• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Modern Day Dillinger Gangs

Modern Day Dillinger Gangs

  • Posted on:October 27, 2014
  • Posted in:Security, Uncategorized
  • Posted by:Tom Kellermann
0

h

John Dillinger became infamous in the depression era for robbing two dozen banks. He and his gang were effective due to three tactics: they cased the institution and understood their security posture and programs; they utilized superior firepower; and they drove faster vehicles so they could escape across state lines. The modern Dillinger gangs reside in the former soviet bloc. These cyber crews have pilfered billions from global financial institutions. It is paramount that we learn from their advanced tactics. In 2014, there are key shifts in organized cyber attacks against financial institutions.  The elite “safe cracker” now embraces four vectors of infiltration:

Web Application Attacks: Zero days for web applications are being widely utilized against financial institutions.  A significant European financial institution suffered one on July 24, as did a handful of U.S. institutions.   

Watering Hole Attacks:  In a watering hole attack, threat actors compromise a specific webpage within a financial institution’s website by inserting an exploit resulting in malware infection; 25 percent of these are located in the USA.  This is due to a lack of website security and testing for the OWASP Top 10 Vulnerabilities.

Credential Attacks: As evidenced by Operation Emmental (discovered by Trend Micro), hackers develop custom malware that bypasses two-factor authentication and deletes its footprint from the registry to avoid detection.

Island Hopping and Secondary Infections: The targeted attacks against the “virtual supply chain” of financial institutions abound. In addition to this new dynamic of counterparty risk, there is widespread utilization of previously installed backdoors within trusted systems to leverage a secondary infection. Backdoors—applications that open computers to remote access—play a crucial role in targeted attacks.Often initially used in the second (point of entry) or third (command-and-control [C&C]) stage of the targeted attack process, backdoors enable threat actors to gain command and control of their target network.   Breach detection systems are crucial in thwarting this form of attack.

The financial crisis of 2008 and 2009 disenfranchised thousands of banking and financial professionals. A small percentage of these have lent their financial acumen and strategic knowledge to the underground shadow economy.  There is evidence that cybercriminals are now combining cyber attacks with financial fraud schemes.  These secondary schemes of monetization represent a harbinger of a crime wave not yet seen in modern history.  Note: These scenarios were detailed and foreshadowed in the May 2005 World Bank Report, “Capital Markets and E-fraud.” For an illustration of these schemes, see: http://elibrary.worldbank.org/doi/book/10.1596/1813-9450-3586

Due to the increased organization and sophistication of cyber criminal crews, cooperation with law enforcement has become and imperative.  Trend Micro has been collaborating with both domestic and international law enforcement for the past 25 years.  Our partnership with Interpol and the recent assistance we provided to Europol on Gameover Zeus are illustrative of that.  One unique case wherein our cooperation was deemed essential was that of Spyeye.   Trend Micro researchers uncovered a cybercriminal operation involving SpyEye that began as early as January 2011. The said operation was orchestrated by “Soldier” (the cybercriminal’s handle), who was based in Russia. Trend Micro researchers had been monitoring Soldier and his activities since March 2011. Based on the investigation, this attack mainly targeted U.S. users, and some of those affected were large enterprises and institutions such as the U.S. government and military. In fact, 97 percent of the affected corporations are based in the U.S. The FBI was successful in prosecuting “Gribodemon” Aleksandr Panin of Tver, Russia as he vacationed in the Dominican Republic in January of 2014.

Only through global cooperation can we begin to defend our enterprises from cyber-attacks.  The modern-day Dillinger gangs can now longer retain the mantle of “Untouchable.”

Additional resources:

The DTCC recently released a brief report about the state of cyber threats and systemic risk, and a whitepaper also was published, highlighting some recommendations for addressing future cyber threats. You can download the whitepaper here.

As Cyber Security Awareness Month comes to a close, Jon Clay, Trend Micro Senior Manager of Threat Research Communications, will moderate a live session on Tuesday, Oct. 28, at 1:00 p.m. EST with a special agent who will share special insights on fighting cybercrime. Click here to sign up for the webinar.

During the month of October, we’re supporting the National Cyber Security Alliance in celebration of Cyber Security Month – an effort that aims to educate organizations and individuals about how to stay safe online. Check out the helpful videos, infographics, blog posts and reports we’ve gathered for you here. 

Related posts:

  1. Safety and Soundness Must Evolve: Trend Micro Addresses Much Needed Regulations for Targeted Financial Industry
  2. What modern cyber attacks actually look like
  3. Server Security for the Modern IT Ecosystem
  4. CMaaS: the government fightback against modern cyber threats intensifies

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.