Friday, 20 September 2013

FBI warns of bank-robbing Beta Bot malware that disables antivirus

Security padlock image
The FBI's Internet Crime Complaint Centre (IC3) has warned businesses to be wary of new malware called Beta Bot capable of disabling antivirus programs.
The IC3 issued the warning in a public blog post, confirming that it has seen the malware used to target a variety of organisations.
"The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as login credentials and financial information. Beta Bot blocks computer users' access to security websites and disables antivirus programs, leaving computers vulnerable to compromise," read the warning.
The intelligence report added that the malware usually looks to trick users into downloading it by masquerading as a legitimate Microsoft Windows message, asking the user to allow the "Windows Command Processor" to modify the user's computer settings.
The FBI's IC3 said it has also seen incidents of the malware spreading via USB sticks and Skype, and that it can steal a variety of data from the infected machine. "If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites," read the post.
On the upisde, the FBI security centre said there are steps victims of the Beta Bot malware can take. "Remediation strategies for Beta Bot infection include running a full system scan with up-to-date antivirus software on the infected computer," read the report.
"If Beta Bot blocks access to security sites, download the latest antivirus updates or a whole new antivirus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently reformat the USB drive to remove any traces of the malware."
Since the IC3 report went live, many security firms have questioned whether the malware is new. Russian security firm Kaspersky reported that Beta Bot was actually discovered at the start of the year and is often thought of as a low-level threat, leaving it unclear why the agency is making such a fuss about it.
"While the FBI refers to Beta Bot as new, the malware surfaced at the beginning of the year as an HTTP bot and later expanded its capabilities that spring," said Kaspersky's blog post.
"Beta Bot was never thought to have been as sophisticated as Trojans designed specifically for bank fraud, so it's unclear if the FBI's warning coincides with a new rash of Beta Bot infections or a new set of technical capabilities for the malware."
Banking-focused malware is an ever-present problem facing the security industry, with criminals creating increasingly sophisticated attacks. Earlier this month Trend Micro researchers detected evolved versions of the notorious Citadel banking Trojan targeting Japanese computer users.

Met Police cyber unit arrest gang behind £1.3m hit on Barclays computer system

The Metropolitan Police's Central e-Crime Unit (PCeU) has arrested eight men for suspected involvement in a £1.3m cyber raid on a branch of Barclays bank.
The Met said the eight men between the age of 24 and 47 were arrested on 19 and 20 September. The men are confirmed to have come from addresses in Westminster, Newham, Camden, Brent and Essex.
The men are believed to have been involved in other criminal activities, and the police confirmed seizing cash, jewellery, drugs, thousands of credit cards and personal data from the addresses.
The attack targeted the Swiss Cottage branch of Barclays in April 2013. The criminals infiltrated the branch pretending to be IT engineers. While in the branch the fake engineer attached a keyboard, video and mouse (KVM) switch to a computer connected to the branch's network. The attackers then used the connection to remotely access the network and transfer money to predetermined bank accounts under the control of the criminal group.
Barclays reported a loss of £1.3m to the police, but the bank's managing director of fraud prevention, Alex Grant, moved to downplay the significance of the theft, confirming that the bank was able to recover most of the stolen money. "Barclays has no higher priority than the protection and security of our customers against the actions of would-be fraudsters," he said.

"We have been working closely with the Metropolitan Police following a security breach at our Swiss Cottage branch in April 2013. We identified the fraud and acted swiftly to recover funds on the same day. We can confirm that no customers suffered financial loss as a result of this action."
PCeU detective inspector Mark Raymond listed the arrests as a key victory in the department's ongoing war on cybercrime. "These arrests were achieved working in partnership with the Virtual Task Force (VTF), a unique information-sharing cyber collaboration between the PCeU and the UK banking sector," he said.
"Those responsible for this offence are significant players within a sophisticated and determined Organised Criminal Network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems."
Barclays is one of many banks to be targeted by cyber criminals. The Metropolitan Police charged four men and arrested another eight between the ages of 23 and 50 for conspiring to hack a Santander bank branch in London last week. The men reportedly planned to use the same KVM strategy as the Barclays group to hack the Santander Surrey Quays branch.
Combating cybercrime has been a central goal of UK law enforcement this year. PCeU head Charlie McMurdie said, while arrests such as this are a positive, the department cannot win the war on its own, arguing that businesses must work more closely with the police to help fight off growing numbers of cyber attacks targeting their systems and data during a speech at Infosec.