Sunday, June 12, 2016

Cybersecurity News for the Week of June 12, 2016



Individuals at Risk

Identity Theft

IRS Re-Enables ‘Get Transcript’ Feature: The Internal Revenue Service has re-enabled a service on its Web site that allows taxpayers to get a copy of their previous year’s tax transcript. The renewed effort to beef up taxpayer authentication methods at comes more than a year after the agency disabled the transcript service because tax refund fraudsters were using it to steal sensitive data on consumers. KrebsOnSecurity, June 10, 2016
@deray‘s twitter hack exposes security weaknesses in mobile phone infrastructure: This has been the week of Twitter hacks, from Mark Zuckerberg to a trove of millions of passwords dumped online to, most recently, Black Lives Matter activist DeRay McKesson. Wired, June 10, 2016
Retail carrier transfers user’s mobile account to identity thief with easily stolen identification: Lorrie Cranor wasn’t too worried when her phone died a few weeks ago. Dropped calls are as common as delayed trains and cracked screens. The next morning, it was still dead. Her husband’s was too. And that’s how the chief technologist of the Federal Trade Commission discovered that someone hijacked her mobile account. Wired, June 9, 2016

Cyber Update

Chrome Updates to Patch PDF reader with arbitrary code execution flaw : A Researcher at Cisco’s Talos limb have discovered an arbitrary code execution flaw in PDFium, the PDF reader installed by default in Google’s Chrome browser. The Register, June 9, 2016

Information Security Management in the Organization

Cyber Crime

University of Calgary paid $20K ransom to cyberattackers to unlock computer systems: The University of Calgary paid a demanded $20,000 after a “ransomware” cyberattack on its computer systems. CBC, June 9, 2016
Wendy’s Breach Numbers Much Worse Than Earlier: When news broke last month that the credit card breach at fast food chain Wendy’s impacted fewer than 300 out of the company’s 5,800 locations, the response from many readers was, “Where’s the Breach?” Today, Wendy’s said the number of stores impacted by the breach is “significantly higher” and that the intrusion may not yet be contained. KrebsOnSecurity, June 9, 2016
Ransomware and the New Economics of Cybercrime: It’s a good time to be a cybercriminal. There are more victims to target, there is more data to steal, and there is more money to be made from doing so than ever before. The Atlantic, June 7, 2016
Banks: Credit Card Breach at CiCi’s Pizza: CiCi’s Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach. The data available so far suggests that hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company’s point-of-sale provider, and that multiple other retailers have been targeted by this same cybercrime gang. KrebsOnSecurity, June 3, 2016

Cyber Warning

Ransomware Now Comes With Live Chat Support Assisting Victims Through payment Process: Victims of a new version of Jigsaw now have access to live chat operators to help them through the ransom payment process, Trend Micro says. DarkReading, June 10, 2016
Crysis ransomware fills vacuum left by TeslaCrypt: TeslaCrypt has reached the end of the road, and other ransomware is ready to fill the vacuum left behind it. A relative newcomer to the market, Crysis ransomware is already laying claim to parts of TeslaCrypt’s territory. HelpNetSecurity, June 10, 2016
Critical Vulnerability Found in TLS Encryption Key Mgmt in Virtual Cloud Environments: Bitdefender has discovered that encrypted communications can be decrypted in real-time using a technique that has virtually zero footprint and is invisible to anyone except extremely careful security auditors. HelpNetSEcurity, June 10, 2016
SaaS emerging as significant cyber threat as malware discoveries in cloud apps surge: Cloud security vendor Netskope released its latest report Thursday assessing Software-as-a-Service usage for the first quarter of 2016, revealing a surge in the amount of malware discovered lacing the cloud-based applications sanctioned by enterprise IT departments. CRN, June 9, 2016
IC3 report: Criminals use email scams to steal $263M from U.S. companies: A report published by the Internet Crime Complaint Center (IC3) stated U.S. companies lost $263 million as a result of cybercriminal groups’ email scams in 2015. SCMagazine, May 31, 2016

Cyber Defense

Ransomware: What to Do So You Don’t Become a Victim: Imagine turning on your computer and seeing a message “We have encrypted all your files. Pay us a ransom if you want them back,” This is ransomware, a costly form of cyber-extortion. In February, Hollywood Presbyterian Hospital paid a $17,000 ransom to get their files back after a ransomware attack. The problem has become so serious that the United States Computer Emergency Readiness Team [US-CERT] recently issued an alert, advising organizations to strengthen their information security management practices to manage the risk of ransomware. Citadel Information Group, June 8, 2016
Passwords for eCommerce, Banking, Health Care & Other Sensitive Websites All Need to Be Different: In the wake of megabreaches at some of the Internet’s most-recognized destinations, don’t be surprised if you receive password reset requests from numerous companies that didn’t experience a breach: Some big name companies — including Facebook and Netflix — are in the habit of combing through huge data leak troves for credentials that match those of their customers and then forcing a password reset for those users. KrebsOnSecurity, June 6, 2016

Cyber Security in Society

Cyber Attack

Were 32.8 Million Twitter Credentials Leaked? – ars technica: The jury is still out, but at this early stage, there’s good reason to doubt the legitimacy of claims that more than 32 million Twitter passwords are circulating online. ars technica, June 9, 2016
Were 32.8 Million Twitter Credentials Leaked? – BankInfoSecurity: More than 32.8 million Twitter credentials have been compromised and are being offered for sale on the dark web, claims LeakedSource, a subscription-based breach notification service. But some security experts question whether the credentials are current and authentic. BankInfoSecurity, June 9, 2016
NFL claims Twitter hack after tweets falsely report Roger Goodell is dead: NFL spokesmen say the league’s official Twitter account was hacked Tuesday morning when it tweeted out an erroneous statement that commissioner Roger Goodell had died. The tweet was soon deleted. USA Today, June 7, 2016

Cyber Underworld

The Chinese Hackers in the Back Office: BELLEVILLE, Wis. — Drive past the dairy farms, cornfields and horse pastures here and you will eventually arrive at Cate Machine & Welding, a small-town business run by Gene and Lori Cate and their sons. For 46 years, the Cates have welded many things — fertilizer tanks, jet-fighter parts, cheese molds, even a farmer’s broken glasses. The New York Times, June 11, 2016
How to Run a Russian Hacking Ring: A man with intense eyes crouches over a laptop in a darkened room, his face and hands hidden by a black ski mask and gloves. The scene is lit only by the computer screen’s eerie glow. The Atlantic, June 9, 2016
Cybercrime botnet found that delivers SEO results to clients by hacking legitimate web sites: Security researchers have discovered a long-running, multi-vector black hat search engine optimisation (SEO) campaign that shows that cyber criminals are organised and professional. ComputerWeekley, June 9, 2016
New cybercrime botnet Zbot supports ransomware, click fraud, spam bots, payment cards market: Researchers have watched a botnet composed mostly of compromised computers in the Ukraine and Russia become a growing hive of criminal fraud activity, playing a role in everything from ransomware and click fraud to spam bots and supporting stolen payment card marketplaces. BankInfoSecurity, June 9, 2016
Slicing Into a Point-of-Sale Botnet: Last week, KrebsOnSecurity broke the news of an ongoing credit card breach involving CiCi’s Pizza, a restaurant chain in the United States with more than 500 locations. What follows is an exclusive look at a point-of-sale botnet that appears to have enslaved dozens of hacked payment terminals inside of CiCi’s locations that are being relieved of customer credit card data in real time. KrebsOnSecurity, June 8, 2016
Cybercrime Ecosystem: Everything Is for Sale – IBM Security Intelligence: When discussing malware, we tend to focus on the technical aspect of how a specific Trojan operates on an infected system. The processes executed by a malware variant, ranging from how it latches onto an infected device to how it manipulates the user into providing it with credentials, are just a small subset of the cybercrime ecosystem. Roughly eight years ago, a single operator would be in charge of everything from coding the malware to distributing it, including setting up command-and-control (C&C) servers, identifying infection points, working with money mules and more. Today, the whole process, or at least each individual element, can be easily outsourced. SecurityIntellegence, June 15, 2015

Financial Cyber Security

Will SWIFT-Related Heists Trigger More Regulatory Oversight?: Now that both the FBI and the Federal Financial Institutions Examination Council have issued alerts calling attention to the risks associated with interbank messaging and wholesale payments, U.S. banks and credit unions should brace themselves for more regulatory scrutiny of bank-to-bank payments, financial fraud experts say. BankInfoSecurity, June 8, 2016

Cyber Miscellany

A Russian Cybersleuth Battles the ‘Dark Ages’ of the Internet: MOSCOW — A sense of menace stirs right off the elevator on the fifth floor of Kaspersky Lab’s Moscow headquarters, where a small television screen displays cyberthreats occurring in real time around the world — a blinking, spinning, color-coded globe brimming with suspicious emails, malware and evil botnets that could be infecting a computer near you. The New York Times, June 11, 2016
Steptoe Cyberlaw Podcast – Interview with Kevin Kelly: Our guest for episode 119 is Kevin Kelly, founding executive editor of Wired Magazine and author of The Inevitable: Understanding the 12 Technological Forces that will Shape our Future. Kevin and I share many views – from skepticism about the recording industry’s effort to control their digital files to a similar skepticism about EFF’s effort to control private data – but he is California sunny and I am East Coast dark about where emerging technology trends are taking us. The conversation ranges from Orwell and the Wayback Machine to the disconcerting fluidity and eternal noobie-ness of today’s technological experience. In closing Kevin sketches a quick but valuable glimpse of where technology could take us if it comes from Shenzhen rather than Mountain View, as it likely will. Steptoe Cyberblog, June 8, 2016
Steptoe Cyberlaw Podcast – Interview with Dmitri Alperovitch: Ransomware is the new black. In fact, it’s the new China. So says our guest for episode 116, Dmitri Alperovitch, the CTO and co-founder of CrowdStrike. Dmitri explains why ransomware is so attractive financially – and therefore likely to get much worse very fast. He and I also explore the implications and attribution of the big bank hacks in Vietnam and Bangladesh. Steptoe Cyberblog, May 17, 2016

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810's Security Recruiter Blog