Posted on February 9, 2018 by DFM Team2
 
UK-based cyber threat intelligence firm SiO4 offers perspective on Infraud, the large, highly organized online credit card fraud ring believed to have stolen more than $530 million since 2010. The US Department of Justice has just announced it’s just shut Infraud down, has indicted 36, and arrested 13 defendants from the US, Australia, the United Kingdom, France, Italy, Kosovo and Serbia. Infraud was a top global buyer’s and seller’s market for fraudsters whose motto was “In Fraud We Trust.”

In response – Andrew Speakmaster, CTO and Founder, SiO4
“This is a classic example of how the underground economy works and continues to sell stolen data in these Dark Web marketplaces. While some threat actors are prosecuted, most continue to reap huge profits where exfiltrated data is sold and traded. It is imperative for organizations to implement a true threat intelligence strategy that will enable them to gain insight into the deep Dark Web and leverage preemptive intelligence to eliminate or mitigate risk. Much of the intelligence today is reactive rather than proactive and is merely information, not intelligence.”



The article can be found here:


SiO4 NEWS

TOP STORIES

February 9, 2018 - Andrew Speakmaster CTO and Founder published in Digital Forensics Magazine commenting on organised cyber crime, the underground economy and the importance of true cyber threat intelligence

February 9, 2018 - Andrew Speakmaster CTO and Founder featured in Information Security Buzz News commenting on organised cyber crime, the underground economy and the importance of true cyber threat intelligence

By Security Experts February 9, 2018
 
DoJ Shuts Down Infraud Payment Card Fraud Ring – $530m+ Stolen Since 2010; “In Fraud We Trust

The US Department of Justice has just shut down the Infraud Organization, a large and highly organized online credit card fraud ring believed responsible for more than $530 million in losses since 2010. Infraud has been a leading source for buying and selling stolen payment card data.  Thirty-six are now arrested, according to The US Justice Department in this press release. IT security experts commented below.

Frederik Mennes, Senior Manager, Market & Security Strategy at VASCO Data Security:

“The security of e-commerce and online payments is a joint responsibility of merchants, payment service providers, banks, consumers, and payment technology vendors, and relies on a combination of preventive, detective and responsive security measures. It is great to see the success of reactive security measures, such as the capturing of criminal gangs, but our payment infrastructure should rely more on security technologies that prevent fraud in the first place. Therefore the payment industry should move away from traditional credit cards, which are subject to card-not-present (CNP) fraud, and adopt technologies such as tokenization for credit cards and multi-factor authentication of consumers.”

Ryan Wilk, Vice President, Delivery – NuData Customer Success at NuData Security:

“Cybercrime is as well organized, well-resourced, and technologically advanced as many other industries. Infraud Organization proves how easy it is for fraudsters to access personal information– and how much of it is available out there.


“Infraud and similar organizations affect every company, not just those in the retail sector, because they show how easily data from any source can be broadly distributed for profit. This data is used for account takeover and other successful tactics such as whale phishing. Although the organization has been dismantled, it still raises an important point for companies: how can they make sure they are providing services to the legitimate customers when bad actors make it so easy to buy personal information.

“The success of an organization whose motto is “In Fraud We Trust” is a clear sign that companies need to rethink authentication and incorporate continuous validation techniques based on data that can’t be mimicked, such as passive behavioral biometrics.” 

Andrew Speakmaster, CTO and Founder at SiO4

“This is a classic example of how the underground economy works and continues to sell stolen data in these Dark Web marketplaces. While some threat actors are prosecuted, most continue to reap huge profits where exfiltrated data is sold and traded. It is imperative for organizations to implement a true threat intelligence strategy that will enable them to gain insight into the deep Dark Web and leverage preemptive intelligence to eliminate or mitigate risk. Much of the intelligence today is reactive rather than proactive and is merely information, not intelligence.”




December 13, 2017 - Andrew Speakmaster CTO and Founder published in SC Magazine commenting on cyber espionage

Researchers Untangle Patchwork cyberespionage attacks
by Robert Abel, Content Coordinator/Reporter
 
Patchwork cyberespionage attacks use diverse methods to gather information

Trend Micro researchers trailed the activities of the Patchwork cybergang over the course of its campaigns in 2017 and though the group may not be as innovative as other cybergangs, the its repertoire of infection vectors and payloads makes them a credible threat.

The group has spoofed a news site to deliver malware-ridden documents, sent spearphishing emails containing malicious links to weaponized documents, and misused email and newsletter distribution services to send spammed messages, according to a Dec. 11 report.

The group has also employed drive-by download tactics by spoofing a social video platform popular in China to trick users into downloading and executing a fake Adobe Flash Player update, which is actually a variant of the xRAT Trojan.

Researchers said the diversity of the groups attack methods are notable as they range from social engineering hooks, attack chains, and backdoors while also looking to exploit recently reported vulnerabilities.  

Patchwork also managed to weaponize several documents including Rich Text Format (RTF) files that trigger an exploit for CVE-2012-1856, PowerPoint Open XML Slide Show (PPSX) files exploiting Sandworm (CVE-2014-4114), PowerPoint (PPT) files exploiting CVE-2017-0199, PPSX files that exploit CVE-2017-8570. and RTF files exploiting CVE-2015-1641.

The groups used these methods to target multiple sectors high-profile personalities, business-to-consumer (B2C) online retailers, telecommunications firms, media companies, aerospace researchers, as well as financial institutions in China and South Asia and even the U.K., Turkey, and Israel.


Although the group's motivations aren't entirely known, researchers said the group's activities appear to be cyberespionage related judging by malware they use which seeks mission-critical and confidential data as opposed to information that can be monetized.

Andrew Speakmaster, chief technology officer and founding partner of SiO4 said the group is evolving to deliver specific data to cyber criminals in the underground economy.

“They are part of an evolving cyberespionage group that is marketing and monetizing the data they have available,” Speakmaster said. “We are seeing more and more types of “turnkey” tools and almost “data on demand” from these groups.”

Chris Morales, chief security architect, Vectra Networks added that the groups motivations or even who is attacking ultimately don't matter in the long run.

He added that most organizations rely on threat feeds from government agencies like the FBI, which create noise for organizations not able to understand the specific actors who might target them.

“The motivation of the attacker is always financial or competitive gain, or theft of intellectual property,” Morales said. “The who is a constantly changing landscape and very hard to track for most every organizations, which makes tracking organizations in a meaningful way almost impossible for any organizations not employing a team of researchers focused on attribution.”

Morales added that it is more important to focus on those tools and techniques and identify the attacker behaviors as they occur in real time inside your own network.


October 18, 2017 - InfoArmor Delivers Operatively-Sources Advanced Intelligence Feature Sets To SiO4 For Their New Mid-Market Offering of
SAFE HOUSE™ – Total Threat Intelligence


LONDON, England – October 18, 2017 – InfoArmor, Inc., an industry-leading provider of employee identity protection solutions and elite cyber intelligence services, today announced a partnership with SiO4, an innovative ICT company with specialist services focused on cyber threat intelligence.

SiO4 will be announcing their new mid-market cyber-security suite SAFE HOUSE™ – Total Threat Intelligence on October 19, 2017 at the Imperial War Museum in London, U.K.


SAFE HOUSE is an innovative and complete security package that is comprised of a unique set of feature rich modular cyber-security services with a focus on delivering actionable and targeted threat intelligence.

It provides the ‘who, what, why, when and how’ to defend against present and future cyber-threats. Using the service will give businesses a pre-emptive warning of an imminent breach, meaning they can react before threat actors strike.

SiO4 will also brand the SAFE HOUSE solution with “Powered by InfoArmor.”

“Our new SAFE HOUSE – Total Threat Intelligence offering leverages the operatively-sourced human intelligence of InfoArmor with our cyber-security services to deliver an industry-agnostic turnkey solution to the U.K. mid-market,” said Andrew Speakmaster, CTO and Founding Partner of SiO4.
“We chose InfoArmor for their proven capabilities to deliver high-quality data from their elite team of Dark Web operatives and researchers. There is a huge vacuum globally in the mid-market for threat intelligence and we identified the market potential to fill this void in the U.K.”

SiO4 leverages InfoArmor’s Advanced Threat Intelligence in SAFE HOUSE to deliver a high-value cyber-security solution.
“We are pleased to partner with SiO4 and be part of the launch of SAFE HOUSE,” said Mike Kirschner, Sr. Vice President of Sales of InfoArmor Advanced Threat Intelligence Unit. “SiO4 and their SAFE HOUSE solution will allow U.K.-based mid-market companies to mitigate risk and help defend them against global cyber threats. In addition, SiO4 will deliver analysis to customers in assessing their current state of infrastructure in compliancy to ISO 27001 and EU GDPR.”