Highlighted in the report was the growing move away from credit card hacking and towards other forms of monetary fraud; in particular mobile phone fraud.
iTWire asked AVG's CTO Yuval Itzhak for his thoughts on the matter. Itzhak first pointed to the fact that with banks applying more and more protection to credit card transactions, there... AVG's latest Threat Report (33 page PDF) was released today and with it's 'warts and all' view of the world, offers limited hope for improvement any time soon.
Highlighted in the report was the growing move away from credit card hacking and towards other forms of monetary fraud; in particular mobile phone fraud.
iTWire asked AVG's CTO Yuval Itzhak for his thoughts on the matter. Itzhak first pointed to the fact that with banks applying more and more protection to credit card transactions, there are increasing challenges for the cyber crooks to make adequate use of these cards. In fact he indicated that AVG's research showed that there was an increasing supply of fraudulently obtained card details and a decreasing demand for them. Essentially the bottom is falling out of that market.
As the report points out, "Credit card data is still a target for cyber criminals and is sold on the black market for less than $5. However, this is almost "old fashioned" since people and companies are becoming more aware of the problem. Although awareness is increasing, it took quite a long time to educate people."
Itzhak points out that, "young people will not have a credit card, but they hold a payment device – that's a mobile. In different territories where a credit card is not that popular, but mobile is, of course; hackers managed to increase their target market and even simplify the money collection from these people."
There are many issues to consider here.
There are a large number of attack avenues to consider here.
Firstly, there are plenty of fraudulent applications which can easily be installed on modern smartphones. These include a variety of hacked games and (supposed) systems tools that are able to stealthily send an SMS to a premium service that costs the phone owner a lot of money, much of which is delivered to the cyber-crook's bank account.
Next AVG is seeing scams, particularly on Facebook, that invite users to fill in a bunch of questionnaires in the hope of winning prizes or other rewards. At the end of the process, the user is asked for a mobile number in order to confirm themselves. What they don't see is that the entry of this number is taken as authorisation to deduct regular payments from the mobile phone account.
And of course by the time the user notices the 'strange' entries on their account, the money has long departed for the crook's account.
The problem here of course is that a mobile phone service provider is not experienced in being a bank and they have very few of the mechanisms in place to detect fraudulent activity and in fact it is in their interest to NOT detect such activity as they generally keep a significant proportion of all transactions for their own coffers.
The AVG report also deals with a variety of other current threats, including all manner of Facebook derived intrusion, spam and android-based malware. There is also an extensive analysis of the Blackhole attack toolkit – the most prevalent such kit currently in circulation; AVG has detected over 34 million affected PCs on the Internet.
There is a lot more in the report.
Read more: http://www.itwire.com/business-it-news/security/50372-avgs-q3-threat-report-cyber-criminals-are-a-moving-target
Read more http://baypaynewsfraud.blogspot.com/2011/10/avgs-latest-threat-report-33-page-pdf.html