fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Emulated Mobile Devices Used To Steal Millions From US, EU Banks

Emulated Mobile Devices Used To Steal Millions From US, EU Banks

Threat actors behind an ongoing worldwide mobile banking fraud campaign were able to steal millions from multiple US and EU banks, needing just a few days for each attack.

To do that, the attackers used huge emulator farms that helped them access thousands of hacked accounts (compromised after phishing or malware attacks) using spoofed mobile devices.

While emulators are not malicious tools, the group behind this campaign used them for malicious purposes emulating compromised devices or setting up what looked like new devices picked up by the compromised accounts’ owners.

For setting up the emulated devices, the attackers used a dedicated tool capable of feeding device specs from a database of previously compromised devices, matching each of the spoofed devices with the account holder’s banking credentials.

The mobile emulator farm was even able to spoof a compromised device’s GPS location using virtual private network (VPN) services to hide the malicious activity from the bank.

Also Read: 10 Practical Benefits of Managed IT Services

Emulator stats
Data slices from emulator used to spoof over 8,000 devices (IBM Trusteer)

“The scale of this operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices,” IBM Trusteer researchers Shachar Gritzman and Limor Kessem revealed in a report published earlier today.

“The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case. After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack.”

The cybercrime gang — a group with access to mobile malware developers and highly skilled in fraud and money laundering akin to the TrickBot and Evil Corp gangs — was able to pull off multiple attacks undetected via mobile account takeover using:

  • Access to account holders’ usernames and passwords
  • Access to device identifiers and data likely gathered via compromised mobile devices.
  • Some ability to obtain SMS message contents.
  • A customized automation environment tailored to targeted applications and the logical flow of events to approve transactions.
  • A set of virtual mobile emulators, dozens in each case, to amplify the ability to spoof a larger number of devices and cycle through new ones rapidly and at scale.
  • Customized network interception scripts that communicated with the targeted application’s API. These interceptions both submitted transactions and also monitored communications to ensure that the fraud was not being detected.

During the attacks, the group monitored activity on the compromised banking accounts in real-time to make sure that their fraud attempts were not detected.

If anything went wrong and their attack was in danger of being exposed, they could act in real-time to warnings sent to their command-and-control servers, either modifying their tactics or abruptly shutting down the operation and immediately wiping out any traces.

After the campaign was detected by IBM Trusteer researchers, the cybercrime group didn’t stop the attacks but instead updated its tactics which is “indicative of an ongoing operation that is perfecting the process of mobile banking fraud.”

Also Read: What is Pentest Report? Here’s A Walk-through

“This mobile fraud operation managed to automate the process of accessing accounts, initiating a transaction, receiving and stealing a second factor (SMS in this case) and in many cases using those codes to complete illicit transactions,” the IBM Trusteer report says.

“The data sources, scripts and customized applications the gang created flowed in one automated process which provided speed that allowed them to rob millions of dollars from each victimized bank within a matter of days.”

To defend against future attacks using the same tactics, you should avoid rooting or jailbreaking their devices, keep them updated at all times, only install apps from official app stores and legitimate developers.

Additionally, you should never give course to questions or information received via unsolicited text messages and always check bank statements for suspicious activity.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us