Malware & Botnet
The Malware & Botnet initiative is dedicated to better understanding the technology and identifying individuals or groups who utilize malicious code to enable crimes. The NCFTA maintains a collection of data regarding malicious code incidents, the network architecture being utilized to execute the schemes, and the communication channels implemented in these architectures.
NCFTA technical teams analyze this data to, among other things, identify criminal hosting providers that allow malicious code to be distributed through their servers. The data is also correlated with other datasets in order to link malicious code incidents with other cyber crimes, such as brokerage fraud, economic espionage, phishing and other types of credential theft. In doing so, the NCFTA seeks to identify trends or patterns within the data repository that will help to better detect such threats in the future and to assist in mitigation and neutralization efforts together with NCFTA partners.
To further advance this initiative, NCFTA analysts participate in a number of operational security communities and working groups that focus on cyber threats associated with malicious code. In doing so, NCFTA staff members continually seek to strike a delicate balance between monitoring for investigations and aggressive mitigation when appropriate, to protect partners and other US economic interests.
NCFTA Cyber Alerts
Email Compromise and Wire Fraud
The NCFTA, along with its law enforcement and industry partners, has observed that cyber criminals are gaining access to compromised email accounts and leveraging the relationship between the email account holder and their financial advisor to request unauthorized wire transfers. The criminals either use the existing email address or slightly change the email address by adding or supplementing a letter or number. The criminals then typically attempt to socially engineer the advisor through stories of hardship or loss in order to justify the wire transfer.
Once the criminals have verified the amount in the account, they request that funds be sent to bank accounts in the US, Australia, and Malaysia. Some of the funds sent to US and Australian accounts have ultimately been sent to Malaysian accounts. Some of the money mules were recruited by romance scams on dating websites. Banks, brokerage firms, and credit unions of all sizes have been affected by this scam.
Please see http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf for additional information on this scam and guidance on how to report such incidents to law enforcement.