Symantec, the world’s leading cyber security company, revealed that its intelligence on nearly 1.6 million phishing sites helped the FBI and other international law enforcement agencies identify and arrest 74 alleged cybercriminals for Business Email Compromise (BEC) schemes designed to intercept and hijack wire transfers from businesses and individuals. Operation Wire Wire was conducted over a six-month period using intelligence from Symantec’s Project Dolphin, which spots phishing sites using a one-of-a-kind technique to compare new webpages to known legitimate sites. The coordinated effort culminated with 74 arrests in the United States and overseas, seizure of nearly $2.4 million, and the disruption and recovery of approximately $14 million in fraudulent wire transfers.
“The Symantec Security Response team responsible for developing Project Dolphin and assisting the FBI in this operation has an unparalleled track record when it comes to detecting fraudulent activity. Operation Wire Wire and Bayrob are prime examples of the collaboration we’ve fostered with law enforcement to stop cyber criminals in their tracks,” said Mike Fey, president and chief operating officer at Symantec. “With the power of Symantec’s Global Threat Intelligence Network, I have no doubt our success record will continue to grow.”
BEC and phishing attacks work by luring victims to the phishing site via email and presenting a believable page that mimics another site. The victim, thinking they are on the real site, enters their credentials which are then sent to the “phisherman.” Through its research, Symantec discovered that targets are heavily weighted toward “credential phishing” instead of traditional “financial phishing” – a shift from the general assumption within the security and law enforcement industries.
Developed by researchers in Symantec’s Global Intelligence Network, Project Dolphin uses a combination of Web, endpoint, and email intelligence; cloud infrastructure; image processing, analysis, and comparison; and a machine learning system, to help identify phishing sites. It works by visually comparing a screenshot of a possible phishing site with a saved collection of such sites.
“We identify tens of thousands of malicious websites each day and are able to help protect our customers against attacks and vulnerabilities that may result from visiting those sites,” said Chris Larsen, Architect, WebPulse Threat Research Lab at Symantec. “We’ve found that phishermen now commonly target login credentials for email and various cloud services to steal sensitive data. That means phishing is no longer just a problem affecting individual users or employees – it’s an organization-level threat.”
Critical data, applications and infrastructure at enterprise organizations are shifting from behind the firewall to running on the cloud. Symantec’s Shadow Data Report found that the average enterprise has 1,516 cloud apps in use, and across all industries, 3 percent of broadly shared files contain sensitive information like social security numbers, health records or credit card credentials. Criminals are catching on to this trend, with Symantec’s Internet Security Threat Report disclosing that 71 percent of all targeted attacks last year started with spear phishing.
Source : Symantec