The evolution of cyber criminal operations
There is a concerning evolutionary step cyber criminal operations are taking to more effectively diversify the distribution of their ill-gotten gains, according to Fortinet.
“In December 2010 we saw a wide variety of money mule recruitment campaigns that−for the first time−targeted specific countries in an orchestrated manner,” said Derek Manky, project manager, cyber security and threat research at Fortinet.
The campaigns, which were seeded in a number of Asian and European countries, solicited local individuals who already have or had established relationships in the banking industry or were looking for work as “online sales administrators.
To make these “localized” campaigns even more effective, they incorporated regional-sounding domain names, such as cv-eur.com, asia-sitezen.com and australia-resume.com.
Upon closer scrutiny, Fortinet discovered all three domains were registered to the same Russian contact, and all contact addresses for worldwide recruitment used Google mail hosting.
By using localized campaigns, criminals can obtain mule accounts internationally – each one falling under different banks and governing laws. Thus, if one is taken offline (due to increased enforcement activity), the others will remain online and business will be as usual.
Cleverly engineered spam mail with malicious attachments/intentions can be much more damaging than non-effective spam by the masses.
Fortinet’s December Threat Landscape report is available here.