The financial malware arena became a mainstream issue a little over a decade ago with the rise of malware like the Zeus Trojan, which at the time was the first commercial banking Trojan available to the cybercrime world. We have come a long way since, and the past decade saw banking Trojans become increasingly sophisticated, specialized and exclusive, operat

The malware discussed in this blog saw input from X-Force researchers Andre Piva and Ofir Ozer. It was initially described in a blog post by X-Force’s Maor Wiesen and Limor Kessem. The IBM Trusteer cybercrime research labs specialize in the detection and counteraction of the crimeware and attacks operated by organized cybercrime gangs. In one of our re

The dictionary definition of trust, according to Merriam-Webster, is the “assured reliance on the … truth of someone or something.” In today’s digital world, trust can be a tricky concept. To do business online, whether you are a bank, retailer, insurer, airline or anything else, you must have some degree of trust in your user — trust

Advertising is the life blood of the internet. Some of the world’s biggest and most influential tech companies earn a large chunk of their revenue through harmless and safe advertisements, but some of the most successful cybercriminals also rely on advertising. When good ad networks are tricked into delivering malware, it’s known as malvertising.

Banking is set to significantly change as Payment System Directive 2 (PSD2) regulations are introduced across Europe. In fact, open banking regulations are being considered in a number of regions around the world. The directives will require financial institutions to adopt open banking by safely and securely allowing customers to view account information and

Catfishing, the practice of pretending to be someone else online, became a cultural phenomenon through MTV’s popular TV show “Catfish,” driving more attention to our obsession with our online personas. However, it’s not just social media that needs additional scrutiny. In the wake of several recent major data breaches of personally id

Financial online fraud and the fuel that feeds it has been growing steadily over the past decade, resulting in losses to banks, businesses and individuals, especially with cases of new account fraud (NAF). The challenge online service providers face nowadays is not only an increase in NAF, but also in NAF’s sophistication and the difficulty to detect

People are beginning to get used to the easy life enabled by smart homes and the Internet of Things (IoT), but they are at risk if they do not prioritize security. The IoT has increased quality of life for many; it has helped the differently abled and the elderly to continue living independently and laid the technological groundwork for another industrial re

Little Red Riding Hood is stressed out. A job in fraud protection is no picnic — far from it. As the digital banking fraud manager for Fairy Tale Bank, she’s constantly assessing her customers to make sure no fraudulent activity is occurring. After all, fraud is no myth — it’s as real as can be. If Red has her way, her customers will stay safe al

Even as the technology deployed by both cyberattackers and cybersecurity defenders grows more sophisticated and powerful, the central role of the human factor remains critical. The most effective way to break into a computer network is to trick a legitimate user into opening the door to let you in. The techniques used to achieve this trickery are known as so

What’s the connection between cybercrime and cryptocurrencies? Perhaps it would suffice to say that the reasons for criminals adopting the cryptocoin are quite obvious. But when did this all start, and what fuels it and gets fueled in return? This blog will go over some of the historical reasons that connect cybercrime and cryptocurrency as well as exa

News about POS malware breaches affecting two retailers hit the headlines last week, this time featuring a fast-food restaurant chain in the U.S. that operates around 3,500 locations across the country, most of which are franchised, and a popular supermarket. Both entities, like others before them, were notified of suspicious activity by a third-party servic

Indicators of compromise (IoCs) are artifacts such as file hashes, domain names or IP addresses that indicate intrusion attempts or other malicious behavior. These indicators consist of: Observables — measurable events or stateful properties; and Indicators — observables with context, such as time range. IoCs are crucial for sharing threat information and

Have you ever unknowingly opened and responded to a phishing email or fallen victim to a phishing attack? A recent report by Frost & Sullivan titled “You’ve Been Phished, Again! Solution: Eliminate the Click-It Temptation,” discussed just how susceptible we all are to these fraudulent attacks and what can be done to avoid them. How Do P

In January 2017, IBM X-Force research reported the development of a new remote-access malware code targeting Brazilian banks. The malware, dubbed Client Maximus, was observed in ongoing campaigns and continues to target online banking users in the country. The development of Client Maximus, which is believed to be commercially available in Brazilian fraud an