, a collection of the 10 most prevalent threat detections encountered last month. GFI Labs also documented several spam attacks and malware-laden email campaigns infiltrating users’ systems under the guise of communications from well-known companies and promotions for popular products and services.  Google, LinkedIn®, Skype and the video game Mass Effect 3 were among the brands exploited by cybercriminals.

(Logo: http://photos.prnewswire.com/prnh/20120330/NE79547LOGO )

“Taking advantage of the notoriety of companies, celebrities and major events is a tactic cybercriminals continue to use because it works,” said Christopher Boyd, senior threat researcher at GFI Software. “They know that Internet users are bombarded with countless emails every day, and these scammers prey on our curiosity and our reflex-like tendency to click on links and open emails that look like they’re coming from a company we know and trust.”

Google served as the hook for two particularly nasty scams uncovered by GFI in March. One SEO poisoning attack told users that “Google systems” had detected malware on their computer and directed them to download a rogue antivirus program. Meanwhile, spammers inundated mailboxes with messages containing fake announcements for “Google Pharmacy,” a phony service touted as a “pharmaceutical interface for Google.” The body of the email included a single image rather than text in order to circumvent spam filters. Victims who visited the URL contained in the image spam were directed to Pharmacy Express, a site linked to spam attacks since 2004.

Users of popular social networking site LinkedIn received fake invitation reminders redirecting them to a BlackHole exploit and infected their machines with Cridex, a Trojan that has targeted banks, social networks and CAPTCHA tests. Other cybercriminals targeted Skype users with a spam campaign claiming to offer free Skype Credit, but instead directed users to a compromised site hosting malicious Java exploits. Meanwhile, messages claiming to come from the U.S. Securities and Exchange Commission warned business recipients that a complaint had been filed against their company and would result in an investigation if not handled within 28 days. Users who were frightened into clicking on the nonexistent “complaint details” were directed to a page containing a Blackhole exploit kit targeting vulnerabilities in Adobe® and Microsoft® products.

Finally, March has been awash with scams and cybercrime efforts revolving around the launch of Mass Effect 3, one of the most eagerly awaited games of the year. GFI Labs warned of users being duped with fake alternative ending downloads for the game, taking advantage of the well-publicized intention of the game’s maker to clarify the ending, which has been broadly discussed online. The fake downloads eventually lead the user to fake surveys and other affiliate marketing scams.

“If something seems off, users should trust their instincts and investigate further,” continued Boyd. “The important thing for everyone to remember is that the Internet provides us with the ability to easily double check every link or attachment that we come across with a simple web search. Pay attention to details such as link URLs, and scrutinize where they are directing you if there is any doubt. This may sound like common sense, but having this mindset can often be the difference between avoiding a stressful attack and losing valuable time, money and personal information.”

Top 10 Threat Detections for March

GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that the top eight detections from February remained in the top 10 for March.  

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.

For more information
GFI Software
Please email David Kelleher at dkelleher@gfi.com
GFI – Malta: Tel: +356 2205 2000; Fax: +356 21382419.
URL: http://www.gfi.com.

Davies Murphy Group
Please email Brian Alberti at gfi@daviesmurphy.com
GFI – US: Tel: +1-781-418-2403

Disclaimer
Copyright © 2012 GFI Software. All rights reserved. All other trademarks are the property of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.

Article source: http://finance.yahoo.com/news/gfi-labs-observes-cybercriminals-exploiting-130500567.html

View full post on National Cyber Security » Virus/Malware/Worms

IT Must Change Security Strategies to Keep Up With Cybercriminals

With an eye to the threat horizon several years out, organizations can no longer afford to leave responsibility for managing security risks at the door of the information security department. Instead, organizations must adopt a much more strategic and business-based approach to risk management, says Steve Durbin, global vice president of the Information Security Forum (ISF).

“While we’re now emerging from the economic downturn, certainly here in the U.S. at least, there has been reduced investment across the enterprise and in information security in particular,” Durbin says. “Enterprises are now playing catch up. Cybercrime, the malspace, those guys didn’t suffer from the downturn.”

“While individual threats will continue to pose a risk, there is even more danger when they combine, such as when organized criminals adopt techniques developed by online activists,” he adds. “Traditional risk management is insufficiently agile to deal with the potential impacts from activity in cyberspace. While executives recognize the benefits and opportunities cyberspace offers, their organizations must extend risk management to become more resilient, based on a foundation of preparedness.”

The ISF is a nonprofit association that researches and analyzes security and risk management issues on behalf of its members, many of whom are counted among the Fortune Global 500 and Fortune Global 1000. The ISF recently released Threat Horizon 2014, the latest in an annual series of Threat Horizon reports that forecasts the changing nature of the information security landscape. The ISF has predicted that both the range and complexity of information security threats will increase significantly over the next two years, and organizations must prepare now.

Durbin notes that security is no longer just a matter of protecting data and IP. Data breaches can have a material impact on brand and reputation–and ultimately stock price–Durbin says, making security a top-level matter for the business as a whole.

The report identifies three primary drivers of risk that organizations should focus upon over the next two years.

External Security Threats

External threats will remain a top consideration and Durbin predicts the threat will evolve as a result of the increasing sophistication of cybercrime, state-sponsored espionage, activism’s shift online and attacks on systems that affect the physical world, including industrial control systems. The ISF predicts the following:

Cyber criminality will increase as the malspace matures. Organizations that commit cybercrime, espionage and other malevolent activity online have already achieved global scale and incredible sophistication and will continue to grow and develop in the coming years.

The cyber arms race will lead to a cyber cold war. Nations are already in the process of developing more sophisticated ways to attack via cyberspace and will improve their capabilities in the coming years. Nations that haven’t already developed this capability will get programs under way. And businesses in the private sector shouldn’t assume they’ll be immune. The ISF predicts businesses will suffer collateral damage, especially as targets for espionage will include anyone whose intellectual property can turn a profit or confer an advantage.

More causes will come online and activists will become more active in cyberspace. The ISF predicts anyone who is not already using the Internet to advance their cause will start doing so over the next two years, including customer affinity groups, community associations, terrorists, dictators, political parties, urban gangs and more. All of them will find inspiration in the examples of the Arab Spring, Occupy Wall Street and Wikileaks.

Cyberspace will get physical. The Stuxnet computer worm that destroyed a number of uranium enriching centrifuges in Iran in 2010 was an early example of this trend, Durbin says. The ISF believes the increasing convergence of cyber and physical will lead to more attacks on physical systems, from attempts to turn off lights and climate control systems to disrupting manufacturing systems.

To prepare for these threats, the ISF recommends that organizations ensure that standard security measures are in place, and that they develop cyber resilience by establishing a cyber security governance function, timely attack intelligence gathering and sharing, a resilience assessment and adjustment capacity and a comprehensive response plan.

Regulatory Threats

Malicious outsiders aren’t the only things organizations should be worrying about. The regulatory environment also bears watching. ISF predictions include the following:

New requirements will expose weaknesses. The move toward transparency in security disclosures will publicize weaknesses. The ISF says organizations forced to report security risks may have as much to fear from customers and business partners as from hackers and regulators.

A focus on privacy may be a distraction from other security efforts. New privacy requirements demanded by consumers, business customers and regulators will impose a heavy compliance burden, the ISF says. Organizations will have to decide whether to invest in the necessary security and legal controls, outsource or leave certain markets all together. The ISF notes organizations will also have to consider the message their actions send to customers.

To prepare for these threats, the ISF says organizations should amend their data protection frameworks and information management procedures to reflect legislative changes and review new requirements in detail to align privacy-related controls with other controls. The ISF also recommends joining and participating in industry and other associations to assess and influence policy.

Internal Security Threats

There are also internal issues to consider, both as a legacy of under-investment during the economic downturn and the blistering pace of technology evolution. The ISF predicts the following:

Cost pressures will stifle security investment, harming the information security function’s capability to keep up. Even organizations that are once again investing in information security can’t correct a history of under-investment overnight. But cybercriminals have continued to invest in their capabilities throughout the downturn, and organizations can expect that it will be easier and less expensive for criminals to acquire the technology and services they need to perpetrate their crimes.

Clouded understanding will lead to an outsourced mess. The ISF believes that continuing cost pressure will lead to a new digital divide that separates businesses into organizations that understand the marriage between IT and information security and organizations that don’t. It predicts leading organizations will appreciate the strategic value of channels, systems and information and will invest in those areas. Organizations that don’t get it will suffer competitive disadvantage and heightened risk of damaging incidents.

New technologies will overwhelm. The ISF expects organizations to continue to rapidly adopt new technology. Along with the business benefits of doing so will come new vulnerabilities and methods of attack. Organizations must understand their dependence on technology or suffer a nasty surprise.

The supply chain will spring a leak as the inside threat comes from outside. The ISF notes that a modern organization’s data is spread across many parties, leaving their data vulnerable to incidents that affect their suppliers. The ISF says these risks will increase as organizations further digitize their supply chains, outsource additional functions and rely on external advisors.

To prepare for these threats, the ISF recommends security professionals help senior management understand the value of information security. Organizations should adopt information security governance and integrate it with other risk and governance efforts within the organization. Businesses also need to understand their risk appetite and ensure the value of continuous security investment meets the business need and is adequate and well spent.

Finally, enterprise also need someone to take ownership of coordinating the contracting and provisioning of business relationships, including outsourcers, offshorers, supply chain and cloud providers.

Thor Olavsrud is a senior writer for CIO.com. Follow him @ThorOlavsrud.

Article source: http://www.pcworld.com/businesscenter/article/253054/it_must_change_security_strategies_to_keep_up_with_cybercriminals.html

View full post on National Cyber Security » Virus/Malware/Worms

UK prepared for cyberattack, but cybercriminals ‘faster and swifter’

The UK is relatively well prepared for cyberattacks but it has more work to do, according to a new cybersecurity study from McAfee and the Security Defence Agenda (SDA).

The report, which ranks 23 countries on cybersecurity readiness, gives no countries the highest mark, five stars. Israel, Sweden and Finland each get four and a half stars, while eight countries, including the UK, US, France and Germany, receive four stars. India, Brazil and Mexico ranked near the bottom.

No country is ahead of cyberattackers, said Phyllis Schneck, CTO of the public sector for McAfee. The bad guys are “faster and swifter” than the good guys, she said.

Cybercriminals don’t have to wrestle with legal and policy questions and freely share information with each other without worrying about competitive issues, she said. “We’re up against an adversary that has no boundaries, and we have to go to meetings and write reports to put data together,” Schneck added. “We’re at a huge disadvantage.”

SDA, a cybersecurity think tank in Brussels, interviewed 80 cybersecurity experts for the report and surveyed an additional 250 – 57% of survey respondents said they believe a cyber arms race is happening, and 36% said they believe cybersecurity is more important than missile defence, while 45% said that cybersecurity is as important as border security.

A common theme among the cybersecurity experts was a need for real-time global information-sharing about cyber-threats. Cyber-experts have long called for the better sharing of information among companies and between private businesses and government, Schneck said, but the report opens up the idea of new global agreements – short of difficult-to-approve treaties – that can lead to information sharing.

Countries can work together to establish information-sharing “rules of the road,” Schneck said. “While you can’t have a free for all – just throw it all out there – there should be a way to take the most egregious information and make it actionable by a man on a machine.”

Companies are worried about endangering their customers, lowering their stock prices and other problems that come from sharing too much information, she added. “I think every rational person on the planet would agree that, if you put all our information together, we get a better threat picture,” she said. “By the time we figure out the crumb that we can share, it’s no longer even valuable.”

But real-time information sharing is one way legitimate groups can gain an advantage over cyberattackers, Schneck said. “That’s what the adversary cannot do,” she said. “The adversary does not own the network infrastructure; the good guys do. They can’t do anything real time, as far as putting data together, we can.”

In the country rankings, cybersecurity experts interviewed for the report praised US efforts, including the creation of a White House cybersecurity czar last year. In recent years, the US government has focused more on cybersecurity, they said.

Countries ranking in the middle of the pack included Japan, China, Russia and Canada, while Brazil, India and Romania received two and half stars, and Mexico just two stars.

“In India, we went straight from no telephones to the latest in mobile technology, and the same with internet-connected computers,” said Cherian Samuel of the Institute for Defence Studies and Analyses in New Delhi. Samuel was quoted in the report.

The ratings are based on the Cyber Security Maturity Model developed by Robert Lentz, president of Cyber Security Strategies and former deputy assistant secretary for cyber in the US Department of Defense. Lentz’s model pushes for resilient, predictive defence capabilities as opposed to reactive and manual or tools-based defences.

The report makes a number of recommendations. Among them: Companies and governments should work together to set up trusted information-sharing groups and pump up public education campaigns focused on cybersecurty. The report also calls on companies to focus on smartphone and cloud computing security.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1c47d868/l/0Lnews0Btechworld0N0Csecurity0C33338840Cuk0Elags0Ewell0Ebehind0Ecyber0Eattackers0Esays0Ereport0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Chinese Cybercriminals Said to Attack US DoD Smart Cards With Sykipot Malware

A new strain of the Sykipot malware is being used by Chinese cyber criminals to compromise US Department of Defense (DoD) smart cards, a new report has revealed.

The malware has been designed to take advantage of smart card readers running ActivClient — the client application of ActivIdentity — according to unified security information and event management (SIEM) company AlienVault.

ActivIdentity’s smart cards are standardized at the DoD and a number of other US government agencies. The cards are used to identify active duty military staff, selected reserve personnel, civilian employees, and eligible contractor staff.

As with previous Sykipot strains, the attackers use an e-mail campaign to get specific targets to click on a link and deposit the Sykipot malware onto their machines. After identifying the computers that have card readers, the attackers install keystroke logging software to steal the PIN number that is used in concert with the smart card.

“When a card is inserted into the reader, the malware acts as the authenticated user and can access sensitive information,” explained AlienVault’s lab manager Jaime Blasco. “The malware is then controlled by the attackers and then told what — and when — to steal the appropriate data.”

So far, AlienVault has seen attacks that compromise smart card readers running Windows Native x509 software, which is reportedly in commonplace use amongst a number of US government and allied agencies.

This new strain is thought to have originated from the same Chinese authors that created a version of Sykipot in 2011, which distributed a variety of spam messages claiming to contain information on the next-generation unmanned “drones”, developed by the United States Air Force.

In an investigation into that earlier strain last year, Blasco suggested that the team behind Sykibot was working with an information “shopping list” that included semiconductor, medical and aerospace technology.

In a report released least year, security consultancy Mandiant identified several cases where determined attackers were able to get onto computers or networks that required both smart cards and passwords. Mandiant called this technique a “smart card proxy”.

Read more about data protection in CSOonline’s Data Protection section.

Would you recommend this story?

YES
NO

  • Recommend:
  • 0 Comments
  • Print

Chinese Cybercriminals Said to Attack US DoD Smart Cards With Sykipot Malware, Blog, said, attack, malware, Chinese, Cybercriminals, cards, Smart, Sykipot
Leave a commentSubmit Comment

Once you click submit you will be asked to sign in or register an account if you are not already a member.

Posting comment …



Trade in your old printer save! A new Xerox ColorQube® can increase print quality and reduce costs. Start saving today.

Article source: http://www.pcworld.com/article/248210/chinese_cybercriminals_said_to_attack_us_dod_smart_cards_with_sykipot_malware.html

View full post on National Cyber Security » Virus/Malware/Worms

Page 1 of 212»

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!