TweakTown NewsRefine News by Category:
The office supply store Staples and Michaels craft stores were both hit by data breaches in 2014, joining a growing list of companies hit by point of sale malware attacks. It would appear both retailers were hit by identical criminal infrastructure, with the malware targeting debit and credit card data captured on POS machines at checkout. The malware that hit Staples was connecting to the same control networks as the malware that hit Michaels - and it wouldn't be surprising if the same cybercriminal group was behind the incident.
"We are continuing to investigate a data security incident involving an intrusion into some of our retail point of sale and computer systems," said Mark Cautela, Staples spokesman, in a statement to KrebsOnSecurity. "We believe we have eradicated the malware used in the intrusion and have taken steps to further enhance the security of our network."
The volume of data breaches in 2013-2014 indicate these attacks are likely being orchestrated by state-sponsored hackers, and trying to prevent these incidents has proven difficult.
Similar to the United States and UK, German government agencies and companies are facing a mounting number of cyberattacks from foreign countries. Not surprisingly, it would appear a large number of the attacks are from suspected state-sponsored groups in China and Russia - and are extremely difficult to defend against. The German government is investing more resources into boosting cybersecurity to prevent successful breaches against its agencies and private companies.
There are an estimated 3,000 daily attacks targeting German government agencies, with five of those attacks blamed on foreign intelligence services. As a significant global power, there is a risk of cyberespionage from foreign governments trying to steal secrets to elevate their own political and military efforts.
"We have seen that there are ever more frequent attacks by foreign intelligence agencies on the German government IT infrastructure," said Hans Georg Maassen, the German domestic intelligence (BfV) chief. Former NSA contractor Edward Snowden revealed that the NSA snooped on German Chancellor Angela Merkel's phone, along with spying on other German government officials.
The US energy grid is a popular target for cybercriminals, most of them likely state-sponsored hackers, with 79 reported hacking incidents investigated by the Department of Homeland Security's Computer Emergency Readiness Team. Although it's a drop from the 145 investigated incidents from 2013, there is a significant issue of US critical infrastructure being targeted by skilled cybercriminals.
There have been at least 50 customized pieces of malware designed to target energy companies, and their security efforts haven't been able to hold up. The Russian BlackEnergy malware was found on software assigned to control US electrical turbines - and while there were no attempts to disrupt the machinery - is a clear indicator that cybersecurity efforts need to be boosted immediately.
"Our grid is definitely vulnerable," said David Kennedy, TrustedSec CEO. "The energy industry is pretty far behind most other industries when it comes to security best practices and maintaining systems."
A couple of days after temporarily shutting down its external email service, the US State Department has restored access after a suspected organized cyberattack from Russian hackers. State Department IT security staff detected "activity of concern" several weeks ago, and a response plan was developed to ensure no classified data was impacted. Full access to the service still hasn't gone live yet, while security experts verify new security protocols are complete.
"I can report that our external email services from our main unclassified system are now operating normally," said Jeff Rathke, State Department spokesman. "And for those who feel they are, you know, tethered to their BlackBerrys, they are once again - because the BlackBerry service is working."
US federal agencies have been under attack, as there have been breaches against the US Postal Service, White House and the National Oceanic and Atmospheric Administration (NOAA) in recent weeks. It would appear all of the attacks can be tied back to Russian state-sponsored hackers, which would not surprise security experts.
Seventeen people have been arrested as part of an identity theft ring aimed at defrauding the Internal Revenue System (IRS), trying to cash in on $2 million in fraudulent tax refunds. Federal prosecutors said identity thieves were able to use university student financial records to obtain the tax refunds, and the ringleader is accused of directing at least 92 tax refunds to a single account.
"The disturbing fact is that (many) of these individuals are current or former students who allowed their accounts to be compromised," said United States Attorney Wilfredo Ferrer.
While identity theft - and tax fraud - remain significant problems nationwide, it is especially problematic in Florida. Cybercriminals are targeting everything from medical records and tax refunds to debit and credit card accounts, and have been found stealing physical mail from residents' homes. There were 190 complaints filed for every 100,000 individuals, according to the Department of Justice, and 804.9 people per 100,000 filed fraud complaints in 2013.
The US Senate didn't receive the required 60 votes to move a bill forward that would have forced changes to the National Security Agency's (NSA) phone surveillance program. The USA Freedom Act was brought before the Senate following former NSA contractor Edward Snowden's revelations of mass surveillance of US citizens, including a sophisticated phone snooping program.
The Senate voted 58-42 to prevent the Freedom Act from moving forward, but there will be similar legal efforts to try to limit the NSA's snooping ability. The same amount of information would have been collected, but phone companies would have retained the records instead of passed them along to the government - unless a court order was produced.
"In the past five or six months, we have witnessed heights U.S. national security concerns with terrorist threats, geopolitical problems, and cybersecurity challenges from Russia and China," said David Fidler, Indiana University's Center for Applied Cybersecurity Research professor of law. "Addressing these concerns requires strong American intelligence and surveillance capabilities - creating the potential for stronger opposition to the Snowden-inspired reforms today than existed only a few months ago."
The Interactive Advertising Bureau's Anti-Malware Working Group has teamed up with the FBI and US Department of Justice in their effort to fight malware and cybercrime. There has been an increase in organized cyberattacks targeting the IAB, and federal partnerships could help limit future widespread issues.
The FBI and other government agencies want to increase proactive behavior to clamp down on cybercrime, and this marks the first industrywide relationship they have created. The IAB Anti-Malware Group formed in September and has generated widespread interest, including from the US government, as cybercriminals make millions from compromising companies and users.
"We have become such a target of organized crime that we think this is the only way to truly be successful long-term," said Mike Zaneis, IAB executive vice president. "In the advertising space, what we're particually worried about is the type of malware that will basically make your computer a zombie, or a bot, and will begin to generate non-human traffic back to criminal websites or just selling traffic on networks or exchanges."
There were a number of major data breaches reported in 2014, but it would appear companies have higher hopes for data security in 2015, according to a study published by ThreatTrack Security. In its "2015 Predictions from the Front Lines," 81 percent of enterprise security staffers said they would be willing to "personally guarantee that their company's customer data will be safe in 2015."
Hearing that eight out of 10 security staff would be willing to guarantee customer data sounds absolutely ridiculous - but might be a necessary leap of faith to win over customers, increasingly concerned their personal information could be leaked.
Millions of US consumers faced debit and credit card fraud from the Home Depot and Target breaches alone, with a number of other companies also breached in between.
Kaspersky is imagining the future of the world, with the increase in use of technology, the increase of threats are there too. Infrastructure attacks, financial system attacks, governments being hit, and much more. The video below does an incredible job of showing us how Kaspersky view the future.
One of the scarier things Kaspersky says in its video, is "will a single click trigger a global economic crisis", but follows it by a "world where technology works for us", or "controls us". The video continues, sayign "could it be a truly connected universe, where we'll be able to express the full power and imagination. Or one where those connections make our critical infrastructure vulnerable to attack".
The ad makes you really think about the many, many possibilities we as a human race have to face - as the world is constantly changing around us. Not only are we dealing with things at a personal level, but societal level, and then infrastructure level. Are the governments of the world prepared for these attacks, or simply taking our freedoms away with far-reaching government agencies like the NSA and GCHQ spying on all citizens at once. What do you think?
The Department of Justice (DOJ) program that reportedly uses cell-tower mimicking equipment during airplane flights that allows the federal government to snoop on mobile phones has drawn an angry response from many Americans.
Senator Ed Markey (D-Mass) wants Attorney General Eric Holder to provide details about the DOJ operation, such as mission length, additional surveillance programs, and which cities were impacted.
"Americans are rightfully disturbed by just how pervasive collection of mobile phone information is, even of innocent individuals. While this data can be an important tool for law enforcement to identify and capture criminals and terrorists, we must ensure the privacy rights of Americans are protected," Sen. Markey said in a public statement. "We need to know what information is being collected, what authority is being used to collect it, and if and how this information is retained and stored."