/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW DELHI, INDIA: Online fraud is a non-stop threat to organizations around the globe, and cyber criminals have no intention of slowing down the pace.
In fact, they continuously improve their technology, launch increasingly sophisticated attacks, and use advanced social engineering techniques to dupe online users into falling for scams, said RSA. Also, global conditions, such as the economy and vulnerabilities in financial markets, are likely to have an impact on the evolution of cybercrime.
In 2008, RSA saw the development of several sophisticated fast-flux network hosting services which were both deployed by fraudsters and provided for a fee for use by other online criminals.
And within those fast-flux networks, the RSA Anti-Fraud Command Center observed that online criminals were using them to launch both phishing and Trojan attacks and other malicious content such as money mule recruitment sites.
Fast-flux is an advanced DNS technique that utilizes a network of compromised computers, known as botnets, to host and deliver phishing and malware websites.
Trojan functionality and infrastructure will improve
The advanced stealth technology and other features of financial Trojans already exist. Trojans can now steal a wide variety of online credentials and assets and remain undetected for a considerable amount of time—as evidenced by the repository of stolen credentials stolen by the Sinowal Trojan discovered by RSA in October 2008. The Sinowal Trojan maintained one of the most advanced and reliable communication infrastructures which allowed it to gather and transmit information for almost three years. At that time, more than 5,10,000 compromised credentials were collected by Sinowal and then retrieved by RSA.
RSA predicts a rapid improvement in Trojan functions and infrastructures in the coming 12 months. In terms of functionality, RSA’s fraud analysts have already started to see various Trojan plug-ins available for sale in the fraud underground.
While functions will improve, RSA believes a primary focus for fraudsters over the course of the next 12 months will be upon improving the Trojan infrastructure. Similar to phishing websites, most servers hosting Trojans can still be easily detected and shut down, but this is changing. RSA expects the Trojan hosting infrastructure to evolve as online criminals will use both fast-flux networks for infection and/or drop domains and other alternatives such as the private networks similar to that used by the Sinowal Trojan.
Fraud-as-a-service:
Fraud-as-a-Service, or 'FaaS', is not a new concept. FaaS was coined by RSA in November 2008 to refer to the advanced supply chain that offers goods and services for sale to online criminals to aid them in committing fraud. In 2008, RSA observed an increase in the amount of services offered for hire in the underground including hosting services, Trojan infection kits, and cashout services.
RSA expects FaaS offerings to evolve even further over the next 12 months in order to support the development of the fraud economy.
Money muling
Money mule recruitment networks and 'mule herders'—managers who control the network of mules— is a specialized fraud cashout service that is managed within the fraud underground.
In 2008, RSA observed numerous mule recruitment scams sent via spam attacks that directed advertised allegedly legitimate jobs to perform money transfers. Websites lured people to apply for a position described as a 'money transfer agent' or 'regional manager'.
This is the part of the fraud supply chain where honest and innocent people who are not fraudsters can be hired to become part of the fraudsters’ money laundering process. Mules move cash that originates from compromised bank accounts, from one criminal to the other. Depending on the amount of money laundered, a mule will receive a small percentage for compensation.
As a result of the global economy, money mules are easier to recruit as there are more people out of work and fewer jobs available. Hence, RSA predicts that even more money muling operations will develop over the next year.
Correspondence between an online criminal and a potential mule:
In April 2008, RSA discovered a new two-fold technique that merged both classic phishing and malware content and associated tactics. The Rock Phish group was the first to pioneer this double vector attack as they used both phishing sites and the Zeus Trojan to attack and infect online users. Upon receiving the fraudulent correspondence, victims of these attacks were directed to phony websites created by fraudsters to solicit personal information. Concurrently, the Zeus Trojan infected their computers. As a result, if the legitimate Internet user did not fall for the phishing scam and divulge personal details on the website, the Trojan would later steal information that was transmitted while the victim interacted with other websites.
As online users have become more educated about cybercrime and the risks they face by providing their personal information on many websites, criminals have developed alternative ways to continue to dupe many of them. By leveraging spammed emails designed to initiate a phishing attack and direct unsuspecting users to a malware infection site, criminals can achieve greater results. In this way, a computer infected by a Trojan via this attack method helps to ensure that the fraudsters can gain access to personal information without requiring online users to proactively submit their personal information and credentials.
The volume of phishing attacks detected by RSA during 2008 grew 66 percent over those detected throughout 2007. Despite heightened awareness among online users, phishing remains a popular platform for fraudsters as it has a very low execution cost, can reach broad sets of users, and requires limited technical expertise to set up. For these reasons, RSA expects that the rate of phishing attacks will continue to increase throughout 2009 and beyond.
Enterprise fraud will increase:
Enterprise fraud is still in its infancy and online criminals are just starting to realize the potential benefits of what can be illegally collected from a business as the result of a phishing attack. RSA has witnessed many incidents of enterprise data that was received unintentionally via a broad online attack. RSA’s fraud analysts have uncovered VPN and web-mail account credentials within drop zones during the credential recovery process. RSA has also witnessed transactions between fraudsters such as the solicitation of e-mail addresses for top executives at US corporations for up to $50 for each address. This is indicative of the likelihood there will be an increase in the number of spear phishing incidents in the coming year.
RSA expects to see an increase in enterprise fraud in the next 12-18 months. This is an especially nefarious threat as online criminals stand the chance of gaining access to sensitive corporate data such as intellectual property and business plans.