Cybercrime-as-a-Service & two-factor authentication

With source code for the ZeuS crimeware and Carberp publicly available for virtually anyone to download, cybercriminals have started to release more crimeware, using these prominent releases to quickly capitalize on the source code that’s been hugely contributing to the profitability of the cybercrime ecosystem. The business model is fairly simple: Exploits such as “pushing” a pre-defined set of “web injects” for some of the largest and most well-known financial institutions in the world, or web injects for virtually any SSL/two-factor authentication-enabled website can be requested and produced on demand, usually for a fixed price. Hundreds of thousands of dollars can be stolen from a bank account in a matter of minutes by creating multiple small transactions.

Takeaway: Two-factor authentication is indeed an additional layer of security for your E-banking account. However, everything changes on a crimeware-infected host, and sadly, it changes in favor of the cybercriminal that compromised it.