This white paper explores the current state of cybercrime and what organizations can expect in 2013. Topics include malware development, hacktivism, DDoS attacks and online account takeover.
2014 Cybercrime Roundup: The Year of the POS BreachEMC
This RSA fraud report summarizes cybercrime in 2014 and includes the number of phishing attacks globally, top hosting countries for phishing attacks, the financial impact of global fraud losses, and a monthly highlight.
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
The financial services industry, like most businesses and consumers, has become dependent on mobile communications as a way to conduct business, manage customer information, exchange data, and work with customers. Due to its convenience, speed and ease, the electronic form of money has gained tremendous popularity among ordinary people and businesses
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
This white paper explores the current state of cybercrime and what organizations can expect in 2013. Topics include malware development, hacktivism, DDoS attacks and online account takeover.
2014 Cybercrime Roundup: The Year of the POS BreachEMC
This RSA fraud report summarizes cybercrime in 2014 and includes the number of phishing attacks globally, top hosting countries for phishing attacks, the financial impact of global fraud losses, and a monthly highlight.
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
The financial services industry, like most businesses and consumers, has become dependent on mobile communications as a way to conduct business, manage customer information, exchange data, and work with customers. Due to its convenience, speed and ease, the electronic form of money has gained tremendous popularity among ordinary people and businesses
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Here are some of the best guesses about what we will see in 2017 from several dozen vendors and analysts. There are many more than 15 predictions out there, of course, but these are the ones we heard most frequently.
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
Artificial Intelligence (AI) and Machine Learning (ML) technologies have many positive applications, from helping researchers better understand neural pathways in the brain to assisting law enforcement with identifying suspects in criminal investigations.
They are renowned for the greater good of cybersecurity. However, these technologies also hold the potential to ruin our perfectly running digital world and become a source of power to the dark web users/administrators.
If you’re not familiar with how AI and ML might impact cybersecurity, this blog will discuss both sides of the coin and help you better understand how this technology might affect you one day soon.
Under the right hands, they are a boon to humanity, but they can quickly turn into a bane on the corrupt hands.
As for now, upgrade your security with these technologies to stay in the competition. Connect with a Machine Learning company in India to maximize your cybersecurity.
https://bit.ly/3rrYI3J
#cybersecurity #aiincybersecurity #mlincybersecurity #machinelearningincybersecurity #artificialintelligenceincybersecurity #hireaidevelopers #machinelearningcompaniesinindia #machinelearningdevelopmentcompany #machinelearningdevelopmentservices #topmachinelearningcompanies
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...ArielMcCurdy
As the nation and the world adapted to the coronavirus pandemic, businesses became accustomed to employees working from home. Even as the states reopened from the mandated “lockdown”, many companies and employees alike found advantages to working remotely. Today, we live in a world where the hybrid of in-office work and remote work from home is the “new” normal. Home computers or other remote locations are more vulnerable than ever to cyber-attacks. Organizations need to build people-centric cybersecurity strategies to protect against business email compromises or email account compromises. Increasingly risky websites are being transmitted through corporate emails. The speaker will discuss some of the newest trends in cyberattacks which are continually evolving and growing. Ransomware can hit in seconds. Credit card use is higher than ever, and some cyber-crime groups live to target payment card information. This program has been designed to offer real-life examples and practical steps which may be taken to thwart business-fraud and cyber-crime.
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
White Paper: EMC Security Design Principles for Multi-Tenant As-a-Service Env...EMC
This white paper proposes that virtualized as-a-service environments can be made as secure as physical ones. The paper describes security challenges inherent in multi-tenant as-a-service environments. Design considerations of tenants and service providers, and how design is affected by information security or compliance requirements, are discussed.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Here are some of the best guesses about what we will see in 2017 from several dozen vendors and analysts. There are many more than 15 predictions out there, of course, but these are the ones we heard most frequently.
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
Artificial Intelligence (AI) and Machine Learning (ML) technologies have many positive applications, from helping researchers better understand neural pathways in the brain to assisting law enforcement with identifying suspects in criminal investigations.
They are renowned for the greater good of cybersecurity. However, these technologies also hold the potential to ruin our perfectly running digital world and become a source of power to the dark web users/administrators.
If you’re not familiar with how AI and ML might impact cybersecurity, this blog will discuss both sides of the coin and help you better understand how this technology might affect you one day soon.
Under the right hands, they are a boon to humanity, but they can quickly turn into a bane on the corrupt hands.
As for now, upgrade your security with these technologies to stay in the competition. Connect with a Machine Learning company in India to maximize your cybersecurity.
https://bit.ly/3rrYI3J
#cybersecurity #aiincybersecurity #mlincybersecurity #machinelearningincybersecurity #artificialintelligenceincybersecurity #hireaidevelopers #machinelearningcompaniesinindia #machinelearningdevelopmentcompany #machinelearningdevelopmentservices #topmachinelearningcompanies
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...ArielMcCurdy
As the nation and the world adapted to the coronavirus pandemic, businesses became accustomed to employees working from home. Even as the states reopened from the mandated “lockdown”, many companies and employees alike found advantages to working remotely. Today, we live in a world where the hybrid of in-office work and remote work from home is the “new” normal. Home computers or other remote locations are more vulnerable than ever to cyber-attacks. Organizations need to build people-centric cybersecurity strategies to protect against business email compromises or email account compromises. Increasingly risky websites are being transmitted through corporate emails. The speaker will discuss some of the newest trends in cyberattacks which are continually evolving and growing. Ransomware can hit in seconds. Credit card use is higher than ever, and some cyber-crime groups live to target payment card information. This program has been designed to offer real-life examples and practical steps which may be taken to thwart business-fraud and cyber-crime.
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
White Paper: EMC Security Design Principles for Multi-Tenant As-a-Service Env...EMC
This white paper proposes that virtualized as-a-service environments can be made as secure as physical ones. The paper describes security challenges inherent in multi-tenant as-a-service environments. Design considerations of tenants and service providers, and how design is affected by information security or compliance requirements, are discussed.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
VSAN is a new storage solution from VMware that is fully integrated with vSphere. It automatically aggregates server disks in a cluster to create shared storage that can be rapidly provisioned from VMware vCenter during VM creation.
Relazione di presentazione del progetto svolto durante il corso di Comunicazione Visiva e Design delle Interfacce. InBicocca si propone come un aggregatore di informazioni (knowledge-based) sul quartiere Bicocca di Milano, che vuole rispondere alle esigenze eterogenee di tutti gli utenti che usufruiscono di questo spazio urbano.
Due sono gli obiettivi principali: il primo è quello di favorire la conoscenza del quartiere in un'ottica geolocalizzata, il secondo è quello di fornire informazioni aggiornate su novità ed eventi, stimolando la partecipazione attiva dei cittadini anche attraverso l'utilizzo di piattaforme social. A questo scopo abbiamo realizzato un sistema informativo ibrido, ovvero accessibile anche in mobilità, attraverso tablet.
A consolidated version of my portfolio for application to Michigan State University's Design Specialization.
The presentation is simplistic to allow focus on the design elements of the work itself.
RSA - Behind the scenes of a fake token mobile app operationjuan_h
In the last few years, we have seen the mobile space explode with malware. According
to a recent report by Trend Micro, the number of malware and high-risk apps available on the Android platform has crossed the one million mark, growing more than a thousand fold in under 3 years.
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
RSA Monthly Online Fraud Report -- February 2014EMC
This report discusses the latest global trends in phishing and cybercrime. In January, phishing losses to global organizations is estimated at $387 million.
Android mobile platform security and malware surveyeSAT Journals
Abstract As mobile devices become ubiquitous, more people and companies are readily adopting the technology to conduct day-to-day business, and are increasing the amount of personal data transmitted and stored on these devices. These devices are now part of a global infrastructure powering communication and how we do business around the world. In turn, the inherent vulnerabilities are becoming an ever more critical topic of interest and challenge as we continue to see a rapid rate of malware development. This paper is a comprehensive survey on a broad view of the growing Android community, its rapidly growing malware attacks, and security concerns. Serving to aid in the continuous challenge of identifying current and future vulnerabilities as well as incorporating security strategies against them, this survey will focus primarily on mobile devices (also known as smart phones) running the Android mobile operating system between the years of 2007 and 2013. Index Terms: mobile, Android, malware, security
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
CloudBoost is a cloud-enabling solution from EMC
Facilitates secure, automatic, efficient data transfer to private and public clouds for Long-Term Retention (LTR) of backups. Seamlessly extends existing data protection solutions to elastic, resilient, scale-out cloud storage
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
With EMC XtremIO all-flash array, improve
1) your competitive agility with real-time analytics & development
2) your infrastructure agility with elastic provisioning for performance & capacity
3) your TCO with 50% lower capex and opex and double the storage lifecycle.
• Citrix & EMC XtremIO: Better Together
• XtremIO Design Fundamentals for VDI
• Citrix XenDesktop & XtremIO
-- Image Management & Storage
-- Demonstrations
-- XtremIO XenDesktop Integration
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
Explore findings from the EMC Forum IT Study and learn how cloud computing, social, mobile, and big data megatrends are shaping IT as a business driver globally.
Reference architecture with MIRANTIS OPENSTACK PLATFORM.The changes that are going on in IT with disruptions from technology, business and culture and so IT to solve the issues has to change from moving from traditional models to broker provider model.
Force Cyber Criminals to Shop Elsewhere
Learn the value of having an Identity Management and Governance solution and how retailers today are benefiting by strengthening their defenses and bolstering their Identity Management capabilities.
Container-based technology has experienced a recent revival and is becoming adopted at an explosive rate. For those that are new to the conversation, containers offer a way to virtualize an operating system. This virtualization isolates processes, providing limited visibility and resource utilization to each, such that the processes appear to be running on separate machines. In short, allowing more applications to run on a single machine. Here is a brief timeline of key moments in container history.
This white paper provides an overview of EMC's data protection solutions for the data lake - an active repository to manage varied and complex Big Data workloads
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
This white paper describes how an intelligence-driven governance, risk management, and compliance (GRC) model can create an efficient, collaborative enterprise GRC strategy across IT, Finance, Operations, and Legal areas.
EMC Isilon Best Practices for Hadoop Data StorageEMC
This paper describes the best practices for setting up and managing the HDFS service on an EMC Isilon cluster to optimize data storage for Hadoop analytics. This paper covers OneFS 7.2 or later.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
The Current State of Cybercrime 2014
1. THE CURRENT STATE OF CYBERCRIME 2014
An Inside Look at the Changing Threat Landscape
White Paper
Web threats and fraud tactics continue to increase in number and sophistication as the
profitability of cybercrime transforms the nature of the game. In 2013, phishing alone
resulted in $5.9 billion in losses to global organizations, and three in four data breaches
were attributed to financial or fraud motives1
. Cybercriminals have become more
organized and adaptive, and continue to develop fraud-as-a-service models which make
some of the most innovative and advanced threat and fraud technologies available to a
much wider user base.
RSA Research is at the forefront of threat detection and cybercrime intelligence, protecting
global organizations with the shutdown of over 800,000 cybercrime attacks. Based on its
insight into cybercriminal activity, including analysis of around 300,000 malware variants
each week, RSA Research has identified the top cybercrime trends it expects to see
evolving over the coming year.
Trend#1: Mobile Threats Become More Sophisticated and Pervasive
The worldwide smartphone market reached a new milestone in 2013 with one billion units
shipped in a single year for the first time, up 38% from the 725m units shipped in 20122
.
In July 2013 Google announced that over a million apps were available in Google Play and
more than 60bn had been downloaded3
. In October 2013, Apple announced similar stats
for its App Store4
. As our personal and work lives increasingly move to — and converge
on — our mobile devices, cybercriminals will continue to develop and refine their schemes
to capitalize on this trend.
As discussed in last year’s report, malicious and high-risk mobile apps have become a
significant threat vector as cybercriminals step up their efforts to serve malware and
phishing attacks under the guise of legitimate apps. Android is still the most widely used
mobile platform in the world which, combined with the open source nature of its operating
system, means it is also the platform most targeted by mobile threats. The number of
malicious and high-risk Android apps in existence reached almost 1.4m, one million of
which were detected in 2013 alone (almost three times the number detected in 2012),
with a significant proportion disguised as fake or malicious versions of popular apps5
.
Typically, cybercriminals will use social engineering to persuade a user to install a fake
certificate or security software on their mobile phone. HTML injection techniques will be
used to send the user to a direct link to download the malicious app. During installation, the
app will request various permissions with the aim of gaining super user privileges that will
provide full access to the phone’s features and may make the app impossible to uninstall.
1 Source: Verizon 2013 Data Breach Investigations Report
2 Source: IDC Worldwide Quarterly Mobile Phone Tracker, January 2014
3 Source: Sundar Pichai, speaking at a Google breakfast briefing, July 2013
4 Source: Tim Cook, speaking at Apple’s iPad event, October 2013
5 Source: Trend Micro, TrendLabs 2013 Annual Security Roundup
2. PAGE 2
There’s also at least one example of a pre-installed malicious app disguised as a fake
version of a popular app. In March 20146
, several variants of a fake Netflix app that steals
personal and credit card data were found pre-installed on a number of models of Android
phones and tablets from different manufacturers. Although it’s not yet clear how the app
came to be installed before the devices reached their users, one credible theory is that the
malware authors targeted the supply chain, given that a relatively large number of
individuals have physical access to Android devices along the way. This contrasts with
Apple, which controls the device hardware and operating system from start to finish,
making the supply chain much harder, if not impossible, to penetrate.
Unlike the fake Netflix app, the objective of many financially motivated malicious mobile
apps is to steal the out-of-band passwords organizations use to provide an additional layer
of user authentication. A typical example is a bank sending one-time passwords (or
passcodes) by SMS that users must enter to confirm high-risk online transactions such as
wire transfers. Fraudsters and cybercriminals have developed SMS sniffers (or SMS
hijacking apps) that are designed to work with banking Trojans installed on PCs. The SMS
sniffer intercepts the SMS messages and steals the out-of-band password to enable
fraudulent transfers from the victim’s bank account.
RSA observes that SMS sniffers have become a commodity sale in the criminal
underground; and both banking Trojans and the associated SMS sniffers are increasingly
available on a fraud-as-a-service basis, leaving the fraudster free to focus on monetizing
the operation.
Furthermore, SMS sniffers are being developed with more sophisticated features. In
November 2013, RSA researchers identified an SMS hijacking app targeting Android
devices that offered new capabilities. Known as the iBanking Mobile Bot, it was offered for
sale in a Russian-speaking underground community for $4,000–$5,000. Some of the
functionality of the iBanking bot include:
Function Comment
HTTP and SMS control Send commands to the bot over HTTP or via SMS from a
designated phone number.
Intercept all incoming SMS Send stolen SMS messages to the attacker’s web panel
and the drop phone number.
Send SMS from the victim’s phone to
any number, without victim’s
awareness
Form of telephony fraud (monetization of mobile bots).
Intercept (forward) all incoming calls Can enable hijacking of phone calls which will likely result
in diverting security calls from the bank.
Steal device-related information Phone number, ICCID, IMEI, IMSI, model, OS, network
carrier, IP, geolocation, etc.
Steal contact list (names and numbers) Can possibly be used in an infection campaign.
Capture audio using device microphone Attacker can listen to and intercept the victim's private
conversations.
Persistence Reminiscent of 0bad, the app attempts to social engineer
the victim into giving it super-user privileges, making it
impossible to remove the app. (The bot can also send
an SMS notifying the operator of an attempt to remove
the app.)
The iBanking mobile bot is capable of gaining access to:
1. All images stored on the device
2. A full list of the installed applications
3. The geo-location coordinates using the device’s GPS to pinpoint the exact location of
the device
6 Source: various, including http://www.cio.co.uk/news/security/
pre-installed-malware-turns-up-on-new-smartphones/
3. PAGE 3
These additions would help cybercriminals plan better Trojan-facilitated fraud scenarios,
including more credible impersonation and identity theft possibilities.
t2014 OUTLOOK: Mobile Threats
Malicious and high-risk apps are overwhelmingly programmed for Android devices.
Although a few do exist for other platforms and more have been promised, Android’s
popularity and open platform make it likely to remain the focus of malicious app developers
for some time yet.
The effectiveness of SMS sniffers means that, over the longer term, banks and other
organizations will need to find less vulnerable ways to deliver out-of-band passwords.
Alternatively, they will need to implement authentication solutions that don’t rely on active
user intervention, such as risk-based behavioral analysis and multi-factor authentication
methods that take advantage of smart device features, such as the camera, speaker or
geolocation capability, as discussed in Trend#4.
Trend#2: Bitcoin’s Popularity Makes it a Target for Theft and
New Fraud Currencies Emerge Forcing Cybercrime Activity
Further Underground
Compared with other crypto- or cyber-currencies available today, Bitcoin is relatively
trusted and popular. Its value is based purely on supply and demand, and is subject to
considerable fluctuation. In May 2013 a Bitcoin was worth around $100; towards the end
of the year its value peaked at over $1,000 — until the Chinese and Russian governments
banned Bitcoin transactions over fears of money laundering, funding terrorism or tax
evasion. Its value currently hovers at around $435 (April 2014).
Since its introduction in 2009, Bitcoin has gradually become more widely accepted in the
mainstream. For example:
–– Gaming outlets, and retailers including Overstock and Zynga, accept it as a valid
payment method.
–– In August 2013, the German government recognized it as a legal private currency and
even imposed a tax on it.
The comparative anonymity of Bitcoin makes it similar to cash, inasmuch as it’s difficult to
associate Bitcoins with the holder or the receiver. Bitcoin therefore appeals to criminals
and fraudsters as a payment method among themselves. This anonymity also makes the
currency a target for theft, as there’s little hope of tracing and recovering stolen Bitcoins.
It’s not surprising, therefore, that software has been developed to steal Bitcoin wallets (see
Figure 1), and that Bitcoin holders are subject to classic phishing and social engineering
attacks, including 419 scams.
In addition, a number of online Bitcoin exchanges have reported attacks by hackers
suspected of creating fraudulent transactions by exploiting a flaw in the Bitcoin protocol in
order to steal Bitcoins. An attack forced, Mt Gox, the largest and oldest Bitcoin exchange,
to close in February 2014 and file for bankruptcy in the face of massive losses. Some
850,000 Bitcoins were reported to have gone missing, representing about 7% of all the
Bitcoins in existence at the time — although Mt Gox did subsequently discover 200,000 of
those missing Bitcoins in an old wallet.
Another major development last year that had a major effect on cybercrime business was
the Liberty Reserve takedown in May 2013 and the confiscation of all accounts by law
enforcement. Liberty Reserve was the preferred method of payment and cashout among
cybercriminals and caused ripples as black market operators were forced to find new
payment systems. Perfect Money and Bitcoin were considered as alternatives to Liberty
Reserve, but lacked the anonymity required for dark business.
4. PAGE 4
This has led to the growing adoption of forum-specific currencies which allow users to safely
transact within their own community, under the supervision of a forum administrator,
avoiding the use of the more public currency options such as Perfect Money and Bitcoin. In
some instances, different forums shared the same currency further widening the use and
adoption of these platforms. RSA Research analysts have been tracking several of these
forum-specific currencies. One of the more popular platforms is the United Payment System
currency which appears to be shared by four different Russian language forums, thereby
allowing members from different forums to transact with each other.
Another currency being tracked in the underground is called LessPay. The operators of the
service claim to be “the next Liberty Reserve”. Inside the forums, the service boasts
anonymity, user safety, and the absence of account blocking. Adding and cashing out
funds from a LessPay account can be conducted through a variety of exchanges and for just
a small commission or fee. While still relatively new and immature, it has recently become
the premier payment method in one of the biggest underground credit card stores.
t2014 OUTLOOK: Bitcoin and Virtual Currencies
The closure of Mt Gox and other exchanges in the wake of attacks may ultimately push
Bitcoin operators and exchanges to accept some sort of independent oversight at some
point in the future. In the meantime, as long as it continues to be used as a payment
method, Bitcoin wallets will be a target for theft and attacks. At the same time, the number
of private currency systems will continue to grow and mature in the underground. By
moving from less public to forum-specific currency systems, it will make it even more
difficult for law enforcement to track cybercrime activity.
Trend#3: Malware Gets More Sophisticated, APT Attacks
Remain Unabated and POS Malware Attacks Become Common
Fraudsters and cybercriminals are finding sophisticated new ways to make botnets
stealthier and more durable, and to shield the data stolen during attacks. At the same
time, they’re also generating significant returns from unsophisticated hit-and-run POS
malware attacks. Cyber-espionage attacks continue to occur with tactics that are largely
unchanged and new players in the space being identified.
Stealthier, more durable botnets
Botnets are used by fraudsters, cybercriminals and hacktivists to host their infrastructure
and launch attacks such as DDoS to bring down the websites of banks, government
agencies and other high-profile organizations. The large number of zombie computers in a
typical botnet means an attack will move around, making it difficult to find the source and
shut the attack down. Even so, cybercriminals are developing even more robust botnets
that can remain active for longer before being discovered.
–– Botnets are being created that behave as similarly as possible to legitimate software
and take considerable time and effort to detect. This has changed the way defenders
focus their efforts, such as detecting when an infected computer communicates with a
domain that’s been used for cybercrime in the past.
Figure 1: A sample posting in the
underground advertising Bitcoin
wallet stealers.
5. PAGE 5
7 Source: RSA Firstwatch blog “Tales From the Darkside: Mobile Malware Brings Down Korean
Banks”, March 2013 (https://community.emc.com/community/connect/rsaxchange/netwitness/
blog/2013/03/21/tales-from-the-darkside-mobile-malware-brings-down-korean-banks)
8 https://blogs.rsa.com/lions-at-the-watering-hole-the-voho-affair/
9 http://normanshark.com/wp-content/uploads/2013/08/NS-Unveiling-an-Indian-Cyberattack-
Infrastructure_FINAL_Web.pdf
10 http://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf
–– Hosting a botnet’s command-and-control center in a Tor-based network (where each
node adds a layer of encryption as traffic passes) obfuscates the server’s location and
makes it much harder to take it down.
–– Cybercriminals are building more resilient peer-to-peer botnets, populated by bots that
talk to each other, with no central control point. If one bot (or peer) in a peer-to-peer
botnet goes down, another will take over, extending the life of the botnet using
business continuity techniques.
–– An alternative business continuity–led approach involves controlling a botnet from a
mobile device using SMS messages. For example, some have speculated that the cyber
attack on South Korean banks in early 2013 may have been a multi-vector attack that
involved Android phones located in China, Korea or both7
. With this type of botnet, if
the primary command-and-control center gets shut down, the cybercriminal can
redirect the botnet to an alternative center via SMS.
Attackers shield stolen data
The cybercrime world is like an arms race: cybercriminals pursue a course of action until
the defenders work out how to combat it, at which point the cybercriminals change tack.
An example of this is the use of password-protected zip files by APT attackers to exfiltrate
stolen data. The challenge for the defender is to crack the password on the zip file to see
what was taken. Because attackers tend to work from a script or within a structured
framework, they will often reuse a password, enabling the defender to link attacks and
open subsequent zip files with ease.
Once the attacker realizes they’ve been rumbled, they’ll change something about their
process in order to regain the upper hand — for example, switching from zip files to rar
files (which are more difficult to crack), or using asymmetric encryption algorithms that
are harder for defenders to reverse engineer. This results in the defender losing the ability
to identify the stolen data and establish relationships between attacks, until he or she
manages to crack the next one.
Cyber espionage attacks
Cyber espionage attacks have continued unabated in the last, with attack methodology
largely centering around spear phishing attacks, in which specific internal personnel are
targeted with documents containing malicious Trojans to allow the attacker to establish a
foothold in the network. Also popular last year were “Watering Hole”8
attacks, or strategic
web compromise, in which the attacker compromises a website that is of business
interest to a target and uses it as an exploit platform to intrude into the target network.
Attacker malware varies in sophistication, but simple methods continue to be successful
for the most part.
While the frequency of reported incidents appears to have increased, this is likely due to a
move towards intelligence-driven detection, rather than an actual increase in attacks.
Additionally, new nation-state players such as the “Hangover”9
campaign out of India and
the “Snake”10
campaign in Russia have made recent headlines and caused a shift in
viewing cyber espionage as a threat originating from specific regions to a more global one.
6. PAGE 6
Hit-and-run POS malware attacks
Hit-and-run attacks are carried out against retailers using point-of-sale (POS) malware,
much of which is based on the free-to-use leaked code for Dexter and Alina malware.
ChewBacca, which was uncovered by RSA in January 2014 (see Figure 2), and BlackPOS are
other well-known examples of POS malware. This type of malware infects POS terminals,
scraping the terminals’ memory for the payment card and personal data — customers’
names, card numbers, expiration dates and card verification value (CVV) information —
that can be used to clone cards.
POS malware does this by searching for simple regular expressions for card magnetic stripe
data. When a card number is found, it is extracted and logged. Even when a retailer is
compliant with PCI DSS, unless data is encrypted or tokenized at the moment of capture at
the POS terminal, there’s a short window of opportunity during which it can be stolen in
readable form.
This type of POS malware was used during the very high-profile attack against several large
retailers late last year that affected tens of millions of card holders. The cost to financial
institutions has so far been estimated at over $200m, and that only takes into
consideration expenses for actions such as notification and card reissuance. That still does
not account for fraudulent purchases making it a figure that is likely to increase in the long
term. These attacks have mainly been confined to countries such as the U.S., where EMV
technology is not yet in widespread use.
Referral abuse malware
Some common breeds of malware were on the rise for inciting referral abuse in 2013. The
malware is custom-designed to target corporations that pay cash to affiliate referrers for each
installation of the target’s software. This type of customized malware is written specifically to
install software on a victim PC under a referrer’s identity, make the infected machine click on
ads that pay pennies per click, and direct it to purchase “likes” on social media.
In August 2013, RSA Research discovered a variant of the Zbot Trojan being used in referral
abuse11
. The typical charter of Zbot has been to attempt to swipe passwords, but this
variant was also programmed to check for availability of Instagram usernames – likely in an
effort to create an army of fake Instagram users that can be sold as followers to help
individual users or businesses create an image of popularity. The same Zbot variant was
also capable of SEO poisoning to help boost keyword rankings, likely in an effort to push
its own content to the top of search engine results. These rank-abuse promoted pages
often contain malicious content to spread additional malware.
Figure 2: A server-side report from the
Chewbacca malware which displays
credit card details including Track 1
and 2, expiration date, and issuer.
11 https://blogs.rsa.com/new-zbot-variant-builds-instagram-army/
7. PAGE 7
t2014 OUTLOOK: Malware Continues to Spawn New Waves of Attacks
From POS malware to referral abuse, cybercriminals are continually in search of new
approaches to monetize their bots. At the same time they seek to spawn new attacks, they
are also creating more bulletproof infrastructure on the backend. They are moving their
infrastructure to P2P and Tor-based networks to evade detection. They are changing the
methods they use to mask stolen data, making it more difficult for researchers to reverse
engineer and understand the methods being used behind prominent cyber attacks.
Advancements in cybercrime technology and infrastructure will only continue. For example,
given the computing power contained in a smartphone and criminals’ willingness to adopt
new technology, it is likely we will witness more mobile-phone-based botnets and
command-and-control centers over the coming year.
Also, with the scale of several high-profile data breaches, we are likely to see a shift in the
U.S. market towards adoption of EMV payment cards. It will be slow, but 2014 will be a
pivotal year in making the move. Regulations such as PCI-DSS will be re-evaluated and lead
to stricter guidance for retailers to implement encryption or tokenization at the point of sale.
Until there is a major industry change, there is little reason to expect criminals to stop using
POS malware–based attacks against retailers, given the enormous returns that are possible
from this relatively unsophisticated, easy-to-obtain malware.
Trend#4: User Authentication Will be Redefined by Mobile
The password problem has long been an issue for organizations with any online presence,
especially those with consumer-facing portals, where the number of digital identities
requiring protection reaches into the millions. Consumers create multiple digital identities
requiring them to remember multiple passwords. This can lead users to create weak
passwords, write them down on paper, or re-use them across multiple sites. In fact, one in
five online users recycles the same password for every online account12
.
Major password breaches made headlines throughout 2013, compromising tens of millions
of passwords, user IDs, email addresses and other personal information. In many cases,
passwords were stored in plain text. But even where advanced protection methods such as
hashing and salting were used, password-guessing software was employed by hackers to
readily crack them. In fact, according to the 2013 Verizon Data Breach Investigations
Report, over 75% of attacks leveraged weak or stolen credentials.
The resulting brand damage and outrage on the part of consumers caused by these large-
scale breaches have led many organizations to rethink their password policies. It is not
uncommon for organizations to require users to create a complex password which consists
of numerical characters and special symbols. Even the average length of acceptable
passwords has gone from six to eight or even ten characters.
However, creating strong passwords doesn’t solve the problem as consumers and
organizations must also contend with malware threats, most of which today are equipped
with keylogging functionality designed to steal password credentials and other data. Not to
mention the risk of social engineering, where the malware presents the user with
legitimate-looking screens asking for credential information (such as one-time passcodes).
Therefore, the strength of a password is of no significance if it is captured by a data-
stealing Trojan.
12 Kaspersky Lab Infographic, March 2013
8. PAGE 8
The password debate is only further complicated when you consider the increased use of
mobile services. Consumers are bringing more of their daily lives to their mobile device —
from conducting financial transactions and making purchases to managing their personal
health and wellness. Organizations are being forced to accommodate the demands by
employees, partners, and other stakeholders to incorporate Bring Your Own Device (BYOD)
polices that would enable more remote access services from mobile devices. As more users
start using mobile devices for personal and professional business, strong passwords
simply don’t meet usability requirements. Passwords that may be easy to enter on a
physical keyboard are difficult to enter on a mobile touch screen.
These and other factors are pushing organizations to redefine traditional user
authentication. Beyond consumer use cases, organizations are grappling to offer the same
flexibility to their mobile workforce by providing the convenience of technologies they are
already familiar with and use in their daily life (e.g. online banking). But the struggle to
extend these capabilities securely is complicated by both technological and usability
challenges. From the technological perspective, organizations must address issues such as
the lack of central control within cloud-based applications, lack of security in mobile app
development, and the inability to authenticate from multiple devices. From the usability
perspective, there is a shortage of strong authentication options in the market built for
mobile devices, coupled with the paradigm of balancing security and mobile users’
demands for convenience.
As mobile devices continue to become more pervasive, this opens up the ability to use a
rich set of factors for deeper authentication through a smartphone or tablet. Using cost-
effective technologies built into those mobile devices, such as the camera, speaker,
accelerometer, fingerprint sensor and geo-location to enhance authentication also
enables a more convenient user experience. There is a wide range of user authentication
technologies that have potential on mobile devices, based biometrics such as fingerprint,
face or voice print, iris structure, ear shape and heartbeat analysis, as well as
“behaviometrics” like keystroke analysis and handwriting.
t2014 OUTLOOK: User Authentication Redefined
The industry is at a major crossroad in user authentication. Besides the volume of password
breaches and resulting consequences to targeted organizations, the growth in use of
mobile devices for both personal and business use cases is pushing organizations to
redefine user authentication and find new ways to secure access beyond traditional
username and password. RSA expects that traditional authentication services will be
designed for ultimate user convenience on mobile devices and will be driven by enhanced
identity management, adaptive analytics, and policy enforcement engines. New unified
authentication solutions and services will be developed over the next one to three years to
support a range of multi-factor strong authentication methods that are built in to the smart
device, including biological and behavioral biometrics, enabling user choice of devices
while maintaining control over access to sensitive data. RSA also anticipates that
consumers will become more identity-aware and will take action to safeguard their
privacy by leveraging tools to manage their own security.