Article – MitM attackers posing as banks, other major groups, tough to detect

Posted on March 27, 2014

From SC Magazine:

Hackers are compromising online banking and social media users in a man-in-the-middle (MitM) attack campaign that involves posing as major organizations – and they are doing it without setting off alerts, according to researchers with PhishLabs.

More than 70 recognizable financial organizations around the globe have been targeted so far in the campaign, according to PhishLabs research, which adds that attackers posed as more than 25 other major websites for the purposes of gathering credentials, including social media and email.

The attack begins as many do – with spam.

The PhishLabs researchers observed spam emails containing RTF files – named ‘Authorization Form,’ or something similar, to lure the user into opening it – that are actually backdoor Remote Administration Tools (RAT) that surreptitiously execute upon being clicked.

Upon execution, the malware reconfigures the DNS settings on the infected PC so that it uses the DNS server controlled by the hacker, Don Jackson, director of threat intelligence with PhishLabs, wrote in a Wednesday post.

Recent News

A PhishLabs report by security writer Brian Krebs was featured in a CNET article warning web users about HTTPS security fraud on the Internet.

Founder and CTO of PhishLabs John LaCour spoke with FBI Special Agent Davey Ware at the RSA Conference in San Francisco to talk about how vishing attacks work to defraud victims of their money and

Half of all phishing sites now have padlocks, but are anything but secure

Originally published in BLEEPINGCOMPUTER

Excerpt:

Charleston-based cybersecurity company is named a top employer in South Carolina.