CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

Size: px
Start display at page:

Download "CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS"

Transcription

1 CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS May 2012 As of April 30th, 2012 the Citadel Trojan was at its fourth upgrade with Version already in the hands of its customers. Citadel s features, bug fixes and added modules (each priced separately), have long gone beyond what Zeus ever offered as Slavik s zeal for developing the malware died down when law enforcement got too close for the Trojan creator s comfort. It is already very clear that Citadel is the new Zeus in more ways than one: it was based on the Zeus code and it has all the functions going way beyond any crimeware kit to date. More importantly, it is the only commercial malware in the cybercrime arena being aggressively marketed to criminals at this time, and quite logically, Citadel is slowly but surely converting Zeus operators and bringing them over to its ranks, further eroding Zeus market-share. Putting one s self in the shoes of a cybercriminal who has just decided to begin botherding, what would the first thing on the to-do list be? How about seeking-out a crime kit that will provide technical set-up, support, CRM, updates and in-depth understanding of cybercrime? It has to be commercially available check; and its developers have to be serious and responsive check as well. In a Jeopardy game, the obvious reply would be What is Citadel? CITADEL WHAT REALLY CHANGED SINCE ZEUS V2? RSA researchers have been analyzing variants of the Citadel Trojan and setting apart the hype from factual changes made to Citadel that were written differently in its base code, Zeus v FRAUD REPORT

2 The following functions are the main changes observed to date: Feature Added Trojan s encryption method Local Pharming More functions hooks The C&C server side Basic Detail Citadel uses a more sophisticated encryption method to have its bots communicate with the C&C servers, including hardcoded key, RC4 and AES 1 combined Citadel hooks local DNS-related Windows functions and can be configured to redirect any host IP, thus enabling the fraudster to both create more reliable phishing attacks and isolate victim machines from AV services With its hooking variety, Citadel covers a much larger array of Windows functions than Zeus ever did The Citadel botnet has been patched against common attack methods that plagued Zeus The Citadel Encryption Method Going back to how the communication was programmed to happen between Zeus v2 variants and their C&C servers researchers recall it was encrypted with a symmetric encryption algorithm: RC4, with a pre-shared key defined by the builder. Some variants of Zeus were seen using AES encryption instead of RC4, which is stronger, and still used with a predefined key. Citadel combined those two encryption methods, and topped them with an additional layer: Every Citadel variant has a hardcoded MD5 string (probably a hash of the password set by the builder) in addition to the RC4 key. In runtime, the MD5 string is run through MD5 function a second time The result (the new MD5) is then encrypted using RC4 with the stored key That final result is used in the creation of an AES encryption/decryption key using AES schedule routines The Trojan s communication is then encrypted using AES encryption. This three-fold effort provides botmasters with strong encryption out of the box even if they were to choose a weak password, it would practically be impossible to brute-force or break into their bots communications. Local Pharming: Citadel s Custom DNS Redirection Right from its first release, Citadel introduced this new option to botmasters, designed to allow them to change the behavior of name resolution on infected machines. Bottom line, this means that the botmaster can decide which URLs the victim can or cannot reach, and what page the victim will land on instead of the original page they were looking for. This particular redirection scheme occurs by installing hooks on two DNS related functions: gethostbyname getaddrinfo In order to implement this functionality, a new block was added to the config file, containing names and IP pairs. Whenever an infected process[2] tries to resolve a hostname to an IP address, the request will first pass through Citadel s routines. The Trojan will then try to resolve the address using regular mechanisms; if successful, it will check its own configuration for a name/ip pair match. If such a match is found the Trojan will return the pre-defined (fraudulent) address to the caller. page 2

3 It s worth mentioning that if the regular DNS request fails (domain does not exist, network timeout etc.) Citadel will return the original error message to the caller, even if a matching address is found in its botmaster s config. This behavior makes the redirection appear less suspicious in aspects of network monitoring and typical request/answer times. The local pharming functionality allows botnet operators to leverage two main attack vectors: Isolation of the infected machine, blocking its access to certain unwanted services, including AV providers, web-based malware scans, security providers web sites, abuse lists and malware update servers. The second attack vector that can be facilitated greatly by local pharming is the deployment of sophisticated phishing attacks, redirecting Trojan-infected victims to fraudulent servers when they attempt to reach a legitimate URL via their browser. Citadel s C&C Server-Side Improvements and Security Patches The Citadel Trojan used the well known Zeus server panel and patched it against webbased attacks. Another minor change is in the panel s visual design, making it appear more professional for the users and affording added control over infected bots. Many of Citadel s functions and options are embedded into the panel ad-hoc as the team sees fit. THE COST OF CYBERCRIME WITH CITADEL What can a cyber crook expect to pay for this next generation crimeware kit? The following table represents the selling price today for Citadel and its respective technical set-up, support, updates and other various features: Feature Overview Cost Citadel VNCF ox 2012 Citadel SOCKS Checker CBOT EXE Auto-Encryption Plugin Log Parser Plugin CardSwipe module Automatic iframer of FTP accounts from logs GeoIP-filter Duplicate-Cleaner The Citadel CRM Membership Connect infected machines via remote adminstration tool (VNC) Allows access and proxy traffic through bots located on different botnets Uses web browsing to check the target bot s match, up to 99.9% accuracy Automates the encryption task for new variants created Adds filtering options to the immense amounts of stolen incoming data Picks out card numbers from outgoing web traffic Steals FTP account credentials from bots and feeds them into iframes that facilitate traffic to the botnet s infection points Provides protection against tracking and unwanted attention by filtering out complete country IP ranges Complete removal of all incoming duplicate records from logs working non-stop Community, support, business partners, advertising, forum $495 USD / 375 $49 / 37 $295 USD / pay per encryption at $15 / $295 / 225 $250 / 190 $1000 / 755 $ 380 / 290 $90 / 70 Monthly fee $125 / 95 from each user page 3

4 WHAT DOES CITADEL S FUTURE HOLD? The team developing Citadel appears to be taking the project very seriously and seems to be working tirelessly on patching clunky Zeus mechanisms and adding new ones, making the Trojan increasingly modular and adapted to cybercrime endeavors. The Citadel Trojan is being aggressively marketed within the fraud underground and will be a crimeware kit to be reckoned with in From March to April, RSA saw a 20 percent increase in the use of Citadel in the Trojan attacks we analyzed. RSA is conducting research into the Citadel Trojan on an ongoing basis and will continue to report on new findings as they become available. page 4

5 Phishing Attacks per Month In April, there was an 86 percent increase in the total number of global phishing attacks with a total of 35,558 unique phishing attacks identified by RSA May 11 Apr Jul 11 Jun Sept 11 Aug Feb 12 Jan 12 Dec 11 Nov 11 Oct Mar Apr 12 Source: RSA Anti-Fraud Command Center Number of Brands Attacked The number of brands targeted through April dropped five percent from March, standing at a total of 288 brands targeted by phishing attacks Apr May Jun Jul Aug Sept 11 Oct Nov Dec Jan 12 Feb Mar Apr 12 Source: RSA Anti-Fraud Command Center page 5

6 US Bank Types Attacked U.S. nationwide brands saw a 24 percent increase in phishing attacks in April. Regional banks accounted for a considerably lower portion of targeted brands, dropping from 30 percent in March to 11 percent in April % 12% 11% 10% 19% 6% 14% 9% 6% 19% 3% 12% 7% 22% 12% 20% 23% 20% 25% 12% 16% 13% 9% 21% 30% 63% 76% 69% 67% 61% 69% 74% 75% 86% 68% 76% 58% 82% 11% Source: RSA Anti-Fraud Command Center Apr 12 Mar 12 Feb 12 Jan 12 Dec 11 Nov 11 Oct 11 Sept 11 Aug 11 Jul 11 Jun 11 May 11 Apr 11 a Australia South Korea Colombia 1.5% Canada China Brazil 1% Germany UK 45 Other Countries 6% Top Countries by Attack Volume In April, only five countries endured more than one percent of phishing attack volume with over 90 percent of the entire volume targeted at the UK, Canada and the U.S. U.S. 22% United Kingdom 42% Canada 28% page 6

7 New Zealand 2% a US S Africa Colombia 2% France 3% China South Africa 2% Italy Canada Germany 2% Netherlands India Bras Top Countries by Attacked Brands Brands in the U.S., UK, Australia and India were targeted by almost 50 percent of phishing attacks in April, followed by Canada, Brazil and Italy. China 3% Brazil 4% Italy 4% Canada 4% U.S. 27% India 5% Australia 5% United Kingdom 11% 37 Other Countries 26% Spain 2% Italy 1% a US S Africa China Japan 2% Italy Vietnam 1% Canada Netherlands India Bra Canada 2% Top Hosting Countries In April, 55 percent of phishing attacks were hosted in the U.S., followed by Brazil which hosted 13 percent marking a five percent increase from March. France 2% Germany 2% Australia 3% United Kingdom 4% U.S. 55% Brazil 13% 60 Other Countries 13% page 7

8 CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller or visit us at EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. MAY RPT 0512

PHISH LOCKERS OUT IN THE WILD

PHISH LOCKERS OUT IN THE WILD PHISH LOCKERS OUT IN THE WILD August 2013 RSA researchers have been increasingly witnessing the activity of highly targeted Trojans, dubbed Phish Lockers, used at the hands of cybercriminals to steal credentials.

More information

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

BUGAT TROJAN JOINS THE MOBILE REVOLUTION BUGAT TROJAN JOINS THE MOBILE REVOLUTION June 2013 RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat s developers managed to develop and deploy mobile malware designed to

More information

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat

More information

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD April 2013 As cybercriminals will have it, phishing attacks are quite the seasonal trend. It seems that every April, after showing a slight decline

More information

EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER March 2013 Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information

More information

MALWARE TOOLS FOR SALE ON THE OPEN WEB

MALWARE TOOLS FOR SALE ON THE OPEN WEB MALWARE TOOLS FOR SALE ON THE OPEN WEB May 2014 RSA Research, while investigating a Zeus Trojan sample, discovered an additional drop server used by a fraudster who is offering a set of spyware tools for

More information

BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION

BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION December 2013 In the last few years, we have seen the mobile space explode with malware. According to a recent report by Trend Micro, the number of

More information

Phishing Activity Trends Report June, 2006

Phishing Activity Trends Report June, 2006 Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account

More information

Phishing Activity Trends Report for the Month of December, 2007

Phishing Activity Trends Report for the Month of December, 2007 Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record

More information

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information

More information

Security Business Review

Security Business Review Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large

More information

Current counter-measures and responses by CERTs

Current counter-measures and responses by CERTs Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure

More information

The Citadel Banking Malware: Capabilities, Development History and Use in Cyber Crime

The Citadel Banking Malware: Capabilities, Development History and Use in Cyber Crime The Citadel Banking Malware: Capabilities, Development History and Use in Cyber Crime ThreatScape Intelligence Cyber Crime Report November 5, 2013 Version: [1] Key Points Citadel is based on the publicly

More information

Median and Average Sales Prices of New Homes Sold in United States

Median and Average Sales Prices of New Homes Sold in United States Jan 1963 $17,200 (NA) Feb 1963 $17,700 (NA) Mar 1963 $18,200 (NA) Apr 1963 $18,200 (NA) May 1963 $17,500 (NA) Jun 1963 $18,000 (NA) Jul 1963 $18,400 (NA) Aug 1963 $17,800 (NA) Sep 1963 $17,900 (NA) Oct

More information

HOSPIRA (HSP US) HISTORICAL COMMON STOCK PRICE INFORMATION

HOSPIRA (HSP US) HISTORICAL COMMON STOCK PRICE INFORMATION 30-Apr-2004 28.35 29.00 28.20 28.46 28.55 03-May-2004 28.50 28.70 26.80 27.04 27.21 04-May-2004 26.90 26.99 26.00 26.00 26.38 05-May-2004 26.05 26.69 26.00 26.35 26.34 06-May-2004 26.31 26.35 26.05 26.26

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud 1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Innovations in Network Security

Innovations in Network Security Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.

More information

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response Dragonfly: Western Energy Companies Under Sabotage Threat 1 What is Dragonfly? Ongoing cyberespionage campaign Targeting the

More information

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................

More information

Domain Name Abuse Detection. Liming Wang

Domain Name Abuse Detection. Liming Wang Domain Name Abuse Detection Liming Wang Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 2 Why?

More information

THE UNIVERSITY OF BOLTON

THE UNIVERSITY OF BOLTON JANUARY Jan 1 6.44 8.24 12.23 2.17 4.06 5.46 Jan 2 6.44 8.24 12.24 2.20 4.07 5.47 Jan 3 6.44 8.24 12.24 2.21 4.08 5.48 Jan 4 6.44 8.24 12.25 2.22 4.09 5.49 Jan 5 6.43 8.23 12.25 2.24 4.10 5.50 Jan 6 6.43

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Botnets: The Advanced Malware Threat in Kenya's Cyberspace Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)

More information

Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance

Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Presentation for the Seventh European Academic Conference on Internal Audit

More information

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.

More information

Detecting Remote Access (RAT) Attacks on Online Banking Sites

Detecting Remote Access (RAT) Attacks on Online Banking Sites Detecting Remote Access (RAT) Attacks on Online Banking Sites A BioCatch White Paper Document Overview Remote Access Tools (RATs) allow an attacker to take control over a desktop and use it remotely, opening

More information

Protecting Your POS System from PoSeidon and Other Malware Attacks

Protecting Your POS System from PoSeidon and Other Malware Attacks Protecting Your POS System from PoSeidon and Other Malware Attacks A Multi-tier, Defense in Depth Strategy for Securing Point of Sale Systems from Remote Access Attacks Retailers are being threatened by

More information

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA Prevent Malware attacks with F5 WebSafe and MobileSafe Alfredo Vistola Security Solution Architect, EMEA Malware Threat Landscape Growth and Targets % 25 Of real-world malware is caught by anti-virus Malware

More information

2012 NORTON CYBERCRIME REPORT

2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND,

More information

RSA ADVANCED FRAUD INTELLIGENCE

RSA ADVANCED FRAUD INTELLIGENCE RSA ADVANCED FRAUD INTELLIGENCE Service Description AT A GLANCE RSA s Advanced Fraud Intelligence is a service that provides organizations with the actionable intelligence they need to better understand

More information

Operation Liberpy : Keyloggers and information theft in Latin America

Operation Liberpy : Keyloggers and information theft in Latin America Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation

More information

Using big data analytics to identify malicious content: a case study on spam emails

Using big data analytics to identify malicious content: a case study on spam emails Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime

More information

SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013

SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013 SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013 p. 2 CONTENTS CONTENTS 3 Executive Summary 4 BIG NUMBERS 7 TARGETED ATTACKS 8 Targeted Attacks in 2013 8 Targeted Attacks per Day 8 First Attacks Logged by Month

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Malware Analysis Summary: Dyre. F5 Security Operations Center November 2014

Malware Analysis Summary: Dyre. F5 Security Operations Center November 2014 Malware Analysis Summary: Dyre F5 Security Operations Center November 2014 WHY MALWARE MATTERS Long gone are the days when fraud was perpetrated primarily by forging checks or IDs to assume a stolen identity.

More information

A TASTE OF HTTP BOTNETS

A TASTE OF HTTP BOTNETS Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success HACKER INTELLIGENCE INITIATIVE The Secret Behind 1 1. Introduction The Imperva Application Defense Center (ADC) is a premier research organization for security analysis, vulnerability discovery, and compliance

More information

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way

More information

Five Trends to Track in E-Commerce Fraud

Five Trends to Track in E-Commerce Fraud Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other

More information

Win the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business

Win the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business Win the Internet Security War Keep Internet Criminals Out of Your Network and Protect Your Business Takeaways Cyber-criminals are using emails & social engineering to infiltrate your network Your team

More information

A March 2016 The Economic Pulse

A March 2016 The Economic Pulse Global @dvisor The Economic Pulse of the World Citizens in 25 Countries Assess the Current State of their Country s Economy for a Total Global Perspective The Economic Pulse These are the findings of the

More information

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR 場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance

More information

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey

More information

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology BioCatch Fraud Detection CHECKLIST 6 Use Cases Solved with Behavioral Biometrics Technology 1 2 MAN-IN-THE- BROWSER MALWARE ATTACK DETECTION (E.G. DYRE, NEVERQUEST) REMOTE ACCESS (RAT) DETECTION Challenge:

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and

More information

CaliberRM / LDAP Integration. CaliberRM

CaliberRM / LDAP Integration. CaliberRM CaliberRM / LDAP Integration CaliberRM Borland Software Corporation 100 Enterprise Way Scotts Valley, California 95066-3249 www.borland.com Made in Borland Copyright 2004 Borland Software Corporation.

More information

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

Transaction Anomaly Protection Stopping Malware At The Door. White Paper Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side

More information

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network

More information

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization

More information

ThreatSTOP Technology Overview

ThreatSTOP Technology Overview ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds

More information

10 Things Every Web Application Firewall Should Provide Share this ebook

10 Things Every Web Application Firewall Should Provide Share this ebook The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security

More information

Resilient Botnet Command and Control with Tor

Resilient Botnet Command and Control with Tor Resilient Botnet Command and Control with Tor Dennis Brown July 2010 10/14/10 1 Who am I? Dennis Brown Security Researcher for Tenable Network Solutions Toorcon 10, 11 Defcon 18 PaulDotCom Podcast Rhode

More information

Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec

Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec June 2011 Copyright 2011. Yankee Group Research, Inc.

More information

A June 2015 The Economic Pulse

A June 2015 The Economic Pulse Global @dvisor The Economic Pulse of the World Citizens in 24 Countries Assess the Current State of their Country s Economy for a Total Global Perspective The Economic Pulse These are the findings of the

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

Phishing Activity Trends Report. 1 st Half 2011. Unifying the. Global Response To Cybercrime

Phishing Activity Trends Report. 1 st Half 2011. Unifying the. Global Response To Cybercrime 1 st Half 2011 Unifying the Global Response To Cybercrime January June 2011 Phishing Report Scope The APWG analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners,

More information

Email Security 8.0 User Guide

Email Security 8.0 User Guide Email Security 8.0 User Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to

More information

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious

More information

One Minute in Cyber Security

One Minute in Cyber Security Next Presentation begins at 15:30 One Minute in Cyber Security Simon Bryden Overview Overview of threat landscape Current trends Challenges facing security vendors Focus on malware analysis The year? The

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

User Documentation Web Traffic Security. University of Stavanger

User Documentation Web Traffic Security. University of Stavanger User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...

More information

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your

More information

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS TABLE OF CONTENTS BEST SECURITY PRACTICES Home banking platforms have been implemented as an ever more efficient 1 channel through for banking transactions.

More information

New Features... 1 Installation... 3 Upgrade Changes... 3 Fixed Limitations... 4 Known Limitations... 5 Informatica Global Customer Support...

New Features... 1 Installation... 3 Upgrade Changes... 3 Fixed Limitations... 4 Known Limitations... 5 Informatica Global Customer Support... Informatica Corporation B2B Data Exchange Version 9.5.0 Release Notes June 2012 Copyright (c) 2006-2012 Informatica Corporation. All rights reserved. Contents New Features... 1 Installation... 3 Upgrade

More information

Strategic Anti-malware Monitoring with Nessus, PVS, & LCE

Strategic Anti-malware Monitoring with Nessus, PVS, & LCE Strategic Anti-malware Monitoring with Nessus, PVS, & LCE August 2, 2012 (Revision 2) Copyright 2002-2012 Tenable Network Security, Inc. Tenable Network Security, Nessus and ProfessionalFeed are registered

More information

INDUSTRY OVERVIEW: RETAIL

INDUSTRY OVERVIEW: RETAIL ii IBM MSS INDUSTRY OVERVIEW: RETAIL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: JANUARY 5, 215 BY: DAVID MCMILLEN, SENIOR THREAT RESEARCHER Copyright IBM Corporation 214. All rights reserved. IBM and

More information

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat www.etda.or.th

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat www.etda.or.th Cybersecurity: Thailand s and ASEAN s priorities Soranun Jiwasurat www.etda.or.th Cyber Threat Landscape Overview 2 Cyber threat a hostile act using computers, electronic information and/or digital networks

More information

NAV HISTORY OF DBH FIRST MUTUAL FUND (DBH1STMF)

NAV HISTORY OF DBH FIRST MUTUAL FUND (DBH1STMF) NAV HISTORY OF DBH FIRST MUTUAL FUND () Date NAV 11-Aug-16 10.68 8.66 0.38% -0.07% 0.45% 3.81% 04-Aug-16 10.64 8.66-0.19% 0.87% -1.05% 3.76% 28-Jul-16 10.66 8.59 0.00% -0.34% 0.34% 3.89% 21-Jul-16 10.66

More information

The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report:

The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Author: Examining the Creation, Distribution, and Function

More information

Internet Security Topics

Internet Security Topics Internet Security Topics JPCERT/CC Japan Computer Emergency Response Team Coordination Center Yurie Ito, Director Technical Operation 1 Today s Agenda 1. Incident Trends Purpose/motivation, methods 2.

More information

Ziv Mador Senior Program Manager and Response Coordinator. Jeff Williams Principal Group Manager. Microsoft Malware Protection Center

Ziv Mador Senior Program Manager and Response Coordinator. Jeff Williams Principal Group Manager. Microsoft Malware Protection Center Ziv Mador Senior Program Manager and Response Coordinator Jeff Williams Principal Group Manager Microsoft Malware Protection Center Trend of Malware and Potentially Unwanted Software becoming more regional

More information

Who Is Fighting Phishing

Who Is Fighting Phishing Who Is Fighting Phishing An Overview of the Phishing Lifecycle and the Entities Involved White Paper Who Is Fighting Phishing An Overview of the Phishing Lifecycle and the Entities Involved Contents Introduction

More information

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from

More information

Analysis One Code Desc. Transaction Amount. Fiscal Period

Analysis One Code Desc. Transaction Amount. Fiscal Period Analysis One Code Desc Transaction Amount Fiscal Period 57.63 Oct-12 12.13 Oct-12-38.90 Oct-12-773.00 Oct-12-800.00 Oct-12-187.00 Oct-12-82.00 Oct-12-82.00 Oct-12-110.00 Oct-12-1115.25 Oct-12-71.00 Oct-12-41.00

More information

Protecting Your Business from Online Banking Fraud

Protecting Your Business from Online Banking Fraud Protecting Your Business from Online Banking Fraud Robert Comella, Greg Farnham, John Jarocki October 2009 Objective According to Brian Krebs of The Washington Post, smaller organizations are suffering

More information

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9

More information

INDUSTRY OVERVIEW: FINANCIAL

INDUSTRY OVERVIEW: FINANCIAL ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL

More information

Current Threat Scenario and Recent Attack Trends

Current Threat Scenario and Recent Attack Trends Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks

More information

HIDING THE NETWORK BEHIND THE NETWORK. BOTNET PROXY BUSINESS MODEL Alexandru Maximciuc, Cristina Vatamanu & Razvan Benchea Bitdefender, Romania

HIDING THE NETWORK BEHIND THE NETWORK. BOTNET PROXY BUSINESS MODEL Alexandru Maximciuc, Cristina Vatamanu & Razvan Benchea Bitdefender, Romania HIDING THE NETWORK BEHIND THE NETWORK. BOTNET PROXY BUSINESS MODEL Alexandru Maximciuc, Cristina Vatamanu & Razvan Benchea Bitdefender, Romania Email {amaximciuc, cvatamanu, rbenchea}@ bitdefender.com

More information

Spy Eye and Carberp the new banker trojans offensive

Spy Eye and Carberp the new banker trojans offensive Spy Eye and Carberp the new banker trojans offensive The common way for a wanna-be hacker to fulfill his sick aspirations is to achieve a known trojan there is a plenty on the Internet, sometimes they

More information

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific

More information

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians? From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that

More information

MALICIOUS REDIRECTION A Look at DNS-Changing Malware

MALICIOUS REDIRECTION A Look at DNS-Changing Malware MALICIOUS REDIRECTION A Look at DNS-Changing Malware What are Domain Naming System (DNS)-changing malware? These recently garnered a lot of attention due to the recent Esthost takedown that involved a

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS* COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun

More information

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS* COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun

More information

Cyber Attack Trend and Botnet

Cyber Attack Trend and Botnet Cyber Attack Trend and Botnet S.C. Leung CISSP CISA CBCP Agenda Botnet and Cyber Attack Trends Botnet Attack Trends Commercialization of Cyber Crime Professionalization of Cyber Crimeware Social Engineering

More information

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security

More information

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013 Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information