Imperva, Inc., has published its latest Hacker Intelligence Initiative (HII) Report: ‘Phishing Trip to Brazil.’ This new report, published by the Imperva Application Defense Center (ADC), offers a detailed look at a cyber attack targeting consumers using a banking Trojan , and shows how consumer-centric cyber crimes can compromise the enterprise.
The report also demonstrates that despite potential anti-malware defences / defences, attacks that target individual employees can easily enter the enterprise network.
To conduct this report, the Imperva ADC evaluated 14 different command and control (C&C) servers comprised of more than 10,000 records across almost 5,000 different IP addresses. The major findings in the report include:
- The majority of infections found occurred during ‘office hours,’ leading to the conclusion that the infected computers were being used for business.
- At least 17 percent of infected machines were directly attached to enterprise networks, showing the ease with which cyber-attacks targeting consumers still put enterprises at risk.
- The consumer-centric cyber crimes used malware that rely on social engineering to infect the victim. A legitimate-looking email containing a link to a zipped file is sent to the victim. Once the victim extracts the file and knowingly or unknowingly clicks the executable, the targeted person is infected. The malware then starts to monitor user activity. After the user connects to a business site, in the case of the report, a Brazilian bank, the malware intercepts session data, which it then sends to the cybercriminals.
- Cyber criminals are extremely adept at compromising user credentials, which they then leverage for fraud or further attacks.
Other key findings from the report include:
- The cyber crime campaigns were not conducted by just one group of criminals operating behind the scenes. It appears that there are several groups of criminals, with varying technical and social engineering skills, all leveraging the same underlying malware. This illustrates how cyber crime itself has become an industry.
- Some of the C&C servers were found on legitimate websites that had been hijacked, while others were found on servers that were set up specifically to provide C&C functionality.
- The report focused on malware originating from Brazil, targeting Brazilian banks, but similar exploits are possible in other locations and industries.
A full version of the Phishing Trip to Brazil HII report is available at https://www.imperva.com/DefenseCenter/HackerIntelligenceReports