Kindsight Blog

Discussing Identity Theft and Current Online Threats

Avoiding Phishing Attacks After the Epsilon Breach

Have you received an email from Best Buy, Citi, Marriott or others explaining how lists of their customers’ email addresses may have fallen into the wrong hands? If so, you’re not alone.

Epsilon, which manages email marketing campaigns for many brands, including Best Buy, Target and Walgreens, and large financial organizations such as Citi and Chase, revealed last week that it had suffered a security breach that exposed email addresses and customer names of these companies and many more.

Attack in Depth: Oddjob and Tatanga

In this “Attack in Depth” post we will take a closer look at two of the latest banking Trojans. Previously we discussed how Zeus would infect your computer to access your bank account. Oddjob and Tatanga are the latest contenders in what is becoming quite a large field of malware focused on stealing your identity and money.

Tatanga

Tatanga is a “Man in the Browser” banking attack that is currently targeting banking customers in Spain, Portugal, Germany and the UK. Like Zeus, the malware attaches to your browser where it can monitor all your Internet activity, including visits to your banking web site. When you visit your banking web site, it steals your account information and password and sends it to the attacker. It can also execute automated transactions, spoof your account balance and grab your e-mail address book, which it then sends to the attacker. Trend Micro reports that it also makes videos (screen captures) of you banking transactions and sends the attacker detailed information on the applications that you have installed on your computer.

Malware Distributed through “Trusted” Android Market

The spread of malware to smart-phones was high on our prediction list for 2011. It now appears that this prediction was bang-on, especially in the case of Android-based smartphones.

It was recently discovered that over 50 Android applications, distributed through the official Android Market, have been infected with DroidDream malware. The malware was downloaded to over 260,000 devices before Google became aware of the problem.

Threats in the News for February

As part of our ongoing Threats in the News series, each month we summarize the more interesting articles we find about online threats. This post is by no means exhaustive and you can find more articles in our Industry News section.

Looking at the Threats in the News for February provides an interesting snapshot of the major vectors of attack that we need to watch out for online. Of course, there were attacks that exploit social networks (Facebook and YouTube) and attacks that capitalize on top news stories or timely events (tax season and Valentine’s Day).

The Need for Enterprise Security Practices in Home Networks

With the number of online threats increasing, it’s not surprising that enterprises spend billions each year to protect their networks, devices and communications. Businesses large and small deploy a number of security products to protect their assets including:

Has Mobile Malware Already Arrived?

The spread of malware to smart-phones was high on our prediction list for 2011. The good news is that it’s now February and except for the Geinimi outbreak in China, we haven’t seen any major outbreaks so far. The bad news is that security researchers keep finding new ways to exploit mobile phones.

Threats in the News for January

As part of our ongoing Threats in the News series, each month we summarize the more interesting articles we find about online threats. This post is by no means exhaustive and you can find more articles in our Industry News section.

While spammers went quiet over the holidays as we explored in our post last week, there was no shortage of attacks in January, including the return of spam with some leveraging the upcoming tax season.

Did Spammers Need a Holiday too?

Did you notice that over the holidays the level of spam dropped significantly? Did spammers decide they need a holiday too? Did you celebrate and think we had finally seen an end to spam?

Brian Krebs at Krebs on Security wrote that the decline actually began in October after Spamit, a Russian affiliate program used to promote Canadian Pharmacy sites, decided to close abruptly because, according to Matthew Schwartz at InformationWeek, it was drawing too much attention.

Attack in Depth: Firesheep

It’s a Saturday afternoon and you’re sitting in Starbucks waiting for a friend. You’ve got your computer out and you’re on Facebook making sure everyone knows about tonight’s party. A guy walks in and sits at the table near the back. He takes out his laptop, connects to Starbucks’ free Wi-Fi and launches Firefox. With a few mouse clicks he starts up Firesheep, the latest Firefox addon, which opens up a sidebar display in the left margin and begins to fill in with information. At the top is your Facebook profile picture and contact information.

Firesheep addon

Figure 1: Facebook user shows up in sidebar

2011 Predictions: The Year of Mobile Malware, finally?

In addition to looking back at the attacks we saw in 2010, here are some predictions for network security trends that will affect consumers in 2011.

Mobile Malware

As smartphones become the device of choice for accessing the Internet, it’s inevitable that they will be exploited by cybercriminals, despite the best efforts of manufacturers and application developers to prevent it. The smartphone culture that downloads “apps” for just about everything is a huge target that will not be ignored by malware developers.