The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale.
Family Business Robbed On-Line
Patco Construction a family owned company was impacted by a cyber crime that may have involved the RBN. The construction firm is suing after a $588,000 online theft. If crimes like this initiate first via social networking sites such as Facebook or twitter, extensions of the family business could also be impacted. How? Some individuals are not careful with their choice of passwords:
- Don’t use family names in passwords
- Don’t use your facebook or twitter password for your online finances
Flow Analytics can help against the RBN
We see attacks coming in frequently and the Known Internet Threats algorithm from Flow Analytics is constantly watching for RBN attacks by analyzing Cisco NetFlow from selected devices. See the alarm below which appears to be a brute force attack:
Search for the RBN Host
I then searched on the host 126.96.36.199 to see if anyone from our network communicated back to this host:
Above the host was only found as the source (i.e. sending traffic in) and no host had responded: Thank goodness!
More on RBN
The RBN seems to source from the Autonomous Systems in this diagram provided by Wikipedia.com.
Internet Threats Algorithm
The Known Internet Threats algorithm allows all of our customers to download a list of known compromised hosts several times per day from plixer. Flows from selected routers are then compared to the list to ensure no traffic is seen to or from these compromised machines.
In the next blog I’ll outline how you can block a host using an ACL on our router.