RSA Monthly Online Fraud Report -- March 2014


Published on

The monthly online fraud report examines global phishing and cybercrime trends and their impact on organizations.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

RSA Monthly Online Fraud Report -- March 2014

  1. 1. page 1R S A M O N T H LY F R A U D R E P O R T F R A U D R E P O R T MO’ MONEY MO’ PROBLEMS March 2014 Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without the risk of losing them in a bust. The obvious choices were Perfect Money and BitCoin, but both currencies carry inherent risk. Perfect Money is of questionable background, while BitCoin does not provide fraudsters the required level of anonymity and is not immune to seizure. These risks have pushed the underground to adopt—or really create—unique currency systems to help protect the financial security of its dwellers. In a recent on-going investigation, RSA’s Fraud Intelligence agents have identified and have been tracking the growing adoption of forum-specific currencies. These financial platforms allow users to safely transact within their own community, under the supervision of the forum administrator, avoiding the use of the more public currency options such as Perfect Money and BitCoin. In some instances different forums shared the same currency further widening the use and adoption of these platforms. MUSD The MUSD currency is used in a single underground board, and has been active since November 2013. Forum members can use the currency to purchase items/services from each other, as well as pay for advertising on the board itself. The currency provides a built-in escrow-service and guarantees anonymity. The forum administrator vouches for the currency system and is responsible for all its operations. One can exchange funds to or from MUSD through exchange agents. Two verified exchange agent services currently work with MUSD in this board, with one offering to cash out MUSD for hard currency in person at an office in Kiev, Ukraine. Exchange rates are linked to the US dollar and are set at 1 MUSD = $1 USD.
  2. 2. page 2R S A M O N T H LY F R A U D R E P O R T UNITED PAYMENT SYSTEM The United Payment System currency appears to be shared by four different Russian language forums, with each forum designating its own sub-currency with the forum’s initials. For example, DM RUR and MM RUR (DM and MM are initials of forum names, and “RUR” indicates Russian Ruble). Each forum has its own official exchange agent, and each exchange agent has an administrator. To make sure the exchange agent stays “honest”, a senior forum member is appointed to supervise and review the activities of the exchange agent. Funds can be added or cashed out via the exchange agents with cash out options including refilling different pre-paid cards. The interesting thing about this currency is that it is shared across a number of forums allowing members from different forums to transact. UAPS UAPS has been in use for over a year and is used with two of the most powerful boards in the Russian-language cybercrime community and in fact is referred to as the ‘First Commercial Bank’ on one of them. Of the three currencies discussed here, it appears to be the most advanced and secure option for fraudsters, with ongoing improvements and upgrades being implemented by a dedicated software team. Adding funds and cashing out is available directly from the UAPS system. The system emphasizes maintaining end-user security and privacy, implementing a strict data retention policy of just two months. CONCLUSION The advent of new private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between fraudster boards in the cybercrime world. These new internal currencies are carefully administered and secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for law enforcement to trace, block, or seize funds and accounts. Figure 1 MUSD exchange rates Figure 2 United Payment System icon Figure 3 UAPS currency system login screen
  3. 3. page 3R S A M O N T H LY F R A U D R E P O R T Phishing Attacks per Month RSA identified 36,883 phishing attacks in February, marking a 21% increase from January’s attack numbers. This also represents a 35% increase from the number of attacks a year ago. US Bank Types Attacked Nationwide banks continued to be the most targeted by phishing with 68% of total volume in February, and credit unions saw a sharp spike in attacks – jumping from 16% to 27% compared to January. Top Countries by Attack Volume The U.S. remained the most targeted country in February with an overwhelming 77% of total phishing volume, followed by the UK, South Africa, the Netherlands, and Canada. 36,883 Attacks Credit Unions Regional National 77% 5% 4% 3% South Africa Netherlands UK U.S. MARCH 2014 Source: RSA Anti-Fraud Command Center
  4. 4. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at Top Countries by Attacked Brands In February, nearly 40% of phishing attacks were targeted at brands in the U.S. and UK. Brands in India, Canada and Australia were collectively targeted by 15% of total phishing volume. Top Hosting Countries The U.S. hosted 34% of global phishing attacks in February, followed by Canada, Germany, France and Brazil. ©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. MAR RPT 0314 11% U.S. UK 27% 5% 4%6% 34% GLOBAL PHISHING LOSSES FEBRUARY 2014