The Hindu Business Line : EMC security unit unearths phishing kit

How it Works
Using the kit, the fraudster creates a fake URL via a simple and user-friendly online interface.
This URL communicates with the legitimate Web site of the targeted organisation in real-time.
The victim receives a "standard" phishing e-mail, and on clicking the link is directed to the fraudulent URL.

Advertisement

Coimbatore Jan. 21 The 24x7 Anti Fraud Command Centre (AFCC) at RSA, the security division of EMC, has uncovered a phishing kit sold and used online by fraudsters.

Known as a Universal Man-in-the-Middle phishing kit, it facilitates new and sophisticated attacks against global organisations.

RSA's analysts researched and analysed a demo of the kit that was being offered for a free trial on one of the online fraudster forums that the AFCC monitors regularly.

Using the kit, the fraudster creates a fraudulent URL via a simple and user-friendly online interface. This URL communicates with the legitimate Web site of the targeted organisation in real-time - whether it is the online banking site of a financial institution, the order tunnel of an e-commerce company, or any other such business transacting with its users online. The victim receives a "standard" phishing e-mail, and on clicking the link is directed to the fraudulent URL.

The victim then interacts with genuine content from the legitimate Web site - which has been "imported" by the attack into the phishing URL - thus allowing the fraudster seamless, invisible and immediate access to the victim's personal information.

Online security

"As institutions put additional online security measures in place, fraudsters start looking for new ways of duping innocent victims and stealing their information and assets. While these types of attacks are still considered `next generation,' we expect them to become more widespread over the next 12-18 months," said Mr Marc Gaffan, Director (Marketing), Consumer Solutions, RSA.

He said the company was working with a large number of organisations to ensure that they were positioned to withstand whatever threats fraudsters might create.

"Some of these organisations have already deployed various layers of protection, while others are in the process of strengthening their security," he added.

The analysts have identified two primary benefits that fraudsters using this kit would reap.

First, since it is a `universal' phishing kit, fraudsters do not have to purchase or prepare a custom phishing kit for each target. Once they acquire and operate this kit, the attack can be configured to "import" pages from any target Web site.

Second, unlike standard phishing attacks, (which only collect specific requested data), this attack intercepts any type of credentials submitted to the site.

According to RSA sources, the centre would be able to identify, analyse and mitigate this specific type of attack via the RSA eFraudNetworkSM community - the company's cross-institution anti-fraud network - by leveraging sophisticated analytics in the RSA Risk Engine.

"This is done to protect customers that use RSA adaptive authentication or RSA transaction monitoring."