Published on March 18, 2014
page 1R S A M O N T H LY F R A U D R E P O R T F R A U D R E P O R T MO’ MONEY MO’ PROBLEMS March 2014 Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without the risk of losing them in a bust. The obvious choices were Perfect Money and BitCoin, but both currencies carry inherent risk. Perfect Money is of questionable background, while BitCoin does not provide fraudsters the required level of anonymity and is not immune to seizure. These risks have pushed the underground to adopt—or really create—unique currency systems to help protect the financial security of its dwellers. In a recent on-going investigation, RSA’s Fraud Intelligence agents have identified and have been tracking the growing adoption of forum-specific currencies. These financial platforms allow users to safely transact within their own community, under the supervision of the forum administrator, avoiding the use of the more public currency options such as Perfect Money and BitCoin. In some instances different forums shared the same currency further widening the use and adoption of these platforms. MUSD The MUSD currency is used in a single underground board, and has been active since November 2013. Forum members can use the currency to purchase items/services from each other, as well as pay for advertising on the board itself. The currency provides a built-in escrow-service and guarantees anonymity. The forum administrator vouches for the currency system and is responsible for all its operations. One can exchange funds to or from MUSD through exchange agents. Two verified exchange agent services currently work with MUSD in this board, with one offering to cash out MUSD for hard currency in person at an office in Kiev, Ukraine. Exchange rates are linked to the US dollar and are set at 1 MUSD = $1 USD.
page 2R S A M O N T H LY F R A U D R E P O R T UNITED PAYMENT SYSTEM The United Payment System currency appears to be shared by four different Russian language forums, with each forum designating its own sub-currency with the forum’s initials. For example, DM RUR and MM RUR (DM and MM are initials of forum names, and “RUR” indicates Russian Ruble). Each forum has its own official exchange agent, and each exchange agent has an administrator. To make sure the exchange agent stays “honest”, a senior forum member is appointed to supervise and review the activities of the exchange agent. Funds can be added or cashed out via the exchange agents with cash out options including refilling different pre-paid cards. The interesting thing about this currency is that it is shared across a number of forums allowing members from different forums to transact. UAPS UAPS has been in use for over a year and is used with two of the most powerful boards in the Russian-language cybercrime community and in fact is referred to as the ‘First Commercial Bank’ on one of them. Of the three currencies discussed here, it appears to be the most advanced and secure option for fraudsters, with ongoing improvements and upgrades being implemented by a dedicated software team. Adding funds and cashing out is available directly from the UAPS system. The system emphasizes maintaining end-user security and privacy, implementing a strict data retention policy of just two months. CONCLUSION The advent of new private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual fraudsters and between fraudster boards in the cybercrime world. These new internal currencies are carefully administered and secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for law enforcement to trace, block, or seize funds and accounts. Figure 1 MUSD exchange rates Figure 2 United Payment System icon Figure 3 UAPS currency system login screen
page 3R S A M O N T H LY F R A U D R E P O R T Phishing Attacks per Month RSA identified 36,883 phishing attacks in February, marking a 21% increase from January’s attack numbers. This also represents a 35% increase from the number of attacks a year ago. US Bank Types Attacked Nationwide banks continued to be the most targeted by phishing with 68% of total volume in February, and credit unions saw a sharp spike in attacks – jumping from 16% to 27% compared to January. Top Countries by Attack Volume The U.S. remained the most targeted country in February with an overwhelming 77% of total phishing volume, followed by the UK, South Africa, the Netherlands, and Canada. 36,883 Attacks Credit Unions Regional National 77% 5% 4% 3% South Africa Netherlands UK U.S. MARCH 2014 Source: RSA Anti-Fraud Command Center
www.emc.com/rsa CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa Top Countries by Attacked Brands In February, nearly 40% of phishing attacks were targeted at brands in the U.S. and UK. Brands in India, Canada and Australia were collectively targeted by 15% of total phishing volume. Top Hosting Countries The U.S. hosted 34% of global phishing attacks in February, followed by Canada, Germany, France and Brazil. ©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. MAR RPT 0314 11% U.S. UK 27% 5% 4%6% 34% GLOBAL PHISHING LOSSES FEBRUARY 2014
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...
RSA MONTHLY FRAUD REPORT. page 3. POS malware does this by searching for simple regular expressions for card magnetic stripe data. When a card number is ...
FRAUD REPORT HACKTIVISM AND THE ... increase in attack volume from March. Number of Brands Attacked ... RSA Monthly Online Fraud Report -- May 2013 Author:
RSA MONTHLY FRAUD REPORT page 1 FRAUD REPORT MO’ MONEY MO’ PROBLEMS March 2014 Ever since the Liberty Reserve takedown in May of last year and the ...
March 2014; February 2014; January 2014; December 2013; November 2013; October 2013; View more reports; Subscribe to receive RSA's monthly online fraud report;
Share RSA Monthly Online Fraud Report ... RSA Monthly Online Fraud Report - March 2013. ... RSA Monthly Online Fraud Report – May 2014.
RSA MONTHLY FRAUD REPORT page 1 FRAUD REPORT MALWARE TOOLS FOR SALE ON THE OPEN WEB May 2014 RSA Research, while investigating a Zeus Trojan sample ...
... March 26, 2014 - Black Hat ... for 2014. The report highlighted 2013 as a record year for phishing attacks, in which RSA’s anti-fraud ...