AFP compiles the most alarming—and informative—payments fraud news relevant to corporates in AFP Fraudwatch. This column is part of AFP’s Payments Fraud Resource Center and is intended to keep you aware of the latest threats to your organization.
Treasury Secretary Calls for Information Sharing Legislation
U.S. Treasury Secretary Jacob Lew is calling on the financial services sector to improve its efforts to better protect consumer data and strengthen defenses against cyberattacks, thefts and disruptions. He also called for legislation that advances public-private sector information sharing.
In a speech last week, Secretary Lew urged financial institutions and firms to use the cybersecurity framework
commissioned by President Obama via executive order and crafted by the National Institute of Standards and Technology (NIST) to evaluate outside vendors.
“The consequences of cyber incidents are serious,” Lew said. “When credit card data is stolen, it disturbs lives and damages consumer confidence. When trade secrets are robbed, it undercuts America’s businesses and undermines U.S. competitiveness. And successful attacks on our financial system would compromise market confidence, jeopardize the integrity of data, and pose a threat to financial stability.”
Lew noted that cybercriminals do not have to target a bank to damage the U.S. financial system. “Risks to the system can be found at the vendors, suppliers, and contractors that keep our financial system running,” he said. “They can be found within industries that underpin the markets—like telecommunications and energy. And they can be found across the physical infrastructure that supports the U.S. economy, like our transportation system and water supply.”
Lew referenced the Target breach, which occurred because cybercriminals infiltrated the network of one of its vendors
. The same thing could easily happen to major financial institutions. “It is essential that all critical third parties have protections for both physical infrastructure and cybersecurity,” he said.
The Treasury Department was closely involved in the development of the NIST framework. But while Treasury considers the framework to be an important milestone, Lew is adamant that more work needs to be done to combat today’s cyberthreats and is advocating for action from Congress.
“As it stands, our laws do not do enough to foster information sharing and defend the public from digital threats,” Lew said. “We need legislation with clear rules to encourage collaboration and provide important liability protection. It must be safe for companies to collaborate responsibly, without providing immunity for reckless, negligent or harmful behavior.”
Lew also called out private companies for keeping too many cyber incidents to themselves. “Disclosing security breaches is often perceived as something that could harm a firm’s reputation,” he said. “This has made many businesses reluctant to reveal information about cyber incidents. But this reluctance has to be put aside. There cannot be a code of either silence or secrecy about the steps necessary to protect our basic security. Sharing information is far too essential.”Goodwill Possibly Incurs a Breach
Federal authorities are looking into a possible debit and credit card breach at various Goodwill locations across the United States. The non-profit organization and thrift store operator said it is currently working with the U.S. Secret Service to investigate.
Financial institutions reported that multiple Goodwill stores
have been identified as points of compromise for an unknown number debit and credit cards, Brian Krebs of Krebs on Security wrote. Goodwill said in an emailed statement that it was contacted last Friday by a payment card industry fraud investigative unit and federal authorities about the possible theft of payment card numbers.
Krebs noted that while it is still unclear how many locations may have been affected, sources believe it may span 21 states, including Arkansas, California, Colorado, Florida, Georgia, Iowa, Illinois, Louisiana, Maryland, Minnesota, Mississippi, Missouri, New Jersey, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, Washington and Wisconsin. The length of the breach is unknown, but some sources believe it may have begun in mid-2013.EC3, European Authorities Take Down Romanian Cybercriminals
Romanian and French police, in conjunction with the European Cybercrime Centre (EC3), have successfully dismantled a cybercrime network comprised primarily of Romanian citizens believed to have stolen more than €2 million.
The network is suspected of hacking into international non-cash payments systems, completing illegal transactions and money transfers, money laundering and drug trafficking. The criminals were reportedly using RAT (remote access tool) malware with keylogger functionality, which allowed them to take over computers used by money transfer services in Austria, Belgium, Germany, Norway and the UK. Losses incurred by the network’s activities are estimated to be at least €2 million. The criminals are said to have invested their spoils in different types of property.
Romanian and French police raided 177 addresses last week. Fully 115 people were questioned, and 65 were detained. Authorities seized large sums of money, luxury vehicles and IT equipment during the raids.
“As a direct result of the excellent cooperation and outstanding work by police officers and prosecutors from Romania, France and other European countries, a key criminal network has been successfully taken down this week,” said Troels Oerting, head of EC3.Hackers Bypass Online Banking Site Security By Graham Buck
This article originally appeared on gtnews.
Computer hackers are employing a ‘Trojan horse’ virus to target users of online banking sites, according to researchers at Trend Micro. They have dubbed the latest attack ‘Emmental’ as, like the Swiss cheese, they believe online banking protections are “full of holes.”
The researchers uncovered what they say is a sophisticated, multi-stage attack able to bypass two-factor authentication systems at banks in Switzerland, Austria, Japan and Sweden. Hackers have been sending fake emails to online bank users that show the letterheads of popular online retailers and have attachments. Opening the attachments downloads a highly sophisticated malware known as Retefe, which directs users to a fake site managed by criminals when they try to access a legitimate bank site.
The fake sites ask clients to enter their account details, password and personal identification number (PIN). Trend Micro said that six banking websites in Austria, seven in Sweden, 16 in Switzerland and five in Japan have been subjected to the scam.
The criminals also encourage victims to download a mobile application, available in Google’s Android store. The app poses as a measure to improve security. However, once downloaded, it allows criminals to gain full access to their victims’ bank accounts. It is even able to intercept the second password that legitimate banks send their customers so that they can log into their bank accounts remotely.
The attackers send that password to their own command and control server. Then, combined with the victim’s stolen online banking credentials, the hackers pilfer their victims’ accounts.
Trend Micro said that it had tracked the hacking to Romania but the culprits are “most likely Russian speakers” who use “shady Russian cybercriminal underground market services”. The criminals are believed to have been active since 2011.
Trend Micro said that it had notified banks “so they could take appropriate measures to protect their clients”. It recommends that they use more advanced defenses against malware and phishing, the sending of emails to illegally obtain confidential information.