Below is a roundup of the biggest cybersecurity news stories from the past month.

A Cryptocurrency-Stealing Trojan Meets Victims at the Point of Purchase

The TrickBot Trojan has been making the rounds, focusing on — what else? — stealing cryptocurrency. The malware uses webinjections to modify webpages presented to the user. When a person goes to a legitimate bitcoin exchange to make a purchase, the malware intercepts information going to and from the browser. A separate webinjection modifies the payment processing logic to trick the user into believing that the transaction has gone through. The victim thinks everything went well, but the bitcoin never arrives. Instead, it’s routed to one of TrickBot’s operators.

Phishing Attacks Grow More Sophisticated

Phishing attacks continue to dominate cybersecurity news. A new, highly targeted form of spear phishing uses wire transfers to claim its victims.

Late last year, IBM X-Force Incident Response and Intelligence Services (IRIS) began noticing a surge in business email compromise (BEC) scams aimed at fooling accounts payable personnel into making wire transfers to attacker-controlled accounts. Fraudsters used stolen email credentials and social engineering tactics to execute these schemes without compromising the network.

These attacks showed a higher level of sophistication than most phishing campaigns. For example, attackers spoofed email addresses to appear to be contacts known to the recipient. They mimicked earlier communications and inserted themselves into existing conversations. They even found and filled out forms and spoofed approval emails before setting up fraudulent DocuSign sites to distribute wire transfer documents.

Another phishing campaign that hit just before Valentine’s Day used zombie bots to distribute an estimated 230 million spam emails over a two-week period. The spam storm was coordinated by the Necurs botnet, and its scope indicates that these distributed attacks can get very large. Flirtatious messages tied to the campaign capitalized on the romantic season: Cybercriminals feigned as if they were women who saw the would-be victim’s social profile and wanted to get in touch. Usually, such spam emails are chock-full of misspellings and grammatical errors, but that wasn’t the case with this latest effort.

Device ID Is No Longer Foolproof

Security professionals thought they hit upon a nearly invincible form of authentication and fraud detection when they began using device IDs. This technique plumbs information about users’ physical devices — including cookies, operating system, IP address and other properties — to verify that the party at the other end of an exchange is legitimate.

But cybercriminals have caught up with device ID. Their latest trick is to use social engineering to inject remote access Trojans that permit them to hijack end-user devices. Users appear legitimate, but attackers are secretly using their credentials and device to steal account access.

That doesn’t mean security organizations should abandon device ID. Companies should also look for additional indicators of fraudulent activity for each user, device, behavior and session.

IBM Study Reveals Age Gap When It Comes to Identity

IBM’s “Future of Identity Study,” which queried 4,000 adults from around the world, turned up some interesting changes in attitudes toward protecting and managing online identities. The bad news is that a lot of people still use the same password for multiple accounts, leaving them open to mayhem should just one of those accounts be compromised.

But there’s a lot of good news as well. People are becoming more accepting of biometric authentication, with 87 percent of respondents saying they would be willing to use tactics such as fingerprint scans in the future. Older people tend to be more security-aware than their younger counterparts, which isn’t surprising given that they are likely to have more to lose. However, millennials and Gen Xers are more accepting of biometrics, more likely to use password managers and quicker to abandon services that have lost their trust.

The survey also showed that social networks have some work do to on the trust front. Respondents ranked these services last among institutions that they trust to properly handle and secure sensitive data. Financial institutions scored much higher, indicating that the trust they’ve established with customers is a valuable asset at a time of business disruption.

A Honeypot That Gives Attackers a Taste of Their Own Medicine

Honeypots have been around for a long time, but IBM Master Inventor James Kozloski has a new take on their value when it comes to dealing with one of the most frustratingly persistent attack types: phishing emails.

His notion is to develop an AI-powered honeypot that mimics a gullible user to confuse and frustrate an attacker. The honeypot would respond to phishing emails with messages that dupe senders into believing that their scam worked. Or, it could overwhelm fraudsters with hundreds of false positive messages, tying them in knots while they try to figure out which are real. It also gives spammers a dose of their own medicine, which has a certain innate appeal.

Kozloski’s honeypot doesn’t exist as a product yet, but it is an active area of study for IBM Research and could show up in the real word before long.

More from Fraud Protection

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

What to do about the rise of financial fraud

6 min read - As our lives become increasingly digital, threat actors gain even more avenues of attack. With the average person spending about 400 minutes online, many scammers enjoy a heyday. Old impersonation scams continue to deceive people every day, as con artists and hackers are armed with advanced technologies and sophisticated social engineering tactics. According to the Federal Trade Commission, financial fraud increased by over 30% from 2021 to 2022, with total losses surpassing $8.8 billion. This ever-evolving threat will continue to…