Kaspersky Lab Details New Banking, ATM Attack Campaigns
Kaspersky Labs has reported 3 major threats to financial institutions, One Carbanak, is an evolution of an attack first reported in 2015, the other two (Metel and GCMAN) are new, "metel" translates to "snowstorm" in Russian. Each threat is independent of each other although the later two are copycats of the Carbanak attack.
Kaspersky first revealed the operations of Carbanak in February 2015, and the same group using the same tools created Carbanak 2.0, Golovanov said. After Kaspersky first reported on Carbanak, the group went under the radar but reappeared later in the year with functionality that allowed it to attack point-of-sale (POS) targets.
The Metel attack campaign is also targeting financial institutions, though it has specific functionality for ATM withdrawals. Metel is able to roll back an ATM transaction automatically so that an attacker can steal money from a victim's account, but the rollback will reset the victim's account balance, tricking the bank into thinking that an account balance is unchanged, even after an attacker has made a withdrawal.
The initial infection malware has the primary goal of gathering information about a targeted system. The malware sends out info about the computer, processes and even takes screenshots to help cyber-criminals evaluate the value of a target.
While Metel uses malware to infect its victims, the GCMAN financial campaign is using legitimate penetration testing tools to exploit banks. Among the tools used by GCMAN are Meterpreter, a payload delivery tool that is part of the open-source Metasploit penetration testing framework.
The combined effect of the three attacks are having an impact on financial firms in Russia. So far no attacks outside of Russia has been identified but experts think the exploits are much more widespread and financial firms around the globe are advised to check for infection.
Google's Chrome Browser May Soon Mark HTTP Sites Unsafe
This is really a good thing. Too many users are infected by malware while happily surfing the web by visiting unsecured websites. Malware is uploaded to a compromised website and then delivered to the user by duping them into a download or slipped to them without their knowledge. Always be vigilant when browsing the internet.
Google Discloses Flaws in Avast, Comodo and Malwarebytes Products
A lot of security firms are using the open source Chromium project to build their own browsers similar to Kaspersky's Safe Money add-in product.
For Avast, Google security researcher Tavis Ormandy reported that the Avastium browser, which is based on Google's open-source Chromium project, is at risk from a remote attacker.
Security vendor Comodo also has sparked the ire of Ormandy for its fork of Chromium, dubbed Chromodo. In his bug report on Comodo, Ormandy wrote that Chromodo "disables all Web security." He called out the fact that Chromodo disables Chromium's Same Origin Policy, which is a key security feature.
"Malwarebytes fetches their signature updates over HTTP, permitting a man-in-the-middle attack," Ormandy warned.
Malwarebytes has issued its own advisory on the issue and is pledging to provide users with a patched update.
For more information on Kaspersky "Safe Money", visit the following link.
http://www.kaspersky.com/downloads/pdf/kaspersky_lab_whitepaper_safe_money_eng_final.pdf
New 6th Generation Intel Processors
30x Better 3D graphics vs. a 5 year old PC
New 6th Generation Intel Processors
30x Better 3D graphics vs. a 5 year old PC
Get Creative, Play Harder,striking visuals in higher resolution, faster frame rates, Ultra HD 4K multimedia experiences. With a 6th generation Intel® Core™ processor inside, you can watch, play, and game like never before. Bring the action to life.
No comments:
Post a Comment