It’s that time of the year! The moment when we reflect back on the cybercrime tactics, techniques and procedures (TTPs) that shaped 2013, in order to constructively speculate on what’s to come for 2014 in terms of fraudulent and malicious campaigns, orchestrated by opportunistic cybercriminal adversaries across the globe. Throughout 2013, we continued to observe and profile TTPs, which were crucial for the success, profitability and growth of the cybercrime ecosystem internationally, such as, for instance, widespread proliferation of the campaigns, professionalism and the implementation of basic business/economic/marketing concepts, improved QA (Quality Assurance), vertical integration in an attempt to occupy […]
Posts Categorized: Online shopping threats
It’s that time of the year! The moment when we look back, and reflect on Webroot’s Threat Blog most popular content for 2012. Which are this year’s most popular posts? What distinguished them from the rest of the analyses published on a daily basis, throughout the entire year? Let’s find out.
Just like in every other industry, participants in the cybercrime ecosystem are no strangers to the concept of standardization. Standardization results in efficiencies, which on the other hand results in economies of scale. In this case, malicious economies of scale. Just how easy is it to launch a phishing attack nowadays? What tools, and tactics are at the disposal of phishers aiming to efficiently socially engineer hundreds of thousands of users? In this post, I will profile the Ninja V0.4 Social Engineering Phishing Framework – an advanced platform for executing phishing attacks in a DIY (do-it-yourself) fashion.
By Armando Orozco You’ve heard of the “perfect storm”? Well, there may be one brewing in Android-land. We just wrapped up a study that revealed holiday shopping is about to go mobile—in a big way. Turns out, over two times more shoppers plan to buy gifts on their mobile device this year. Over two times more?! It got me thinking… We know that Android malware is on the rise. Even Android users themselves seem aware of it; our mobile study also found that 23 percent more Android users are concerned with the security of their information than iOS users. And […]
In the second of a two-part series with Threat Research Analyst Grayson Milbourne, we answer a question about how to stay safe when shopping online. In the previous video, Grayson discussed how to identify a phishing page. In this episode, he continues his discussion by explaining how to tell whether the site you’re trying to purchase something from is operating safely and whether the site is able to protect your personal information when you click the “buy” button. [vimeo 23488027] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or […]
In the latest Thre@t Reply video, Threat Research Analyst Grayson Milbourne answers a reader’s question about how to avoid being phished. The first step is to be able to identify whether you’re on the legitimate Web site you think you are, and if you’re not, what are the telltale signs that indicate you may be looking at a fake site designed solely to steal your user account and password information. [youtube=http://www.youtube.com/watch?v=KklPP891bZ8] To see the second half of the video, or any of our other video replies to reader questions, check out this post or visit the Webroot channels on YouTube […]
By Ian Moyse, EMEA Channel Director We seem to take phishing attacks for granted these days, in much the same way that we’ve accepted spam as a natural, and inevitable, by-product of email. Some experts believe that one of the best solutions to thwart phishing attacks is end-user training, but I doubt training alone can be a viable solution. Can we really train every computer user to be sufficiently security literate, such that anyone can distinguish a phishing message from a genuine bank email? I doubt that it is possible, especially given how specific the details in spear phishing (phishing […]
With 2010 finally behind us, and an unknown number of cyberattacks likely to come in the new year, I thought I’d run down a brief list of the malicious campaigns criminals pulled off last year that I’d really dread to see anyone repeat. Now that they’re in the past, they should stay there. Operation Aurora: Google’s accusation (with Adobe, Juniper Networks, Rackspace, Yahoo! and Symantec) that China hacked its servers, allegedly stealing private emails stored on the company’s servers. The big surprise wasn’t that it was happening, but that companies were publicly talking about it. Abused ccTLDs: 2010 saw lots […]
By Gerhard Eschelbeck As 2010 winds down, I wanted to pull out the crystal ball and talk for a moment about where the security industry seems to be heading in the coming year, and where we anticipate threats and targets. Mobile platforms: If you’re reading this, there’s a good chance you have either an iPhone, an Android phone, or a Blackberry in your pocket, case, or on your desk right now. If that’s true, then the data on that device is the next big target for criminals, and the newest front in the war on cybercrime. Users have embraced the […]
By Ian Moyse, EMEA Channel Director With Christmas fast approaching, (lest we forget the shops have kindly put all the Christmas goods out in September and early October again!) we can expect online attacks to increase as per their normal schedules, ramping up through the end of the year. With apologies to Sir Winston Churchill, never in the field of Internet conflict was so much harm done to so many by so few. For all the benefits the Internet provides our lives, no single technology has given so few criminals the ability to cheaply and easily target the many. We’ve […]