Security Alerts & News
by Tymoteusz A. Góral

History
#1582 Operations of a Brazilian payment card fraud group
Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyber crime rankings, and multiple sources claim that financially motivated threat activity in the country has increased within the past few years.

In this blog we provide insight into the tactics, techniques and procedures (TTPs) of a Brazilian cyber crime group that specializes in payment card fraud operations. The threat actors, observed by FireEye Labs, use a variety of different methods to either compromise or acquire already compromised payment card credentials, including sharing or purchasing dumps online, hacking vulnerable merchant websites and compromising payment card processing devices. Once in their possession, the actors use these compromised payment card credentials to generate further card information. The main methods used by the observed group to launder and monetize illicit funds include online purchases of various goods and services as well as ATM withdrawals.

Based on extensive observation of this group's activity, we are able to characterize their operations lifecycle starting with the initial operational setup; followed by the methods used to compromise credentials or, conversely, purchase already compromised credentials; then the process of generating new cards for subsequent abuse, which includes validation and cloning; and finally the subsequent monetization strategies.
Read more
#1588 Android devices that contain Foxconn firmware may have a secret backdoor
#1587 Evernote confirms a serious bug caused data loss for some Mac users
#1586 Almost 6,000 online shops hit by hackers
#1585 Cisco patches critical bug in video conferencing server hardware
#1584 Beware of the student loan forgiveness scam spam
#1583 Google plugs 21 security holes in Chrome
#1582 Operations of a Brazilian payment card fraud group
#1581 Amazon resets customer passwords, while LeakedSource discloses massive update
#1580 IoT devices as proxies for cybercrime
#1579 A SSHowDowN in security: IoT devices enslaved through 12 year old flaw
#1578 Feds strike another multi-national “tech support” scam
#1577 Fighting the person should be cybersecurity best practice: Nuix
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12