Below is a roundup of the biggest cybersecurity news stories from the past month.

A Cryptocurrency-Stealing Trojan Meets Victims at the Point of Purchase

The TrickBot Trojan has been making the rounds, focusing on — what else? — stealing cryptocurrency. The malware uses webinjections to modify webpages presented to the user. When a person goes to a legitimate bitcoin exchange to make a purchase, the malware intercepts information going to and from the browser. A separate webinjection modifies the payment processing logic to trick the user into believing that the transaction has gone through. The victim thinks everything went well, but the bitcoin never arrives. Instead, it’s routed to one of TrickBot’s operators.

Phishing Attacks Grow More Sophisticated

Phishing attacks continue to dominate cybersecurity news. A new, highly targeted form of spear phishing uses wire transfers to claim its victims.

Late last year, IBM X-Force Incident Response and Intelligence Services (IRIS) began noticing a surge in business email compromise (BEC) scams aimed at fooling accounts payable personnel into making wire transfers to attacker-controlled accounts. Fraudsters used stolen email credentials and social engineering tactics to execute these schemes without compromising the network.

These attacks showed a higher level of sophistication than most phishing campaigns. For example, attackers spoofed email addresses to appear to be contacts known to the recipient. They mimicked earlier communications and inserted themselves into existing conversations. They even found and filled out forms and spoofed approval emails before setting up fraudulent DocuSign sites to distribute wire transfer documents.

Another phishing campaign that hit just before Valentine’s Day used zombie bots to distribute an estimated 230 million spam emails over a two-week period. The spam storm was coordinated by the Necurs botnet, and its scope indicates that these distributed attacks can get very large. Flirtatious messages tied to the campaign capitalized on the romantic season: Cybercriminals feigned as if they were women who saw the would-be victim’s social profile and wanted to get in touch. Usually, such spam emails are chock-full of misspellings and grammatical errors, but that wasn’t the case with this latest effort.

Device ID Is No Longer Foolproof

Security professionals thought they hit upon a nearly invincible form of authentication and fraud detection when they began using device IDs. This technique plumbs information about users’ physical devices — including cookies, operating system, IP address and other properties — to verify that the party at the other end of an exchange is legitimate.

But cybercriminals have caught up with device ID. Their latest trick is to use social engineering to inject remote access Trojans that permit them to hijack end-user devices. Users appear legitimate, but attackers are secretly using their credentials and device to steal account access.

That doesn’t mean security organizations should abandon device ID. Companies should also look for additional indicators of fraudulent activity for each user, device, behavior and session.

IBM Study Reveals Age Gap When It Comes to Identity

IBM’s “Future of Identity Study,” which queried 4,000 adults from around the world, turned up some interesting changes in attitudes toward protecting and managing online identities. The bad news is that a lot of people still use the same password for multiple accounts, leaving them open to mayhem should just one of those accounts be compromised.

But there’s a lot of good news as well. People are becoming more accepting of biometric authentication, with 87 percent of respondents saying they would be willing to use tactics such as fingerprint scans in the future. Older people tend to be more security-aware than their younger counterparts, which isn’t surprising given that they are likely to have more to lose. However, millennials and Gen Xers are more accepting of biometrics, more likely to use password managers and quicker to abandon services that have lost their trust.

The survey also showed that social networks have some work do to on the trust front. Respondents ranked these services last among institutions that they trust to properly handle and secure sensitive data. Financial institutions scored much higher, indicating that the trust they’ve established with customers is a valuable asset at a time of business disruption.

A Honeypot That Gives Attackers a Taste of Their Own Medicine

Honeypots have been around for a long time, but IBM Master Inventor James Kozloski has a new take on their value when it comes to dealing with one of the most frustratingly persistent attack types: phishing emails.

His notion is to develop an AI-powered honeypot that mimics a gullible user to confuse and frustrate an attacker. The honeypot would respond to phishing emails with messages that dupe senders into believing that their scam worked. Or, it could overwhelm fraudsters with hundreds of false positive messages, tying them in knots while they try to figure out which are real. It also gives spammers a dose of their own medicine, which has a certain innate appeal.

Kozloski’s honeypot doesn’t exist as a product yet, but it is an active area of study for IBM Research and could show up in the real word before long.

More from Fraud Protection

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today