SWIFT, the global messaging system used to move trillions of dollars each day, warned banks that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.
Brussels-based SWIFT has been urging banks to bolster security of computers used to transfer money since Bangladesh Bank lost $81 million in a February 2016 cyber heist that targeted central bank computers used to move funds. The new warning provided detail on some new techniques being used by the hackers. “Adversaries have advanced their knowledge,” SWIFT said.Read more
Phishing is still a key tool for cyber criminals as they seek to insert malware onto machines and to get hold of personal details.
Although most people are aware of the threat there are still some subject lines that are much more likely to deliver results for the phishermen than others, according to security awareness training specialist KnowBe4, which has released its Top 10 Global Phishing Email Subject Lines report for the third quarter of 2017. The company looked at tens of thousands of email subject lines used in simulated phishing tests to uncover just what makes a user want to click.Read more
Online retailer AliExpress fixed an open redirect vulnerability in its online shopping portal last October that could have been exploited to display a fake coupon designed to phish sensitive information from those who viewed it.
The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report. Highly customized and sophisticated, Terdot is based on the source code of ZeuS, which leaked online in 2011.
The banking Trojan resurfaced in October last year and Bitdefender has been tracking its whereabouts ever since, the security company notes in a technical paper. Terdot was designed to operate as a proxy to perform man-in-the-middle attacks, as well as to steal browser information such as login credentials or the stored credit card data. Furthermore, the malware is capable of injecting HTML code into visited web pages.Read more
Researchers are warning users about a wave of recent attacks targeting U.S. financial institutions that leverage a new banking Trojan dubbed IcedID.
The IcedID Trojan was spotted in September. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and the ability to monitor a browser’s activity by setting up a local proxy for traffic tunneling. “At this time, the malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S.,” researchers wrote in a report released Monday explaining the discovery.Read more
More than one million people were tricked into downloading a fake Android app that was pretending to be WhatsApp. The app was called "Update WhatsApp" and is still on the Play Store, although the developer has now changed its name to "Dual Whatsweb Update" and switched the icon, which doesn't look like the WhatsApp icon anymore.
But before its facelift, the app mimicked WhatsApp in a clear attempt to trick users into downloading it thinking they were downloading an update for the popular messaging app, according to users who reviewed the app on the Play Store, and users on Reddit, who flagged the malicious app.Read more
Imagine that one day you decide to use Bitcoin to pay for, say, a pizza. You copy the wallet address from the pizzeria’s website, enter the required amount, and click the Send button.
The transfer goes through, but the pizza doesn’t arrives. The pizzeria owners say they never received the payment. What’s going on? Don’t get mad at the pizza guys — it’s all down to CryptoShuffler. Unlike cryptoransomware, this Trojan avoids flashy effects, instead doing its best to slip under the radar. It resides quietly in the computer’s memory and monitors the clipboard — the temporary storage area for cut/paste operations.Read more
A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own.
Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner. Scans started on Monday. The attacks started on Monday and were first detected by a honeypot set up by Romanian cyber-security firm Bitdefender. Honeypot logs showed attackers trying two peculiar SSH username and password combos.Read more
Experts have discovered a new targeted attack using a Trojan by the name of Silence against financial institutions. Russian banks are first in the line of fire, but Malaysian and Armenian organizations have also been infected.
Tactically, the attack is very similar to the canonical financial APT campaign, the notorious Carbanak: a phishing e-mail with a malicious attachment sent to employees of banks and financial organizations, followed by spying on employees and then, suddenly, a fraudulent transaction. This proven method has already brought its operators billions of dollars, so why not try it again?Read more
Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code.
The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted online by victims. This is a departure from previous attacks that monitor browser activity for specific URLs and extract credentials. This campaign may be limited to Brazil and other Portuguese-speaking nations, according to Renato Marinho, chief research officer at Morphus Labs and a SANS Internet Storm Center (ISC) handler.Read more