TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

The Ins and Outs of Digital Fraud

2021-11-18 · Read original ↗

ATT&CK techniques detected

9 predictions
T1566.002Spearphishing Link
96%
“’ s phrase “ something of value. ” for the most part, phishing that does not deliver malware is used to harvest credentials, and while credentials aren ’ t exactly objects of currency, they are increasingly the only prerequisite for a host of digital financial activity, including…”
T1657Financial Theft
89%
“as logistical support for other criminal activities, such as money laundering or providing a landing place for funds from a dating fraud, as detailed earlier. figure 1 shows a cybercriminal advertisement for bank fraud services for stolen banking information. figure 1. screenshot…”
T1657Financial Theft
75%
“discussion is around the use of stolen payment card information to make purchases. this kind of fraud is often listed under bank fraud, but since the retailer is responsible for vetting the buyer ’ s identity, they are the target of the lie, so we think it is better conceptualize…”
T1556.006Multi-Factor Authentication
66%
“- store. html ), as shown in figure 3. figure 3. screenshot of a dark web advertisement for compromised payment cards. - hospitality fraud : observers of dark web activities have noted two sorts of fraud that involve hospitality, travel, or customer loyalty programs. one entails …”
T1056.001Keylogging
62%
“your target ; if there is no contact, there can ’ t really be a lie. this means that most credential theft, whether it takes the form of keylogger malware or exfiltrating hashed passwords, can ’ t be fraud, even though it is a precursor to fraud and part of the antifraud umbra. t…”
T1657Financial Theft
40%
“importantly, this kind of attack doesn ’ t require any fraud ( again, unless the malware was delivered by phishing ) because it doesn ’ t involve any contact between attacker and victim. - money laundering : money laundering is a big part of the attacker ecosystem, since it is ke…”
T1657Financial Theft
31%
“of young women ), that can be used as bait. - wire fraud : this type straddles the line between defrauding the customer and defrauding the bank, but it is incumbent on the banking customer to confirm the wire instructions with the appropriate account and routing numbers ; the ban…”
T1111Multi-Factor Authentication Interception
31%
“##o on subsidiary accounts, including banking apps, it is also important in that it can allow attackers to circumvent multifactor authentication that is routed to the phone. some sim swaps are done with the knowledge of local staff at a mobile carrier ’ s store, but many are the …”
T1556.006Multi-Factor Authentication
31%
“##o on subsidiary accounts, including banking apps, it is also important in that it can allow attackers to circumvent multifactor authentication that is routed to the phone. some sim swaps are done with the knowledge of local staff at a mobile carrier ’ s store, but many are the …”

Summary

Retail fraud, identity theft, account takeovers, stolen payment cards—it feels like digital fraud is everywhere. Understand it better to fight it more effectively.