SlideShare a Scribd company logo

RSA Monthly Online Fraud Report -- July 2013

E
EMC

The CARBERP Trojan Code is released #INTH3WILD – What's Next ? This report examines global phishing and cybercrime trends and offers the latest insight from the fraud underground.

TechnologyNews & Politics
1 of 5
Download to read offline
F R A U D R E P O R T THE CARBERP TROJAN CODE IS RELEASED #INTH3WILD – WHAT’S NEXT? July 2013 Be it internal disagreements within the Carberp team, or law enforcement pressure following the arrests in 2012, the Carberp cyber gang members have disbanded, leaving their Trojan code publicly available following a failed attempt to sell it. Reminiscent of the ZeuS Trojan’s source code leak, we can expect a few things to happen following the incident. But before doing so, let’s review the events that followed the ZeuS leak in 2011.  ZEUS SOURCE CODE LEAK An attempt to sell the ZeuS source code in an underground forum for – according to some estimates – as high as $100,000 started in early 2011. Following the failed sale, Slavik, the developer of ZeuS, handed over the code to a cyber rival, Gribodemon, the notorious SpyEye developer. The underground, abuzz with the news, keenly awaited the release of a merged, mighty SpyEye-ZeuS variant. Before one could be released, the ZeuS code was leaked and made publicly available. As predicted by many, different offspring began appearing, built on top of the ZeuS v2.0.8.9 codebase, and included Ice IX and Odin (both appearing in 2011), and most considerably – Citadel making its appearance in early 2012. As opposed to Ice IX, that mainly fixed bugs in the ZeuS code, Citadel was a major leap forward in terms of the malware’s functionality. Citadel not only repaired bugs in ZeuS, but deployed clever security measures to protect the malware and its infrastructure, as well as provided numerous new plug-ins to boost the Trojan’s functionality. In terms of a Fraud-as-a-Service (FaaS) business offering, Citadel became a lucrative commercial operation, offering its “customers” a CRM, paid tech support and constant version updates. In fact, Citadel was so successful that botmasters started replacing/upgrading existing bots with the malware.
page 2 But as with many great empires of the past, soon they will fall. Starting in mid-2012, RSA researchers began noticing the slow demise of commercial Trojan offerings. In April, the Ice IX business shut down with the disappearance of its developer; SpyEye then made its exit in May; and in a surprising turn of events, Citadel’s spokesperson – “Aquabox”, was banned from the only forum he was selling on (following a quarrel over customer support).  A NEW GENERATION OF MALWARE – WHAT’S NEXT? So, if history repeats itself, what are we to expect? With the above in mind, the following may transpire: –– We’ll see a proliferation of Carberp-based attacks. While this is likely less probable, the leak could spawn an entire business of low-level developers recompiling Carberp and offering it for sale “as is,” with no further feature developments or bug fixes. To demonstrate, the ZeuS code that once sold for $3,000 to $5,000 is now readily available for as low as $11 in the underground.  In terms of Trojan operation and feature set, Carberp is far more complex than ZeuS and less organized for the untrained cybercriminal, making it less appealing for would-be botmasters (or script kiddies). Not to mention the major weaknesses reported in the Carberp server-side, that make it “easier to hack than SpyEye” according to one security researcher.  With the abundance of ZeuS and ZeuS-based malware – according to RSA’s Anti-Fraud Command Center (AFCC), this malware’s share is over 83% of all Trojan attacks – and at very cheap prices, it would be surprising to see Carberp make a big impact in this strong market segment. –– The Carberp code spawns a commercial offspring and/or offerings. This scenario is more likely. As mentioned previously, Carberp is an extremely sophisticated piece of malware, boasting bootkit functionality. As a result, it is more likely that the code will be picked up by a cybercrime gang looking to develop the next big thing in malware.  With the trend towards privatizing malware development operations, the underground is currently lacking a (true) commercial Trojan; this vacuum may provide the right time and place for such an offering. Development may continue in closed, private groups, which develop the software for their own criminal purposes.  CONCLUSION There’s never a dull moment in cybercrime and the Carberp code leak only adds fuel to that fire.  The complexity of Carberp makes it less appearling as an “as-is” offering, but organized professional cybercrime teams may see the opportunity to be the first to finally offer a new, commercial Trojan based on the Carberp code, in the now very privatized underground. RSA FraudAction Research Labs continues to investigate and analyze the code and will publish its findings as those are made.
page 3 Phishing Attacks per Month RSA identified 35,831 phishing attacks launched worldwide in June, marking a 3% drop in attack volume from May, and a 31% decline year-over-year in comparison to June 2012. 0 10000 20000 30000 40000 50000 60000 Source:RSAAnti-FraudCommandCenter 51906 59406 49488 35440 33768 41834 29581 30151 27463 24347 26902 36966 35831 Jun12 Jul12 Aug12 Sep12 Oct12 Nov12 Dec12 Jan13 Feb13 Mar13 Apr13 May13 Jun13 US Bank Types Attacked Nationwide banks remained the most targeted by phishing in June, with 76% of phishing volume directed at them. Regional banks saw a 6% decrease in volume while credit unions witnessed a 3% increase. 0 20 40 60 80 100 Source:RSAAnti-FraudCommandCenter 10% 11% 11% 9% 9% 12% 6% 15% 8% 17% 15% 8% 11% 12% 15% 15% 14% 14% 9% 15% 15% 23% 23% 12% 19% 13% 78% 74% 74% 77% 77% 79% 79% 70% 69% 60% 73% 73% 76% Jun12 Jul12 Aug12 Sep12 Oct12 Nov12 Dec12 Jan13 Feb13 Mar13 Apr13 May13 Jun13
page 4 Top Countries by Attack Volume The U.S. remained the country enduring the highest volume (55%) of phishing attacks in June – a 5% increase from May. The UK was the second most targeted at 10% of volume, followed by Canada, South Africa, India, and the Netherlands. UKGermanyChinaCanadaSouth KoreaAustraliaa United Kingdom 10% U.S. 55% India 3% South Africa 5% Canada 7% Netherlands 3% 49 Other Countries 17% BrasilIndiaNetherlandsCanadaItalyChinaS AfricaUS Top Countries by Attacked Brands U.S. brands remained the most targeted by phishing at 25% of volume, followed by the UK and India. Other countries’ brands that were targeted heavily by phishing in June include Australia, Italy, China, Canada and France. Top Hosting Countries The U.S. remained the top hosting country in June, having hosted 45% of global phishing attacks, followed by Canada which hosted 9% of attacks. Chile and Turkey were both introduced as top hosts for phishing, each hosting 3% of phishing attacks for the month. U.S. 45% 54 Other Countries 23% Canada 9% Netherlands 4% Chile 3% France 3% Turkey 3% Germany 5% United Kingdom 5% BrasilIndiaNetherlandsCanadaItalyChinaS AfricaUSa United Kingdom 10% 50 Other Countries 35% U.S. 25% China 4% Canada 4% France 4% Australia 5% India 8% Italy 5%
www.emc.com/rsa CONTACT US To learn more about how RSA products, services, and solutions help solve your security challenges, contact your local representative or authorized reseller – or visit us at www.emc.com/rsa ©2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. JUL RPT 0713

Recommended

Mayrikis voski dzerqer
Mayrikis voski dzerqerMayrikis voski dzerqer
Mayrikis voski dzerqertatevabrahamyan
 
Web Session Intelligence for Dummies
Web Session Intelligence for DummiesWeb Session Intelligence for Dummies
Web Session Intelligence for DummiesEMC
 
Project Rubicon SAP HANA Team
Project Rubicon SAP HANA TeamProject Rubicon SAP HANA Team
Project Rubicon SAP HANA TeamEMC
 
Consulta de portales
Consulta de portalesConsulta de portales
Consulta de portalesLauma1416
 
Company presentation
Company presentationCompany presentation
Company presentationerobert291
 
Napolean thurs
Napolean thursNapolean thurs
Napolean thursTravis Klein
 
Netwerk Bewust Verbruiken, Sharing and Repairing
Netwerk Bewust Verbruiken, Sharing and RepairingNetwerk Bewust Verbruiken, Sharing and Repairing
Netwerk Bewust Verbruiken, Sharing and RepairingNetwerk Bewust Verbruiken
 
2015 day 3
2015 day 32015 day 3
2015 day 3Travis Klein
 

Recommended

Mayrikis voski dzerqer
Mayrikis voski dzerqerMayrikis voski dzerqer
Mayrikis voski dzerqertatevabrahamyan
 
Web Session Intelligence for Dummies
Web Session Intelligence for DummiesWeb Session Intelligence for Dummies
Web Session Intelligence for DummiesEMC
 
Project Rubicon SAP HANA Team
Project Rubicon SAP HANA TeamProject Rubicon SAP HANA Team
Project Rubicon SAP HANA TeamEMC
 
Consulta de portales
Consulta de portalesConsulta de portales
Consulta de portalesLauma1416
 
Company presentation
Company presentationCompany presentation
Company presentationerobert291
 
Napolean thurs
Napolean thursNapolean thurs
Napolean thursTravis Klein
 
Netwerk Bewust Verbruiken, Sharing and Repairing
Netwerk Bewust Verbruiken, Sharing and RepairingNetwerk Bewust Verbruiken, Sharing and Repairing
Netwerk Bewust Verbruiken, Sharing and RepairingNetwerk Bewust Verbruiken
 
2015 day 3
2015 day 32015 day 3
2015 day 3Travis Klein
 
2015 day 10
2015 day 102015 day 10
2015 day 10Travis Klein
 
Deeltopia
DeeltopiaDeeltopia
DeeltopiaNetwerk Bewust Verbruiken
 
Hadoop Design Patterns
Hadoop Design PatternsHadoop Design Patterns
Hadoop Design PatternsEMC
 
VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service Survey VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service SurveyEMC
 
Beautiful
BeautifulBeautiful
BeautifulChandan Dubey
 
Where doyoustand!(1)
Where doyoustand!(1)Where doyoustand!(1)
Where doyoustand!(1)Chandan Dubey
 
Golfbrands
GolfbrandsGolfbrands
Golfbrandsjgalla14
 
1948 creation of israel wed
1948 creation of israel wed1948 creation of israel wed
1948 creation of israel wedTravis Klein
 
Federal trade commission ppt presentation2
Federal trade commission ppt presentation2Federal trade commission ppt presentation2
Federal trade commission ppt presentation2Brooke444
 
La meva primera presentació
La meva primera presentacióLa meva primera presentació
La meva primera presentacióhelenbou4352
 
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...Dr. Raju M. Mathew
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.Microsoft TechNet - Belgium and Luxembourg
 
ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?Dr. Raju M. Mathew
 
Renaissance art
Renaissance artRenaissance art
Renaissance artTravis Klein
 
Federated Approach for Interoperating AEC/FM Ontologies
Federated Approach for Interoperating AEC/FM OntologiesFederated Approach for Interoperating AEC/FM Ontologies
Federated Approach for Interoperating AEC/FM OntologiesAna Roxin
 
Mon economic assumptions
Mon economic assumptionsMon economic assumptions
Mon economic assumptionsTravis Klein
 
Teamwork
TeamworkTeamwork
TeamworkChandan Dubey
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 

More Related Content

Viewers also liked

Hadoop Design Patterns
Hadoop Design PatternsHadoop Design Patterns
Hadoop Design PatternsEMC
 
VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service Survey VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service SurveyEMC
 
Where doyoustand!(1)
Where doyoustand!(1)Where doyoustand!(1)
Where doyoustand!(1)Chandan Dubey
 
Golfbrands
GolfbrandsGolfbrands
Golfbrandsjgalla14
 
1948 creation of israel wed
1948 creation of israel wed1948 creation of israel wed
1948 creation of israel wedTravis Klein
 
Federal trade commission ppt presentation2
Federal trade commission ppt presentation2Federal trade commission ppt presentation2
Federal trade commission ppt presentation2Brooke444
 
La meva primera presentació
La meva primera presentacióLa meva primera presentació
La meva primera presentacióhelenbou4352
 
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...Dr. Raju M. Mathew
 
ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?Dr. Raju M. Mathew
 
Federated Approach for Interoperating AEC/FM Ontologies
Federated Approach for Interoperating AEC/FM OntologiesFederated Approach for Interoperating AEC/FM Ontologies
Federated Approach for Interoperating AEC/FM OntologiesAna Roxin
 
Mon economic assumptions
Mon economic assumptionsMon economic assumptions
Mon economic assumptionsTravis Klein
 

Viewers also liked (17)

2015 day 10
2015 day 102015 day 10
2015 day 10
 
Deeltopia
DeeltopiaDeeltopia
Deeltopia
 
Hadoop Design Patterns
Hadoop Design PatternsHadoop Design Patterns
Hadoop Design Patterns
 
VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service Survey VMworld : 2013 Journey to IT as a Service Survey
VMworld : 2013 Journey to IT as a Service Survey
 
Beautiful
BeautifulBeautiful
Beautiful
 
Where doyoustand!(1)
Where doyoustand!(1)Where doyoustand!(1)
Where doyoustand!(1)
 
Golfbrands
GolfbrandsGolfbrands
Golfbrands
 
1948 creation of israel wed
1948 creation of israel wed1948 creation of israel wed
1948 creation of israel wed
 
Federal trade commission ppt presentation2
Federal trade commission ppt presentation2Federal trade commission ppt presentation2
Federal trade commission ppt presentation2
 
La meva primera presentació
La meva primera presentacióLa meva primera presentació
La meva primera presentació
 
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
 
ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?
 
Renaissance art
Renaissance artRenaissance art
Renaissance art
 
Federated Approach for Interoperating AEC/FM Ontologies
Federated Approach for Interoperating AEC/FM OntologiesFederated Approach for Interoperating AEC/FM Ontologies
Federated Approach for Interoperating AEC/FM Ontologies
 
Mon economic assumptions
Mon economic assumptionsMon economic assumptions
Mon economic assumptions
 
Teamwork
TeamworkTeamwork
Teamwork
 

More from EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

More from EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Recently uploaded

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 

Recently uploaded (20)

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

RSA Monthly Online Fraud Report -- July 2013

  • 1. F R A U D R E P O R T THE CARBERP TROJAN CODE IS RELEASED #INTH3WILD – WHAT’S NEXT? July 2013 Be it internal disagreements within the Carberp team, or law enforcement pressure following the arrests in 2012, the Carberp cyber gang members have disbanded, leaving their Trojan code publicly available following a failed attempt to sell it. Reminiscent of the ZeuS Trojan’s source code leak, we can expect a few things to happen following the incident. But before doing so, let’s review the events that followed the ZeuS leak in 2011.  ZEUS SOURCE CODE LEAK An attempt to sell the ZeuS source code in an underground forum for – according to some estimates – as high as $100,000 started in early 2011. Following the failed sale, Slavik, the developer of ZeuS, handed over the code to a cyber rival, Gribodemon, the notorious SpyEye developer. The underground, abuzz with the news, keenly awaited the release of a merged, mighty SpyEye-ZeuS variant. Before one could be released, the ZeuS code was leaked and made publicly available. As predicted by many, different offspring began appearing, built on top of the ZeuS v2.0.8.9 codebase, and included Ice IX and Odin (both appearing in 2011), and most considerably – Citadel making its appearance in early 2012. As opposed to Ice IX, that mainly fixed bugs in the ZeuS code, Citadel was a major leap forward in terms of the malware’s functionality. Citadel not only repaired bugs in ZeuS, but deployed clever security measures to protect the malware and its infrastructure, as well as provided numerous new plug-ins to boost the Trojan’s functionality. In terms of a Fraud-as-a-Service (FaaS) business offering, Citadel became a lucrative commercial operation, offering its “customers” a CRM, paid tech support and constant version updates. In fact, Citadel was so successful that botmasters started replacing/upgrading existing bots with the malware.
  • 2. page 2 But as with many great empires of the past, soon they will fall. Starting in mid-2012, RSA researchers began noticing the slow demise of commercial Trojan offerings. In April, the Ice IX business shut down with the disappearance of its developer; SpyEye then made its exit in May; and in a surprising turn of events, Citadel’s spokesperson – “Aquabox”, was banned from the only forum he was selling on (following a quarrel over customer support).  A NEW GENERATION OF MALWARE – WHAT’S NEXT? So, if history repeats itself, what are we to expect? With the above in mind, the following may transpire: –– We’ll see a proliferation of Carberp-based attacks. While this is likely less probable, the leak could spawn an entire business of low-level developers recompiling Carberp and offering it for sale “as is,” with no further feature developments or bug fixes. To demonstrate, the ZeuS code that once sold for $3,000 to $5,000 is now readily available for as low as $11 in the underground.  In terms of Trojan operation and feature set, Carberp is far more complex than ZeuS and less organized for the untrained cybercriminal, making it less appealing for would-be botmasters (or script kiddies). Not to mention the major weaknesses reported in the Carberp server-side, that make it “easier to hack than SpyEye” according to one security researcher.  With the abundance of ZeuS and ZeuS-based malware – according to RSA’s Anti-Fraud Command Center (AFCC), this malware’s share is over 83% of all Trojan attacks – and at very cheap prices, it would be surprising to see Carberp make a big impact in this strong market segment. –– The Carberp code spawns a commercial offspring and/or offerings. This scenario is more likely. As mentioned previously, Carberp is an extremely sophisticated piece of malware, boasting bootkit functionality. As a result, it is more likely that the code will be picked up by a cybercrime gang looking to develop the next big thing in malware.  With the trend towards privatizing malware development operations, the underground is currently lacking a (true) commercial Trojan; this vacuum may provide the right time and place for such an offering. Development may continue in closed, private groups, which develop the software for their own criminal purposes.  CONCLUSION There’s never a dull moment in cybercrime and the Carberp code leak only adds fuel to that fire.  The complexity of Carberp makes it less appearling as an “as-is” offering, but organized professional cybercrime teams may see the opportunity to be the first to finally offer a new, commercial Trojan based on the Carberp code, in the now very privatized underground. RSA FraudAction Research Labs continues to investigate and analyze the code and will publish its findings as those are made.
  • 3. page 3 Phishing Attacks per Month RSA identified 35,831 phishing attacks launched worldwide in June, marking a 3% drop in attack volume from May, and a 31% decline year-over-year in comparison to June 2012. 0 10000 20000 30000 40000 50000 60000 Source:RSAAnti-FraudCommandCenter 51906 59406 49488 35440 33768 41834 29581 30151 27463 24347 26902 36966 35831 Jun12 Jul12 Aug12 Sep12 Oct12 Nov12 Dec12 Jan13 Feb13 Mar13 Apr13 May13 Jun13 US Bank Types Attacked Nationwide banks remained the most targeted by phishing in June, with 76% of phishing volume directed at them. Regional banks saw a 6% decrease in volume while credit unions witnessed a 3% increase. 0 20 40 60 80 100 Source:RSAAnti-FraudCommandCenter 10% 11% 11% 9% 9% 12% 6% 15% 8% 17% 15% 8% 11% 12% 15% 15% 14% 14% 9% 15% 15% 23% 23% 12% 19% 13% 78% 74% 74% 77% 77% 79% 79% 70% 69% 60% 73% 73% 76% Jun12 Jul12 Aug12 Sep12 Oct12 Nov12 Dec12 Jan13 Feb13 Mar13 Apr13 May13 Jun13
  • 4. page 4 Top Countries by Attack Volume The U.S. remained the country enduring the highest volume (55%) of phishing attacks in June – a 5% increase from May. The UK was the second most targeted at 10% of volume, followed by Canada, South Africa, India, and the Netherlands. UKGermanyChinaCanadaSouth KoreaAustraliaa United Kingdom 10% U.S. 55% India 3% South Africa 5% Canada 7% Netherlands 3% 49 Other Countries 17% BrasilIndiaNetherlandsCanadaItalyChinaS AfricaUS Top Countries by Attacked Brands U.S. brands remained the most targeted by phishing at 25% of volume, followed by the UK and India. Other countries’ brands that were targeted heavily by phishing in June include Australia, Italy, China, Canada and France. Top Hosting Countries The U.S. remained the top hosting country in June, having hosted 45% of global phishing attacks, followed by Canada which hosted 9% of attacks. Chile and Turkey were both introduced as top hosts for phishing, each hosting 3% of phishing attacks for the month. U.S. 45% 54 Other Countries 23% Canada 9% Netherlands 4% Chile 3% France 3% Turkey 3% Germany 5% United Kingdom 5% BrasilIndiaNetherlandsCanadaItalyChinaS AfricaUSa United Kingdom 10% 50 Other Countries 35% U.S. 25% China 4% Canada 4% France 4% Australia 5% India 8% Italy 5%
  • 5. www.emc.com/rsa CONTACT US To learn more about how RSA products, services, and solutions help solve your security challenges, contact your local representative or authorized reseller – or visit us at www.emc.com/rsa ©2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. JUL RPT 0713