Malware & Botnet
The Malware & Botnet initiative is dedicated to better understanding the technology and identifying individuals or groups who utilize malicious code to enable crimes. The NCFTA maintains a collection of data regarding malicious code incidents, the network architecture being utilized to execute the schemes, and the communication channels implemented in these architectures.
NCFTA technical teams analyze this data to, among other things, identify criminal hosting providers that allow malicious code to be distributed through their servers. The data is also correlated with other datasets in order to link malicious code incidents with other cyber crimes, such as brokerage fraud, economic espionage, phishing and other types of credential theft. In doing so, the NCFTA seeks to identify trends or patterns within the data repository that will help to better detect such threats in the future and to assist in mitigation and neutralization efforts together with NCFTA partners.
To further advance this initiative, NCFTA analysts participate in a number of operational security communities and working groups that focus on cyber threats associated with malicious code. In doing so, NCFTA staff members continually seek to strike a delicate balance between monitoring for investigations and aggressive mitigation when appropriate, to protect partners and other US economic interests.
NCFTA Cyber Alerts
FBI looks for
partnerships to counter Cyber threat
Mueller pointed to the National Cyber Forensics and Training Alliance as a model for private industry and law enforcement collaboration.
Press Release: Pennsylvania Governor Tom Corbett, FBI, Department of Homeland Security, and United Kingdom Officials to address government and industry collaboration on fighting cyber threats
FOR IMMEDIATE RELEASE Contact: Fleishman-Hillard Alex Kepnes, 703-575-8900 [email protected] PENNSYLVANIA GOVERNOR TOM CORBETT, FBI, DEPARTMENT OF HOMELAND SECURITY, AND UNITED KINGDOM OFFICIALS TO ADDRESS GOVERNMENT AND INDUSTRY COLLABORATION ON FIGHTING CYBER THREATS Forum to Focus on Steps Industry and Government Must Take to Address Cyber Threats at National, State and Local Levels [...]
Tax Refund Spam
Individuals should be vigilant of emails concerning tax refunds. Fraudsters consistently send spam appearing to be from the IRS and financial institutions containing a link to a phishing website and/or malware typically during tax season in the US. Fraudsters then attempt to either socially engineer potential victims and/or infect their computers in order to gain [...]
Email Compromise and Wire Fraud
The NCFTA, along with its law enforcement and industry partners, has observed that cyber criminals are gaining access to compromised email accounts and leveraging the relationship between the email account holder and their financial advisor to request unauthorized wire transfers. The criminals either use the existing email address or slightly change the email address by adding or supplementing a letter or number. The criminals then typically attempt to socially engineer the advisor through stories of hardship or loss in order to justify the wire transfer.
Once the criminals have verified the amount in the account, they request that funds be sent to bank accounts in the US, Australia, and Malaysia. Some of the funds sent to US and Australian accounts have ultimately been sent to Malaysian accounts. Some of the money mules were recruited by romance scams on dating websites. Banks, brokerage firms, and credit unions of all sizes have been affected by this scam.
Please see http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf for additional information on this scam and guidance on how to report such incidents to law enforcement.