-
Blogs
-
News
-
Industry
-
Community
-
Topics
Independent Security Consultant
Joined on July 3, 2008
Total Post Views: 90,058
| About |
Independent Security Consultancy, Threat Intell Analyses and Competitive Intelligence research on Demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day.
What's the most static element of the vibrant money mule recruitment ecosystem? It's the DNS infrastructure that the the cybercriminals behind the campaigns repeatedly use to push new scams. ...cybercrime should stop being treated as a country/region specific problem, instead it should be treated as an international problem, with each and every country having its own share of cybercrime activity. more»
Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process. more»
SMS-based micro-payments are clearly becoming the monetization channel of choice for the majority of cybercriminals engaging in ransomware campaigns. The logic behind this emerging trend is fairly simple, and as everything else in the cybecrime underground these days, it has to do with efficiency. more»
By utilizing the people's information warfare concept, Iranian opposition has managed to successfully organize a cyberattack against Tehran's regime (complete analysis) by using Twitter, web forums, and localization (translation) of the recruitment messages in order to seek assistance from foreigners. So far, their rather simplistic denial of service tools has managed to disrupt access to key government web sites, and the intensity of the attacks is prone to increase since the opposition appears to be in a "learning mode". more»
The practice of using stolen or data mined &ndash from a botnet's infected population – FTP accounts is nothing new. In March, 2008, a tool originally published in February, 2007, got some publicity once details of stolen FTP accounts belonging to Fortune 500 companies were found in the wild. Interestingly, none of the companies were serving malicious iFrames on their compromised hosts back then. Despite the fact that 2008 was clearly the year of the massive SQL injection attacks... more»
If I were to come across this service last year, I'd be very surprised. But coming across it in 2008 isn't surprising at all, and that's the disturbing part. Following the ongoing trend of localizing cybercrimea new service takes the concept further by introducing a multilingual, on-demand social engineering service especially targeting scammers and fraudsters that are unable to "properly scam an international financial institution" due to the language limitations. more»
With business-minded malicious attackers embracing basic marketing practices like branding, it is becoming increasingly harder, if not pointless to keep track of all XYZ-Packs currently in circulation. How come? Due to their open source nature allowing modifications, claiming copyright over the modified and re-branded kit, the source code of core web malware exploitation kits continue representing the foundation source code for each and every newly released kit. more»
It's where you advertise your services, and how you position yourself that speak for your intentions, of course, "between the lines". There's a common misunderstanding that in order for a malware campaigner or scammer to launch a localized attack, they need to speak the local language. This misconception is largely based on the fact that a huge number of people remain unaware on how core strategic business practices have been in operation across the cybercrime underground for the last couple of years. more»
Is the demand for access to compromised legitimate portfolios of domain names -- where the price is based on the pagerank and is shaped by the number of domains in question -- the main growth factor for the increasing supply of such stolen accounting data? Or is it the result of cybercriminals data mining their botnets for accounting data that would provide them with access to such portfolios of high trafficked domains with clean reputation? more»
From copycats and "localizers" of Russian web malware exploitation kits, to suppliers of original hacking tools, the Chinese IT underground has been closely following the emerging threats and the obvious insecurities on a large scale. They are either filling the niches left open by other international communities, or coming up with tools and setting new benchmarks for massive SQL injection attacks. more»
Part of Georgia's information warfare campaign was aiming to minimize the bandwidth impact on its de-facto media platforms such as the website of their Ministry of Foreign Affairs. I've just received a report on "Russian Invasion of Georgia," titled "Russian Cyberwar on Georgia" which is quoting me on page 4 regarding "too good to be courtesy of Russia's cyber militia" creative that appeared on the defaced Georgian President's website. more»
A managed spam vendor always has to raise the stakes during its introduction period on the market. But what happens when a market follower starts using the market leader's proprietary managed spamming system, and is able to provide better spamming rates at cheaper prices? Market forces and unethical competition at its best. more»
Surreal, especially when you get to read that EstDomains has "ruthlessly suspended over five thousand domains only for last week", and also, that it "has a reliable ally in its battle against malware in a face of Intercage, Inc." ... The press release reminds me of Russian Business Network's (RBN) defacement of my blog posted on the 1st of April, and despite that EstDomains started "performing for the community" as of recently, thanks to the collective intelligence and persistence of everyone turning their research into actionable intelligence against them, this performance aiming to minimize the effect of the negative PR is more or less futile... more»
or the cheap cybercriminals not wanting to invest a couple of thousand dollars into purchasing a cutting edge web malware exploitation kit with all the related and royalty free updates coming with it (a pirated copy of which they could ironically obtain several moths later), there are always the copycat malware kits... Taking into consideration the proprietary nature of some of the kits, the business model of malware kits was mostly relying on their exclusive nature next to the number, and diversity of the exploits included in order to improve the infection rate. This simplistic assumption on behalf of the coders totally ignored the possibility of their kits leaking to the general public... more»
Disintermediating the intermediaries in the cybercrime ecosystem, ultimately results in more profitable operations. Controversial to the concept of outsourcing, some cybercriminals are in fact so self-sufficient, that the stereotype of a mysterious 76service server offered for rent could in fact easily cease to exist in an ecosystem so vibrant that literally everyone can portion their botnet and start offering access to it on a multi-user basis. Evil? Obviously. Extending the lifecycle of a proprietary malware tool? Definitely. more»
There seems to be no such thing as a free phishing page these days, with phishers scamming one another at an alarming rate according to a recently published research entitled "There is No Free Phish: An Analysis of "Free" and Live Phishing Kits". Cybercriminals attempting to scam other cybercriminals has been happening for years, with old school cases where backdoored malware tools such as crypters and binders are offered for free, or a newly released RAT whose client is in fact infected with a third-party malware... more»
It gets very ugly when someone owns both, the botnet, and the portfolio of parked domains actively participating in pay per click (PPC) advertising programs, where the junk content, or the typosquatted domain names are aiming to attract high value and expensive keywords in order for the scammer to earn higher on per click percentage. This is among the very latest tactics applied by those engaged in click fraud activites. more»
How much malware is your antivirus solution detecting? A million, ten million, even "worse", less than a million? Does it really matter? No, it doesn't. What's marketable can also be irrelevant if you are to consider that today's malware is no longer coded, but generated efficiently and obfuscated on the fly. Sophos's recent statistics: "It is estimated that the total number of unique malware samples in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new samples of suspicious software every single day -- one every four seconds." more»
This email hacking as a service offering is the direct result of the public release of a do it yourself hacking kit consisting of each and every publicly known vulnerability for a variety of web based email service providers, with the idea to make it easier for someone to execute their attacks more efficiently. Outsource the hacking of someone's email, and receive a proof in the form of a screenshot of the inbox, next to a guarantee that you'll be able to get back in even after they've changed their passwords? Too good to be true, but since they only charge after they provide you with a proof that they did the job, they could be in fact attempting to hack these emails, compared to the majority of cases where scammers scam the scammers. more»
Last week's mass defacement of over 300 Lithuanian sites hosted on the same ISP, an upcoming attack that was largely anticipated due to the on purposely escalated online tensions out of Lithuan's accepted legislation banning communist symbols across the country, once again demonstrates information warfare building capabilities in action. Moreover, the attack is again relying on common prerequisites for a successful information warfare campaign, used in the Russia vs. Estonia cyberattack last year. These very same Internet PSYOPS tactics ensure the success of the information warfare as a whole... more»
It's one thing to start efficiently registering thousands of email accounts at reputable email providers by automatically breaking their CAPTCHA authentication, and entirely another to build a business model on the top of it next to the opportunity to abuse if for your own malicious purposes. Which is exactly what we have here, an underground service that's selling registered accounts at Gmail, Yahoo, Hotmail and the most popular Russian email providers in the thousands. more»
