Thursday, October 9, 2014

Russian Banker Attacks - The Russians Are Still At It

We reported on this previously:

We can tell you that these actors are utilizing IRC channels to coordinate these attacks and that they create random rooms with long strings in the name and change the name frequently.


Malware-wielding attackers have compromised 800,000 banking credentials, predominantly from the five largest U.S. financial services firms, a new study warns. But they may also be preparing to launch APT attacks against financial institutions.

The Russian-speaking attackers stole the credentials via "Qbot" malware that they installed on about 500,000 PCs, according to research published by cloud-based security firm Proofpoint.

To date, it's unclear how many of those stolen credentials have been used to commit fraud. But Proofpoint is warning consumers and financial institutions that 59 percent of the stolen credentials are tied to accounts at the five largest U.S. financial services firms: JPMorgan Chase, Bank of America, Citigroup, Wells Fargo and Bank of New York Mellon. About half of the infected PCs that comprise the botnet run Windows XP.



No comments:

Post a Comment