The Navy Gave Us A Personal Tour Of Their Massive Hovercraft
... Events · About BI · Events · BI Intelligence · Military & Defense Home · Troops · Hardware · INFOSEC · The Smoke Pit · After Action Report · Hive · Contributors ...
Wyndham Worldwide Corp. Sued Over Credit Card Breaches
Like. 1k. Get Alerts. Loading... TOP LINKS ON THIS TOPIC. 1 of 3. InfoSec FTC Sues Wyndham Against Credit Card Data Breach - RTT News #CyberSecurity ...
I’ve covered a lot on online bank fraud in the past – there seems to be no end to the increasingly sneaky techniques cybercriminals develop to siphon money out of victims’ bank accounts. This week, McAfee Inc. and Guardian Analytics Inc. released the findings of their investigation into a global fraud ring that takes the old techniques up a notch.
In their report, “Dissecting Operation High Roller” (.pdf), the companies report cybercriminals — building on older Zeus and SpyEye tactics – are targeting high-balance bank accounts belonging to businesses and individuals. Unlike past online bank fraud attacks using Zeus and SpyEye, though, these new attacks use server-side components and heavy automation. According to the report, the attacks have been mostly in Europe, but are now spreading to the U.S.
Criminals have tried to steal more than $78 million in fraudulent transfers from at least 60 financial institutions, including large global banks, credit unions and regional banks, the report said.
In a blog post, Dave Marcus, director of advanced research and threat intelligence at McAfee, noted that by shifting from traditional man-in-the-browser attacks on a victim’s PC to server-side automation attacks, criminals have moved from multipurpose botnet servers to cloud-based servers that are purpose-built and dedicated to processing fraudulent transactions. The strategy, he said, helps criminals move faster and avoid detection.
The report describes attacks in the U.S. and The Netherlands as using a server located with an ISP with “crime-friendly usage policies” and moved frequently to avoid discovery.
All pretty unsettling stuff, suffice to say. And, according to the report, financial institutions can expect even more automated and creative forms of fraud in the future.
Federal tech outlook: Cloudy with a chance of information assurance
As this comparison of DIACAP and DIARMF from the Infosec Institute shows, a series of unified standards are now going to be applied across the entire ...