Gozi Goes to Bulgaria — Is Cybercrime Heading to Less Charted Territory?
In what appears to be a trend, another banking Trojan is ready to attack in Eastern Europe. This time it is the Gozi/ISFB Trojan, which just added 9 major banks in Bulgaria to its list of targets.
What’s New?
Bulgaria and Cybercrime
What’s New?
In
early-August 2015, IBM Security X-Force researchers analyzed a new Gozi Trojan
configuration file that is, according to our data, the first one dedicated to
exclusively targeting Bulgarian banks. Previous versions of this malware attack
in the US, UK, AU, as well as Saudi Arabia and the Persian Gulf, but this is a
first for Bulgaria.
Our
analysis reveals that Gozi’s developers have expanded the capabilities and
reach of the malware by updating its web injections to match the Bulgarian
banks they are targeting.
Bulgaria and Cybercrime
When it
comes to cybercrime, rather than being a popular target, Bulgaria is more
known for its locally-based perpetrators, making the headlines in cases of Internet
fraud, payment
card fraud, ATM
fraud and the like. In a fraud update report
released last year by the European ATM Security Team (EAST), Bulgaria was
named as home to a “significant Bulgarian organized crime network suspected of
a variety of crimes including large scale ATM skimming, electronic payment
fraud and forgery of documents.”
As a
victim of cybercrime, Bulgaria is not often on the attackers’ roster, and
losses the country incurs as a result of cyber-borne threats are not widely
documented. The most common issue banks suffer from in Bulgaria is accounts used
as money mules to withdraw and launder funds that come from other countries.
The most recent mention of banks in Bulgaria suffering cybercrime losses
appeared when the Carbanak heist was uncovered, alongside a long list of other
banks from all over the world.
Read more of this post here
Comments
Post a Comment