Russian authorities in November raided offices associated with a Moscow film distribution and production company as part of a crackdown on one of the world’s most notorious financial hacking operations, according to three sources with knowledge of the matter.
Cybersecurity experts said a password-stealing software program known as Dyre — believed to be responsible for at least tens of millions of dollars in losses at financial institutions including Bank of America Corp and JPMorgan Chase & Co — has not been deployed since the time of the raid. Experts familiar with the situation said the case represents Russia’s biggest effort to date to crack down on cyber-crime.Read more
Experts have discovered Asacub, a banking trojan which started actively attacking Android users in January. Our experts managed to track its evolution step-by-step. A banking trojan is a type of malware which is installed a mobile device and employs certain techniques to steal money from the user’s credit cards.
Recent versions of Asacub does it by luring a user into submitting credit card credentials via phishing screens. Obviously, this data is not going to a legitimate bank. At first, researchers suggested the banking trojan was targeting Russia and Ukraine exclusively, due to the fact that the phishing resembled the login screens of some Russian and Ukrainian banks.Read more
The conference “Actual issues of implementing the SORM on telecommunication networks of Russia” (SORM-2015) was held on November 24, 2015 in Moscow, Russia. At this conference the issues of interaction between telecommunications companies, telecommunications operators and special services were discussed.
The reason – the launch of new technologies VoLTE and VoWiFi to make VoIP communications in 4G and Wi-Fi networks. The problem is that now the intelligence agencies have specific requirements for the system of interaction of operators with special services. But these requirements are technically obsolete, and prevent introduction of new technologies.Read more
The Russian-language cybercrime market is known all over the world. Why is this market known worldwide? There are two main factors: the first of these is frequent global media coverage of the activity of Russian-language cybercriminals.
The second is the open accessibility of online platforms used by the cybercriminal community for communications, promoting a variety of “services” and “products” and discussing their quality and methods of application, if not for making actual deals. Over time, the range of “products” and “services” available through this underground market has evolved, becoming more focused on financial attacks.Read more
A group of Russian hackers infiltrated the servers of Dow Jones & Co., owner of the Wall Street Journal and several other news publications, and stole information to trade on before it became public, according to four people familiar with the matter.
The Federal Bureau of Investigation, Secret Service and the Securities and Exchange Commission are leading an investigation of the infiltration, according to the people. The probe began at least a year ago, one of them said. The breach is described by the people familiar with it as far more serious than a lower-grade intrusion disclosed a week ago by Dow Jones, a unit of Rupert Murdoch’s News Corp.Read more
Users of VKontakte social network are in danger of being duped into installing app that malicious code. Kaspersky Lab said VKontakte users data had been stolen. Thousands of Android users were affected.
Kaspersky Lab researchers said hackers had embedded the malicious code in the app, but users couldn’t notice the difference as it worked without any problems. Malicious app infected mostly Russian users. According to Kaspersky Lab research, hackers used the majority of stolen data for social media group promotion, without user’s knowledge. In this case it is very difficult for account owners to identify or notice data theft.Read more
Scammers use stolen database of real Booking.com travel orders. Russian Booking.com customers received e-mails from fraudsters at the beginning of October. Scammers asked for prepayment in full for a previously booked room.
It should be mentioned that Booking.com never asks for payment up front. Customers got emails supposedly from Booking.com with real reservation number, dates and names of hotels. While studying customers’ correspondence, security researchers said the domain names used by scammers for sending letters were not sent by Booking.com or hotels.Read more
Turla APT group is one the most advanced threat actors in the world. This cyber espionage group has been active for more than 8 years, but little was known about its operations until last year.
Specifically, this research included examples of language artifacts, showing that part of the Turla are Russian-speakers. What makes the Turla group especially dangerous and difficult to catch is not just the complexity of its tools, but the exquisite satellite-based command-and-control mechanism implemented in the final stages of the attack. Command-and-control servers are the base of advanced cyber-attacks.Read more
Relations between Russia and the United States are not hopeless, and the two countries can undertake various joint diplomatic efforts, Andrei Krutskikh, Russian Foreign Ministry’s ambassador-at-large and presidential special envoy in international cooperation in information security, said.
The UN’s Group of Governmental Experts submitted a report presenting the rules of the road in cyberspace that all nations should respect, emphasizing that the countries should not intentionally damage each other’s infrastructure with cyber-attacks. Representatives from 20 countries were involved in the preparation of the report.Read more
YouTube may be blocked by Russian internet providers starting late July. The Russian media supervision service Roskomnadzor added some videos posted there to its list of banned webpages due to copyright infringement.
YouTube might be banned for illegally posting several Russian TV series owned by the Russian TNT-network company. Russian authorities also warned internet users that adding particular YouTube page indexes to the ban list may lead to the blocking of the whole website by some ISPs making it impossible for their clients to access the site. Roskomnadzor has repeatedly provided notifications demanding YouTube delete the illegal content. However, the video is still available.Read more