Through its cyber threat intelligence platform Blueliv detected and analyzed 5 million stolen credentials and credit cards, 200,000 targeted malware samples, and 500,000 crime servers between April and June 2015.
THEFT OF CREDIT AND DEBIT CARD INFORMATION
In the second quarter of 2015, the US has continued to be the most targeted country for theft of credit and debit card information, with 70% of the cases. As some of you may already know, an important reason is the lack of integrated chips in the US cards. Since there is no hardware protection in the US cards, it’s easier for criminals to steal credit cards information while the customer is purchasing. If one business is infected, it’s easy for information to be stolen from all cards used to make purchases there.
Moreover, as we predicted some time ago, and due to the industrialization of cyber crime, POS targeted malware is proliferating. New malware types such as Newposthings, Fighterpos, Pwnpos, Nitlovepos and others have showed up lately. They usually apply regular expressions to processes that manage credit cards in order to detect them and to identify their patterns. Furthermore, they mostly use HTTP requests. However, in the last weeks a new POS malware called Benhard has appeared which extracts data through DNS. This is a technique that has been used before in other fields, but not in credit card thefts via POS.
Mexico, Canada and Australia are the countries that follow US in card information theft.
THEFT OF CREDENTIALS
Credential thefts, which include all types of sensitive information, keeps growing.
This quarter Germany and Poland have been the countries that have suffered the highest amounts of credential thefts, with the 22% and 19%, respectively.
As for the industries, technology and telcos has, once again, been the one which has had more credential thefts, 53% of the total. Media, Social Networks & Advertising is the second most affected industry, with the 28% of this type of thefts. Retail continues in the third position, with 8% of the total cases.
ORIGIN OF INFECTIONS AND ATTACKS
The amount of analyzed botnets and their geographical distribution has remained very similar to the last quarter. While the US has been hit by 39% of the botnets, 31% of the worldwide botnets were geolocated in the European Union.
However, with regards to the geolocation of crime servers, the highest amount of them has been found in China, 44%. This is not a surprise, as China was also in the first position between January and March with an even bigger predominance, as 53% of the crime servers were located there. The US holds again the second position, the percentage of crime servers found in this country rose from 17% to 25%.
As far as malware types are concerned, the most common malware type found and analyzed this quarter has been the Trojan Banker Dyre*, with 40% of the malware samples. With 15% of the total, Pony holds the second position, and is followed by Gozi (10%), Zeus (6%) and Dridex* (6%).
Regarding malware in POS, of which we have already spoken when analyzing credit card thefts, Dexter has, once again, been the most active malware targeting POS, with 26% of the samples, followed by Alina and Poseidon, with 9% and 7% respectively.
This increase in the amount of malware found in the wild, is due to the industrialization of cybercrime. For instance, the access to builders and services allows users without the required technical skills to deploy their own malware. In order to fight this, in Blueliv we think that companies and sectors need to better share information about threats, in order to make it harder for cyber criminals to succeed. With that aim we are releasing information about infected servers that are spreading malware and infecting end users through our free API. Why don’t you try it here?blueliv.com/community.
*Find out more about Dyre and Dridex in our report: Chasing the cybercrime: network insights of Dyre and Dridex Trojan bankers.