iBanking Mobile Bot Raising Its Shields
In the cyber-underground, one can never be too careful. Between researchers and law enforcement, cybercriminals are always wary of being shut-down or worse, caught and prosecuted. The developers of...
View ArticleRSA Uncovers Boleto Fraud Ring in Brazil
With the 2014 World Cup in full swing, all eyes have been on Brazil since the middle of June. As the world watches their favorite national teams battle on the pitch, IT security professionals at a...
View ArticleUnderstanding & Detecting Backoff POS Malware
Point of Sale (POS) malware has had its share of headlines this year. Now with the holiday shopping season underway POS systems will certainly be an enticing target for hackers to explore due to the...
View ArticleCoordinating Incident Response at Internet Scale (CARIS)
Coordinating incident response at Internet scale as a concept sounds fabulous, but can we achieve it? What will it take? For those working in incident response and information sharing efforts, we know...
View ArticleTeaching Analysts to Fish; How to Become Better at Detection and Response –...
Daily the media replays stories of yet another company that is the victim of an intrusion or breach. With all this attention, and sometimes hyperbole, are we as practitioners improving at detecting...
View ArticleWolves Among Us: Abusing Trusted Providers for Malware Operations
Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and...
View ArticleCVSS Scoring: Why your Smart Refrigerator does not need to be Patched...
Is a CVSS score of 10, really a 10 in your environment? Vulnerability Risk Management is a work in progress for most organizations. Having dealt with many customers in this space, we have seen it all –...
View ArticleCARIS Workshop Summary and Reflection
The Internet Architecture Board (IAB) and the Internet Society (ISOC) hosted a day-long Coordinating Attack Response at Internet Scale (CARIS) workshop which took place last Friday in coordination with...
View ArticleTerracotta VPN: Enabler of Advanced Threat Anonymity
Today, RSA Research published an in-depth report on a commercial VPN network, originating in China, which we are calling “Terracotta”. It is being used as a launch platform for APT actors including...
View ArticleAnother day. Another Ransomware.
TeslaCrypt is a ransomware trojan that targets computers with user data and specific computer games installed. Once the system is infected, the malware searches for various file types related to...
View ArticleMore Than Meets The Eye (Part 2): Solving the Browser Lock Ransom Page
In the original More than Meets the Eye blog, we discussed attackers’ ability to hide in plain sight. A very successful campaign that utilizes this approach is the fake FBI ransom webpage; a...
View ArticleBrowser Locked? Call This Number.
A new form of browser locker has recently surfaced. Browser-lockers are websites or pop-ups that redirect the browser to a website that locks-up the browser. The user is prevented from continuing any...
View Article