Q4 2016 Newsletter

Q4 2016 Newsletter

FraudAction™ Anti-Fraud Services Q4 2016 NEWSLETTER TABLE OF CONTENTS Introduction ............................................................................................................................................ 3 The Many Schemes and Techniques of Phishing ............................................................................................... 4 The Tax Refund Ploy - Multi-branded Phishing ............................................................................................... 4 Bulk Phishing Campaigns ........................................................................................................................ 4 Random Folder Generators ...................................................................................................................... 5 Local HTML Scheme .............................................................................................................................. 6 BASE64 encoded Phishing in a URL ........................................................................................................... 7 Phishing with MITM capabilities ................................................................................................................. 7 Phishing Plus Mobile Malware in India ....................................................................................................... 10 Fast-Flux Phishing ............................................................................................................................... 13 Additional Phishing Techniques ............................................................................................................... 14 Summary .......................................................................................................................................... 16 Malware Statistics .................................................................................................................................. 17 Variants per Quarter ............................................................................................................................. 17 Unique Trojan Communication Points - URLs per Quarter ............................................................................... 17 Global Distribution of Trojan Families ........................................................................................................ 18 Top Trojan-Hosting ISP ......................................................................................................................... 18 Top Registrars of Trojan Domains ............................................................................................................ 19 Top Trojan-Hosting Countries ................................................................................................................. 19 Phishing Statistics .................................................................................................................................. 20 Global Phishing Attack Volumes .............................................................................................................. 20 Top Countries Hosting Phishing ............................................................................................................... 21 Top ISPs Hosting Phishing ..................................................................................................................... 21 Top Registrars Hosting Phishing .............................................................................................................. 22 In Case You Missed it.............................................................................................................................. 23 Threat Reports ................................................................................................................................... 23 FraudAction Webinars You May Have Missed .............................................................................................. 23 Note: Figures and statistics in this report are based on data collected by RSA’s Anti-Fraud Command Center (AFCC) in its 24x7x365 battle against phishing and cyber fraud. INTRODUCTION In this issue of the FraudAction Quarterly Newsletter, our highlight story focuses on the oldest trick in the book: phishing. With over a decade of experience fighting phishing attacks at the AFCC, we provide an overview of phishing techniques through the years. Our quarterly global detection statistics are presented in Malware Variants and Phishing Attacks. In Case You Missed It lists the reports that were sent out over the last six months, so that you can look up reports that you may have missed. We also have a roundup of FraudAction Webinars You May Have Missed. Are you familiar with FraudAction Cyber Intelligence? RSA FraudAction Cyber Intelligence (FACI) is a service that provides targeted research and reports on a wide range of cybercrime attacks that facilitate identity theft, emerging threats and fraud trends. The FraudAction Cyber Intelligence team continuously observes cybercrime threat sources to gather intelligence and deliver it to your organization. Monitoring open-source and closed deep web sources, RSA diligently analyzes intelligence picked up by our sensors and reports it in a swift, easily consumable fashion. With years of experience in the intelligence space, RSA's researchers often directly engage with cybercriminals to uncover further information about specific methods of operation and reveal emerging attack tactics. FACI offers: . Intelligence on a wide range of underground services that facilitate identity theft and cybercrime, identifying emerging threats and fraud trends. Identifying cash out and cross-channel exploits targeting your organization(s) worldwide. Uncovering mule accounts and items drops. Revealing underground stores selling compromised online banking and payment card accounts. Enabling coordination of sting operations to reveal infrastructure sources used by cybercriminals to launch attacks. In the past quarter, FraudAction Cyber Intelligence has recovered over 1.5-million compromised credit cards, over 3.4-million compromised accounts in the underground, and 290 ‘mule’ bank accounts and item drop addresses. Integrating intelligence feeds into Web Threat Detection (WTD) - our intelligence team has made great efforts to improve efficiency and visibility in the detection of a number of crucial fraud activities and indicators, providing them as automated monthly feeds. Now, the FraudAction Intelligence feeds can be easily integrated into the Web Threat Detection analysis server and drive enhanced detection of threats to your organization. RSA FraudAction 360 offers a complete threat management service that provides proactive detection and mitigation of cyber threats such as phishing, Trojans and mobile rogue apps. Additionally, customers can gain deeper insight into emerging threats with intelligence reports and data feeds that provide deep visibility into the cybercrime underground. The service includes: . Threat Detection and Alerts: Proactively preventing fraud attempts through early attack detection and real- time alerts identified via a broad partner network and active scanning of tens of millions of URLs. Mitigation and Site Shutdown: Reducing the financial impact of cyber threats through rapid shutdown of infection points, command and control sites, and drop zones worldwide. Forensics and Credential Recovery: Extensive forensic analysis provides organizations with additional intelligence insights including compromised personal information, email drop accounts, and specific IP information showing where an attack was launched. FraudAction Blocking Network. Preventing and blocking access to identified phishing sites and malware infection, drop, and update points. To keep up with the latest developments and discoveries, follow us on Twitter: @rsafraud and explore our new re-launched website: rsa.com/en-us/products-services/fraud-prevention THE MANY SCHEMES AND TECHNIQUES OF PHISHING THE TAX REFUND PLOY - MULTI-BRANDED PHISHING One phishing scam that Phishers love to use is to bait victims with a supposed tax refund notification via email - pretending to come from an official government tax/revenue service in different countries. When victims follow the link, they see a phishing website that has the same look and feel of the legitimate revenue service site of their country, with a list of all the banks in that region. The victim is prompted to select their bank and enter personal information to receive a refund. This ploy enables fraudsters to steal data from customers at several banks at once and increase their fraud coverage. BULK PHISHING CAMPAIGNS Another popular trend is performing phishing campaigns in bulk form. This means that rather than deploying a single phishing website that is eventually sent to victims, fraudsters deploy them in bulk, and distribute URLs randomly among phishing emails. This tactic increases the phishing site’s lifespan and makes the detection and shutdown process a bit harder. Contrary to a usual phishing site where the scammers use one or two hijacked websites to deploy a phishing kit, the bulk scheme could encompass dozens of hijacked websites with several phishing directories on each one, resulting in hundreds of phishing websites. For example: http://examplesite1.com/pathtobulkphish/qwsd21/phishing_site/login.html http://examplesite1.com/pathtobulkphish/wqpwow/phishing_site/login.html http://examplesite1.com/pathtobulkphish/ux78nj/phishing_site/login.html

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    24 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us