There are few names which has come while doing cybersecurity investigations in 2016. We thought you may not heard about it. Here are the glimpse.
Bayrob
3 Romanian men have been accused in US for operating fraud operation named as Bayrob that conned victims out of millions of dollars. Bogdan Nicolescu, Danet Tiberiu and Radu Miclaus were arrested by police in Romania earlier last year where they now face multiple charges relating to fraud, identity theft, money laundering, and trafficking.
Bayrob gang are career cybercriminals, earning a living from online fraud. They are specialized in scams and crafting convincing emails and create fake websites, voice messages, and even customer support chatrooms in order to dupe victims.
Avalanche:
The Avalanche malware-hosting network has been detected to takedown of infrastructure used by at least 17 malware families. The takedown operation, which was a combined effort by multiple international law enforcement agencies, public prosecutors, and security and IT organizations resulted in the seizure of 39 servers and several hundred thousand domains that were being used by the criminal organization behind the Avalanche network as reported by Symantec
Odinaff:
Since January 2016, malware called Trojan – Odinaff has targeted a number of financial organisations worldwide. These attacks appear to be extremely focused on organizations operating in the banking, securities, trading, and payroll sectors.
Odinaff is typically deployed in the first stage of an attack:
- To gain a foothold onto the network
- To provide a persistent presence
- To install additional tools onto the target network.
These additional tools have plagued the financial industry since at least 2013–Carbanak. This new wave of attacks has also used the same infrastructure that has previously been used in Carbanak campaigns.
Gatak:
Gatak is known for infecting its victims through websites promising product licensing keys for pirated software. The group behind the Gatak Trojan (Trojan.Gatak) continues to be the threat specifically to the healthcare sector. Initially the group focused on US but it has diversified over the past two years against organizations in wide range of countries.
Shamoon:
Shamoon (W32.Disttrack), the aggressive disk-wiping malware which was used in attacks against the Saudi energy sector in 2012, has made a surprise comeback and was used in a fresh wave of attacks against targets in Saudi Arabia.
The malware used in the recent attacks (W32.Disttrack.B) is largely same as used four years ago. In the 2012 attacks, infected computers had their master boot records wiped and replaced with an image of a burning US flag.