[tahanteada]

Taas tõsine Botnet liikvel, nimeks Nemanja
“Nemanja” Botnet Identified by IntelCrawler – Over a Thousand Point-of-Sales, Grocery Management and Accounting Systems Are Compromised All Over the World

IntelCrawler, a cyber-threat intelligence company based in Los Angeles, has been investigating various electronic crimes related to the Point-of-Sale (POS) niche for quite a long time, collaborating with threat intelligence and fraud detection teams of major financial institutions worldwide. Criminal gangs worldwide are illegally accessing retailers and small business infrastructures, having significant impact on all parties involved in credit card acceptance.

Around March 2014, IntelCrawler identified one of the biggest botnets, called “Nemanja,” based on compromised POS terminals, accounting systems and grocery management platforms. The assigned name is related to potential roots of bad actors with similar nicknames from Serbia. It included more than 1478 infected hosts from Argentina, Australia, Austria, Bangladesh, Belgium, Brazil, Canada, Chile, China, Czech Republic, Denmark, Estonia, France, Germany, Hong Kong, India, Indonesia, Israel, Italy, Japan, Mexico, Netherlands, New Zealand, Poland, Portugal, Russian Federation, South Africa, Spain, Switzerland, Taiwan, Turkey, UK, USA, Uruguay, Venezuela and Zambia.

The analyzed botnet has affected various small businesses and grocery stores in different parts of the world, making the problem of retailers’ insecurity more visible after past breaches. Past incidents showed high attention from modern cybercriminality to retailers and small business segments having Point-of-Sale terminals. We predict an increasing number of new data breaches in both sectors in the next few years, as well as the appearance of new types of specific malicious code targeted at retailers’ backoffice systems and cash registers. The nature of POS-related crimes can be different from country to country, but it shows the insecurity of modern payment environments. The bad actors combine several attack vectors in order to infect operators’ stations – “drive-by-download” and remote administration channels hacking.

Card associations should expect a trend of POS infections in developing countries in the near future, because of high significant lag in information security of retailers. Current statistics also point at not falling interest to countries with high social grades and developed payment industries, such as AUS, EU, US, CA and UK. IntelCrawler predicts that very soon modern POS malware will become a part of RAT/Trojans and other harmful software acting as a module, which may be used along with keylogger and network sniffing malware.

Edasi juba lingil:
http://intelcrawler.com/news-18