Clever Phishies

New Phishing Attacks Eliminate Need for Target Web Site

New phishing attacks are including data collection forms in fake e-mails, eliminating the need for a spoof web site by tricking the victim into e-mailing their financial details directly to the phishers. [via Netcraft]

The Enemy Within

Internal Security Attacks Affecting Banks

Internal security breaches at the world's banks are growing faster than external attacks, as institutions invest in technology, instead of employee training. According to the 2005 Global Security Survey, published by Deloitte Touche Tohmatsu, 35 per cent of respondents said that they had encountered attacks from inside their organisation within the last 12 months, up from 14 per cent in 2004. In contrast, only 26 per cent confirmed external attacks, compared to 23 per cent in 2004. [via The Register]

Hide Data Under the Mattress

Criminal IT: No Cure-all for Information Security

It's no longer 'In God We Trust' but in data....[via silicon.com ]

How Do You Exploit 40 Million People?

Will MasterCard breach breed new wave of phishing?

Email users are being warned to be on the lookout for new social engineering techniques attempting to exploit the widely-publicised theft of up to 40 million credit card account details from a transaction processing firm. [via silicon.com ]

Netcrime Report June 23rd 2005

In this week's Netcrime report, from an Integralis security briefing at London's Great Eastern Hotel in London, we talk with Nigel Rix of Integralis, Tom Gillis of IronPort, Mark Sparshott of Postini,Nigel Hawthorn of Blue Coat and explore several of the key issues that they are seeing in the information security space today.

Qui Custodiet Custodes

Security Products 'Riddled' with Bugs

The number of flaws in computer security products is rising sharply and threatens to become more of a problem than vulnerabilities in the products they are designed to protect, a study by Yankee Group out Monday warns [via The Register]

A new study suggests that the biggest security threat may be holes in all of these security programs you have. It appears that malicious hackers are beginning to realize this, and are having more fun attacking the security offerings than the easy targets like your operating system and browser. Perhaps that's how these companies stay in business after they wipe out (ha, ha) whatever malware they're supposed to be wiping out: they focus on offering software to fix their own vulnerabilities. Hey, if it works for Microsoft... [via Techdirt]

Hide and Seek

Hunting for Botnet Command and Controls

Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style.

New Customers Only

Wave of Phishing Attacks Hit Regional Banks, Credit Unions

Fraudsters are aggressively attacking smaller financial institutions, casting a wider and deeper net as they expand their target list beyond huge banks and online retailers. [via Netcraft]

Only 68,000 High Risk Though

Up to 40m Credit Cards 'Hacked'

A computer hacker may have broken into more than 40 million credit card accounts, US company officials say.

MasterCard International said the breach was traced to a company in Atlanta which processes transactions for banks and merchants. [via BBC News ]

Infrastructure Under Attack

The Register reports that hackers are targeting British workers with a series of specially crafted Trojan horse attacks. The attacks are delivered either through email attachments or through links to maliciously-constructed websites, the UK's National Infrastructure Security Co-ordination Centre (NISCC) warned on Thursday.

Approximately 300 UK government departments and businesses critical to the country's infrastructure have been the subject of Trojan horse attacks, many reportedly originating in the Far East. "The attackers' aim appears to be covert gathering or transmitting of commercially or economically valuable information," NISCC warns.

A Phish in Time

Bank Mergers Provide Opportunity for Phishing

Fraudsters are using bank mergers as an opportunity to craft customized phishing scams timed to transitions between the banks' online systems, hoping that customer awareness of mergers lead to more bites on the "bait" email.
[via Netcraft]

Public Sector Workers Face Crackdown on Internet Porn

A huge increase in viewing computer pornography by workers in town halls, police stations and hospitals is due to a “culture of complacency”, the public spending watchdog says today. - Times Online:

Attack Trends 2004 - 2005

Companies Warned They May be Targets of Trojan Spies

UK businesses should take urgent steps to check their systems are secure, police have warned after discovering one of the world's largest industrial espionage and hacking operations. [via ComputerWeekly.com: ]

Attack Trends: 2004 and 2005

In 2004, 41 percent of the attacks were unauthorized activity of some kind, 21 percent were scanning, 26 percent were unauthorized access, 9 percent were DoS (denial of service), and 3 percent were misuse of applications. [via Schneier on Security]

Gap Week

I'm off to Amman in the coming week to do some consultancy work with the Government of Jordan so the NetCrime Report may seem a little quiet until the last week in June.

Not Theft but Loss

Online Security, Offline Problems

On a more serious note, despite the sound and fury around hacking, and phishing and what not, most identity theft happens because of offline problems. Back in February, Bank of America lost computer tapes containing data for some 1.2 million U.S. government employees. A few months ago, Time Warner lost confidential information on most of its employees. ChoicePoint and LexisNexis have also suffered problems. [via Om Malik's Broadband Blog]

Where There's Hope

How To Harpoon A Cyber Shark

New technology could thwart 'phish' e-mails that seek consumers' private data [via BusinessWeek Online -- Magazine]

Raining Malware

Hackers Plot Massive Botnet - Computer Associates has warned of a co-ordinated malware attack (CMA) described as among the most sophisticated yet unleashed on the net. The attack involves three different Trojans – Glieder, Fantibag and Mitglieder – in a co-ordinated assault designed to establish a huge botnet under the control of hackers. CA reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC. [via The Register]

Netcrime Report 2nd June 2005

A roundup of this week's NetCrime news and an exclusive interview with Detective Chief Superintendent Ken Farrow, Head of the City of London Police Fraud Squad, on the consequences and benefits of new Fraud Act now passing through the UK Parliament.