Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

08:41 PM
Dark Reading
Dark Reading
Products and Releases

ThreatMetrix Launches ThreatMetrix Labs

First report explores the different ways fraudsters can deploy MitB Trojans on Mac OS X

San Jose, CA – February 28, 2012 - ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, announced today the launch of ThreatMetrix™ Labs , which generates in-depth reports on the latest capabilities of malware that targets financial institutions, merchants and online businesses.

To generate each report, a team of independent researchers analyze, examine and reverse-engineer the most sophisticated malicious software running on computer systems worldwide. The information gained from the report enables enterprises, financial institutions, credit unions, payment providers, government agencies and security professionals to stay abreast of current and emerging online security threats.

“ThreatMetrix Labs is introduced as an independent research arm during a time when the latest versions of malware are continually changing to become more targeted and complex,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Today’s cybercriminals are evolving much faster, as we see from our research that they adopt very quickly to countermeasures being put in place. The growing pain of man-in-the-browser (MitB) attacks is definitely high on the list of threats, as these Trojans are very sophisticated and successful. It’s essential for organizations to stay up-to-date.”

MitB Trojans on Apple Mac OS X

ThreatMetrix Labs released its first report, “Man-in-the-Browser: Apple Mac OS X Edition,” which explores the different ways fraudsters can deploy MitB Trojans on Mac OS X and provides important intelligence and forensics to understand the threat of MitB attacks for other platforms beyond Windows.

“We found that the technical approach to doing MitB Trojans on Macs is actually very similar to doing MitB Trojans on Windows,” said Baumhof. “While the majority of MitB Trojans are targeting the Windows platform, Apple’s increased user base and market share makes an attractive target for fraudsters.”

Malware Trends in 2012

Malware continues to grow in terms of infection rate and new targets. Last year, there were 25 million new, unique strains of malware released and that number is projected to grow to 87 million by the end of 2015, according to the Aite Group.

As malware continues to become more prevalent, especially with dangerous MitB Trojans, ThreatMetrix has identified other trends and predictions for 2012:

· More Drive-by-Downloads. Cybercriminals that conduct drive-by-downloads compromise well-known websites, which then distribute Trojans automatically. For instance, the Carberp Trojan was distributed in 2010 on a recognized news website in the Netherlands, which pushed infection rates into the hundred-thousands.

· More MitB Trojans targeting social networking sites. A Trojan called Ramnit was recently successful in compromising 45,000 Facebook accounts, notably in the U.K. and France.

· More MitB page injections. More fraudsters will employ MitB techniques to add malicious content (such as JavaScript) to a legitimate website, regardless of what type of Trojan is used.

· Mobile is the new target. The growth in mobile banking and mobile commerce will make mobile devices a big target for fraudsters.

For more information, in-depth ThreatMetrix™ Labs reports are available on request to organizations looking to gain a lead on the capabilities, enhancements and improvements being implemented into malicious software. To request an official report, please register at http://info.threatmetrix.com/ThreatMetrix-Labs-Subscribe.html. For a public copy of the report, visit http://threatmetrix.com/resource-center/threatmetrix-labs-reports/.

About ThreatMetrix

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against fraud, malware, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The Platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. The company serves a rapidly growing global customer base across a variety of industries, including financial services, e-commerce, payments, social networks, government, and healthcare.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...