Oh God Not Him Again. New More Sophisticated Zeus Is After SaaS Apps and Salesforce Accounts.

Posted on March 3rd, 2014 by Dan Rampe

 

Zeus

The original Zeus used lightning bolts. The bank Trojan Zeus uses malicious keystroke logging and steals banking credentials. This newest Zeus version uses web-crawling action to target software-as-a-service (SaaS) apps to access proprietary data or code.

Swati Khandelwal on the hackernews.com reports that one SaaS security firm vendor detected a malware campaign against a Salesforce.com customer. It started as an attack on an employee’s home computer. Using its web crawling ability, Zeus grabbed sensitive data from the customer’s CRM instance.

The attack was detected when the security company saw about 2GB of data downloaded to the victim’s computer in less than 10 minutes. While Zeus normally hijacks a user session to perform wire transactions, this latest version crawls the site and creates a real-time copy of a user’s Salesforce.com instance that has all the information from his/her company account.

Security professional Ami Luttwak said of the attack “This looks like a targeted attack against the company, cleverly targeting the employee home instead of the enterprise – thus bypassing the company controls. This was probably just the first step, using the Zeus Web inject capabilities they could have used the same tactics as in the banking sites attacks and ask the user to enter more information regarding his company credentials or send out messages in his name.”

Khandelwal notes that previously the FBI has warned companies about the GameOver banking Trojan, a Zeus variant aimed at spreading financial malware through phishing emails. Once installed, it carries out DDoS (Distributed Denial of Service) attacks using a botnet and flooding the targeted financial institution’s server with traffic.

Earlier this year, security researcher Gary Warner described a new variant of GameOver Zeus malware that used Encryption to bypass perimeter security.

It allowed attackers to bypass traditional security measures used by Salesforce.com and other SaaS apps and have Zeus grab loads of business data and customer information.

How computers are infected in the first place and who is behind the attacks is still not known.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Summertime – When the Scamming Is Easy. ThreatMetrix Advises How Not to Get Ripped Off by Vacation Rental and Ticket Scams, Credit Card Fraud and Email Hackers.

Posted on July 23rd, 2013 by Dan Rampe

Summer Vacation

Did you know there was a time when there was no cybercrime during the summer? Of course, that was when there wasn’t an Internet. Today, there is an Internet (okay, you knew that) and there is cybercrime in the summer. Make that rampant cybercrime.

A recent Orbitz.com study pointed out that 77 percent of consumers are planning summer getaways this year. But, instead of turning to travel agents or waiting in line at ticket windows, consumers are taking advantage of a vast array of travel Websites and apps to make airline and hotel reservations, buy tickets and arrange for all the myriad activities people do on their vacations.

“While digital ticketing is much more convenient for today’s consumers, they must take extra precaution when purchasing online due to payment fraud, identity spoofing and malware risks,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Summer is the time of year for travel, concerts and music festivals, and fraudsters always go where the money is. The last thing you want this summer is to get scammed by a fraudster when planning a family vacation.”

Vacationers aren’t the only ones making plans this summer season. Following are cybercriminals’ idea of fun and games over the holiday.

Ticketing scams – Nearly five million people a year purchase concert, sporting event and theme-park tickets which turn out to be fake. Using Websites and reseller sites such as Craigslist, cybercriminals sell hot tickets (hot in more ways than one) for high-demand events. Tickets are fake and customers are left out in the cold for the event.

Nonexistent vacation rentals – Consumers must beware of suspicious sites and emails offering vacation rental deals from third-party sources. Cybercriminals often set up fraudulent online travel agencies to con vacation-goers. Once a customer books advance tickets, the cybercriminal simply takes the money and runs. This is especially risky as consumers increasingly use vacation home swapping Websites, a prime target for cybercriminals.

Email hacks – There have been several high profile email hacks in the past year – including Yahoo!, Gmail, AOL and Hotmail. These jeopardized hundreds of thousands of email addresses. Given today’s shift to online buying, most tickets and travel confirmations are sent via email. A hacked email allows a cybercriminal to print and resell concert and other event tickets.

This summer, consumers aren’t the only targets of cybercriminals. Ticketing and travel and accommodation sites have to deal with the rising number of stolen credit cards. This year, U.S. consumers will spend $84 billion on hotel stays alone – most of which will be booked online and have to be screened for phony purchases. Summer travel and tourism businesses have to do extensive credit card screening looking for suspicious transactions. The best way is to leverage data from a collective network to weed out digital criminal identities from among legitimate customers. That’s the service the ThreatMetrix Global Trust Intelligence Network (The Network) offers. The Network analyzes more than 350 million monthly transactions for account takeover, payment fraud and identity spoofing attempts without inconveniencing authentic users.

“By leveraging the data of a collective network, online ticketing sites and travel agencies can assure their customers have fun in the sun without getting scammed by cybercriminals,” said Faulkner. “Once sophisticated cybercriminals figure out a way to compromise one travel or tourism business, they can easily target more players in the market. This collective threat requires a collective response such as a real-time threat intelligence network.”

ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

 

ThreatMetrix Cites Cybercrime Scams to Be Aware of as Summer Heats Up

Posted on July 23rd, 2013 by Dan Rampe

ThreatMetrix Warns Businesses and Consumers of Ticketing Scams, Nonexistent Vacation Rentals, Credit Card Fraud and Email Hacks

San Jose, CA – July 23, 2013 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime solutions, today announced several travel and ticketing scams to be aware of so businesses and consumers can avoid falling victim to cyber risks in the summer months. According to a recent Orbitz.com study, 77 percent of consumers are planning summer getaways this year, enticing cybercriminals to make a profit from various travel and ticketing scams.

Most consumers now purchase concert tickets and book travel arrangements, such as airfare and hotel rooms, online rather than visiting a travel agent or ticketing window. A variety of travel websites and apps now enable consumers to make reservations with the click of a button, placing trust in online transactions. This shift to digital trust offers a major opportunity for cybercriminals to target consumers and businesses as they plan summer leisure activities.

“While digital ticketing is much more convenient for today’s consumers, they must take extra precaution when purchasing online due to payment fraud, identity spoofing and malware risks,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Summer is the time of year for travel, concerts and music festivals, and fraudsters always go where the money is. The last thing you want this summer is to get scammed by a fraudster when planning a family vacation.”

As summer kicks into full gear, today’s savvy cybercriminals are scamming consumers planning summer activities and getaways. These scams include:

Ticketing scams – Nearly five million people a year purchase concert, sporting event and theme park tickets that turn out to be fraudulent. Cybercriminals use ticketing websites and reseller sites such as Craigslist for high-demand events to oversell tickets for personal profit at the expense of authentic buyers.

Nonexistent vacation rentals – Consumers must beware of suspicious sites and emails offering vacation rental deals from third-party sources. Cybercriminals often set up fraudulent online travel agencies to con vacation-goers. Once a customer books advance tickets, the cybercriminal simply takes the money and runs. This is especially risky as consumers increasingly use vacation home swapping websites, a prime target for cybercriminals.

Email hacks – There have been several high profile email hacks in the past year – including Yahoo!, Gmail, AOL and Hotmail – placing hundreds of thousands of email addresses in jeopardy. Given today’s shift to online purchasing, most tickets and travel confirmations are sent via email. A hacked email can enable cybercriminals to print and resell concert and other event tickets.

In addition to these risks facing consumers, ticketing, travel and accommodation sites face their own challenges with the growing use of stolen credit cards. This year, U.S. consumers will spend $84 billion on hotel stays alone – most of which will be booked online and need to be screened for fake purchases. To protect against such risks, businesses associated with summer travel and tourism must put preventative measures in place to protect themselves and consumers. Such measures include extensive credit card screening for suspicious transactions and leveraging the data of a collective network to detect legitimate customers and criminal digital identities , such as the ThreatMetrix Global Trust Intelligence Network (The Network). The Network analyzes more than 350 million monthly transactions for account takeover, payment fraud and identity spoofing attempts without inconveniencing authentic users.

“By leveraging the data of a collective network, online ticketing sites and travel agencies can assure their customers have fun in the sun without getting scammed by cybercriminals,” said Faulkner. “Once sophisticated cybercriminals figure out a way to compromise one travel or tourism business, they can easily target more players in the market. This collective threat requires a collective response such as a real-time threat intelligence network.”

About ThreatMetrix

ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Meghan Reilly
Walker Sands Communications
Tel: 312-445-9926
Email: meghan.reilly@walkersands.com

 

ThreatMetrix Protects Holiday Home Rental Websites – And Consumers – Against Scammers

Posted on July 1st, 2013 by Dan Rampe

ThreatMetrix_Rental_Scams_Infographic_EN

After working hard all year, it’s wonderful to think about taking a nice relaxing vacation. But there’s nothing wonderful about finding out the holiday home you rented doesn’t exist and the “owner” disappeared with your cash deposit. This has actually happened to many unsuspecting vacation seekers who rented a holiday home online. And, consumers need to watch out for many other scams run by cybercriminals who are looking to line their pockets with their vacation cash.

Fortunately, there are a lot of legitimate holiday home rental websites that are working hard to protect their users. Using the ThreatMetrix Cybercrime Defender Platform is one key way they can identify and block fraudsters. As my colleague, Dr. Stephen Topliss, ThreatMetrix Services and Support Director in EMEA, says: “We know that fraudsters are by nature greedy. They usually run the same scam multiple times. These actions enable ThreatMetrix to protect holiday home rental sites by gathering and analyzing data to identify abnormal behavior.”

So here are some ways ThreatMetrix can be used by holiday home rental websites to block scammers:

  • Identifying if multiple ads are being placed by the same device
  • Identifying abnormal behavior
  • Identifying properties listed from unusual or hidden IP addresses
  • Noting people using multiple or fake identities
  • Flagging fake registration information
  • Sharing known fraudulent behavior across holiday home rental sites

Cybercriminals continually come up with new and more dangerous scams, such as:

Posting Fake Properties: Placing an ad about a property that either doesn’t exist, or is not owned by the person placing it. The goal is to get a direct money transfer as a deposit for the property.

Impersonating Legitimate Owners: Fraudsters compromise an email account and impersonate a legitimate owner, sometimes using personal information gained from intercepting emails.

Redirecting Web Traffic: Initial correspondence via a legitimate travel site, then directs consumers to a bogus website with fake offers or promotions.

Booking Multiple Renters for Same Period: Someone who owns a property rents it many times for the same period. They take a deposit, then notify the renter that the property is not available – but the deposit is never returned.

Cancelling on Renters at Last Minute: Contacting the renter at the last minute to cancel, then not returning the deposit.

Phishing: Emails asking for bank details as a guarantee or deposit to secure a reservation.

Offering Time Sensitive or Winning a Dream Vacation: Many scams (email, ads) promise things that are too good to be true in an effort to get your personal information.

I’m regularly amazed and pleased that our online fraud prevention solutions can directly protect consumers in so many important ways — such as helping ensure they have a happy, well- deserved vacation. It’s also good to know that we’re able to protect the reputation of holiday home rental websites that are making good faith efforts to connect legitimate owners with prospective renters.