Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
0Activity
0 of .
Results for:
No results containing your search query
P. 1
An Abney Associates Fraud Awareness Program

An Abney Associates Fraud Awareness Program

Ratings: (0)|Views: 3 |Likes:
Cyber-Attacks Seen Defrauding Brazilian Payment System of Billions

Cyber- criminals have abused the Boleto Bancário online payment system to steal potentially billions of dollars, according to security firm RSA.

Cyber-Criminals have infected nearly 200,000 computers in Brazil and used their access to issue payment vouchers with an estimated value of $3.75 billion, according to an analysis of the attack published by security firm RSA on July 1.
Cyber-Attacks Seen Defrauding Brazilian Payment System of Billions

Cyber- criminals have abused the Boleto Bancário online payment system to steal potentially billions of dollars, according to security firm RSA.

Cyber-Criminals have infected nearly 200,000 computers in Brazil and used their access to issue payment vouchers with an estimated value of $3.75 billion, according to an analysis of the attack published by security firm RSA on July 1.

More info:

Categories:Types, Presentations
Published by: Abney and Associates on Jul 08, 2014
Copyright:Traditional Copyright: All rights reserved

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/08/2014

pdf

text

original

 
 
 An Abney Associates Fraud Awareness Program
Cyber-Attacks Seen Defrauding Brazilian Payment System of Billions
Cyber- criminals have abused the Boleto Bancário online payment system to steal potentially billions of dollars, according to security firm RSA.
Cyber-Criminals have infected nearly 200,000 computers in Brazil and used their access to issue payment vouchers with an estimated value of $3.75 billion, according to an analysis of the attack published by security firm RSA on July 1. Dubbed the "Bolware" gang, the criminals abuse the Brazilian payment system known as Boleto Bancário, which allows customers to promise to pay an online
 
merchant, print out a payment slip with a barcode and remit money at a bank. While previous attempts to defraud the payment system used fake boleto, the latest attack, which started in late 2012, infects Web browsers on compromised computers and modifies legitimate boleto to route payment to the criminal accounts. "The Boleto Malware (is) a newer and more sophisticated kind of fraud in Brazil that leverages MITB (man-in-the-browser) technology to attack online operations, and is based on transaction modification on the client side," RSA stated in its analysis. "Like any substantial cyber-criminal operation, the Bolware gang has continued to innovate, revising their purpose-built malware through 19 different versions. While the details of the fraud differ from payment fraud in other nations, the techniques
 —
such as using a man-in-the-browser attacks
 —
are similar to how criminals are attempting to steal money from financial institutions in the U.S. and Europe. Criminals adopted man-in-the-browser attacks to defeat additional countermeasures
 —
such as IP address and device identification
 —
deployed by financial institutions. "It is a class of problem where the arms race has migrated," Dan Kaminsky, co-founder and chief scientist of
 
White Ops, an anti-fraud technology firm. "Once upon time, it was good enough to steal a customer's username and password and log into the bank from wherever and do whatever you wanted, but they soon figured out that a California customer should not be logging in from Latvia." While banks in Brazil and other nations continue to fight against payment fraud, such attacks expose weaknesses and undermine trust in the financial ecosystem in most countries. Because customer-owned computers are generally thought to work on behalf of the user, banks typically argue that any fraud that originates from compromised customer systems are the responsibility of the victims. Such fraud rose more than 200 percent in the first nine months of 2013, according to Symantec. Small U.S. businesses, for example, have lost hundreds of thousands of dollars to such attacks and sued their banks for allowing funds to be transferred to foreign nations, even though it was the business's machine that was compromised. Courts have generally split on whether the business is responsible for the lost money, or if banks should catch anomalous transactions and perform extra security measures.  A similar scam, where the attacker changed the banking information to which publisher Conde Nast sent funds,

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->