Malware
November 19th, 2015 by Elma Jane

Cyphort Advance Malware Defense, the next generation Advanced Persistent Threat (APT) defense company, recently analyzed the top financial malware threats cybercriminals are using to target electronic payment systems. This will raise awareness of the dangers they present.

Most dangerous financial malware threats of 2015:

Zeus – Since debuting in 2007, this malware has infected tens of millions of computers worldwide. Financial service professionals consider it to be the most severe threat to online banking.

SpyEye – This Trojan horse has infected 1.4 million computers worldwide. Banking information is stolen using a keylogger application, and the bot can take screenshots of a victim’s machine.

Torpig – This botnet is spread using a Trojan horse called Mebroot. Torpig steals targeted login credentials to access bank accounts. It is difficult to detect because it hides its files and encrypts its logs.

Vawtrak – This a relatively new Trojan that can spread itself via social media, email and file transfer protocols. Its unique feature is that it can hide evidence by changing the balance shown to the victim.

Bebloh – This malware targets login credentials to intercept online transactions and breach financial systems.

Shylock – Attacks European banks via Man-in-the-Browser exploits. Worldwide, it has infected 60,000 computers using Microsoft Windows.

Dridex – Malicious code is executed via email attachments and Microsoft Word documents that contain macros that can download a second-stage payload, which can then download and execute the Trojan.

Dyre – Relies on malicious PDF attachments that can exploit unpatched versions of Adobe Reader. The email subject line will be misspelled and read “Unpaid invoic” or contain the attachment “Invoice621785.pdf.” Once the document is opened, Dyre can obtain bank account credentials. 

Financial malware has been around for more than a decade, it is quickly evolving in sophistication, to make sure your organization is protected from financial malware, Cyphort recommends the following: 

  1. Keep system and applications patched.
  2. Educate employees to be careful when visiting websites with popups. If a person does need to go to such a site, do so from a non-Windows platform.
  3. Adopt a new defense paradigm that continually monitors, diagnoses and mitigates attacks.

Posted in Best Practices for Merchants Tagged with: , , , , , , ,

February 3rd, 2014 by Elma Jane

The migration to cards that use chips instead of magnetic strips, known as EMV technology, is well underway in the U.S. No government regulation is needed to make it happen. But the EMV migration and the Target breach are different things. It’s true that EMV chip cards can prevent criminals from producing counterfeit cards using stolen account numbers. But EMV doesn’t stop criminals using stolen cards online. So innovators are deploying new technologies to deter other forms of fraud.

Headline-grabbing events inevitably lead to calls for new laws. But in the case of our nation’s electronic payments systems, new government mandates would stifle marketplace innovations that hold great promise for providing consumer benefits and reducing criminal activities.

Financial institutions compete for customers by providing consumer protections even beyond requirements of current law. Many retailers also offer customers speedy transactions, such as “sign and go” and “swipe and go” for small transactions, while the payments industry ensures consumers still have zero liability. These protections and flexibility are why U.S. consumers are going cashless and carry more than one billion debit and credit cards. More than 70% of retail purchases are made with electronic payments, and our member companies process more than $4 trillion in electronic payments each year.

Fraud accounts for fewer than six cents of every $100 spent on payments systems – a fraction of a tenth of a percent. U.S. companies have made significant financial and technological investments, building sophisticated fraud tools that insulate consumers from liability. To build on this, Congress should foster greater international law enforcement cooperation to fight cybercrime, particularly in countries that harbor crime rings, and replace 46 divergent state breach notification laws with a uniform national standard.

The private sector is best positioned to address the constantly shifting tactics of criminals, and it is doing so without government mandates. Do Americans really want the government in charge of the security and monitoring of our payments?

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, EMV EuroPay MasterCard Visa, Financial Services, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , ,