Lately, the media has had its hands full with reports of massive fraud being uncovered at various financial institutions. With the rapid proliferation of electronic channels for banking, fraudsters have turned their focus on compromising security controls and processes at banks through ingenious social engineering and technology tools. One thing that is clearly emerging is that fraud is no longer an individual crime, but a collaborative effort- where likeminded criminals form fraud rings or syndicates to perpetrate systematic heists.
This paper discusses some prominent cyber frauds that were recently reported in the media, the likely modus operandi and also possible countermeasures that banks and financial institutions could put in place to minimize the impact of such incidents in the future.
Many organizations realize the need to deal with large, complex situations like acting upon their customers' requirements, and competition in the business which results in adopting new IT infrastructure, complying with various information security standards, securing and managing customers' data.
Typically, these efforts involve planning and carrying out a number of parallel projects with their own requirements and expected results. The traditional project management may fall short to handle this situation as it requires greater skills and effort to address the current dynamism and changes in the current projects.
Consequently, many organizations are turning to a substantial body of experience with various skills to embark upon their requirements. This results in the organization looking out for an IT Risk Program/Project Management Office (PMO). IT Risk PMO defines the approach, strategies, mechanisms, and desirable results for managing large-scale efforts comprising parallel projects which facilitate to meet the business requirements and the organization's IT Risk & Compliance strategies.
This report provides an update on recent malware outbreaks happening since past few months and analysis done by Paladion Anti-Phishing & Security Intelligence Team.
Even as operating systems and software developers try to make their products more secure, the threat from Trojans, worms and other forms of malware is more real than ever. Malware such as FLAME is one of the most complex pieces of malicious software yet found. Another Malware "Mahdi‟ is capable of stealing information mainly targeted computer systems from Iran, Israel, Saudi Arabia and Afghanistan and from other parts of the globe such as United States, New Zealand and Greece.
Another modular computer virus "Shamoon‟ used for cyber espionage in the energy sector. Similarities have been highlighted between Shamoon and the flame malware.
Paladion Anti-phishing & Security intelligence team has broadcasted security news on Mahdi Malware on July 18, 2012 and a report was shared on Flame Malware on June 15, 2012. The team published an update on the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga named "Gauss‟ on August 10, 2012. Going forward, we‟ve kept an eye on the emerging Malwares across the globe and will continue to dig into this phenomenon.
Year 2011 was dramatic year for InfoSec industry with enterprises witnessing a sharp rise in targeted attacks and creating many attention-grabbing headlines regarding data breaches. Despite strong threat management practices deployed by enterprises in 2011, information security threats have continued to increase.
We proudly present to you "Threat Intelligence Report 2011" from Paladion Labs, a comprehensive report on current Info security threat landscape for the region. In a way, its' a continuation of Paladion Lab's award winning "Phishing Intelligence Report H1 2011" with additional perspective on threat and security management. This report is an effort to give readers a firsthand view of the threat landscape of the region as seen by Paladion's SOC.
Financially motivated attacks continue to grow unabated across the globe, targeting banks and other financial organizations. The first half of this year has witnessed a number of security breaches on high profile organizations arising from sophisticated attacks.
This report "Phishing Threat Intelligence" provides an insight to all phishing attacks that were detected and responded to by Paladion SOC from different perspectives – the current trends in launching attacks, user's response to phishing baits and what Banks can do to minimize phishing related frauds.
Over last few months, security industry witnessed a series of high profile breaches, whose severity and frequency was not seen earlier. However, incidents can be great teachers. We therefore decided to investigate them not just to find out what really happened, but to deduce practical and political lessons from them.
Palizine is an online monthly magazine focusing on subjects related to application security. Authored by Paladion security engineers, Palizine discusses on current topics on developing and using secure software by organizations.
The articles usually reflect on the author's work on advising customers develop safer software, hence adding a factual angle to each article and enabling the readers to have better insights on application security domain.
The key objective is to spread awareness and information on various aspects of application security including, mobile application security and code review, financial fraud analysis, web services security, etc.
"InsecureBank" the application for Vulnerable Andriod developed by Paladion, is made for security enthusiasts and developers to learn the android insecurities by testing this vulnerable application. Some key vulnerabilities that can be learnt using this application are -
Paladion's Mobile Security Team has developed an automation script which is helpful in quick static analysis of Android Vulnerabilities. The script is a batch file, which prompts the user to provide the path of the android application code to be analysed.