TweakTown NewsRefine News by Category:
Consumers in the United States are receiving new credit cards and retailers must upgrade their payment terminals. Cybersecurity experts warn that since credit card companies will rely on signatures while PIN numbers won't be required - due to higher cost and increased complexity - stolen and lost cards could still be vulnerable.
Chip-enabled cards will help lower fraud in retail stores, but online fraud is likely to increase, which has happened in other countries that adopted similar technology years ago. There will be a learning process for US consumers and retailers unfamiliar with Chip-and-PIN - but it should help usher in change, even if security concerns remain.
"A payment standard that is accepted globally will substantially reduce transaction costs for them," said Rick Dakin, CEO of the Coalfire cybersecurity risk and compliance firm, in a statement to Reuters. "Also they have already done the heavy lifting for EMV so they are ready and pushing for it."
Criminals took $16 billion from 12.7 million US consumers last year, with a new identity fraud victim every two seconds, according to a new report from Javelin Strategy & Research. Two-thirds of identity fraud victims last year received notification that their personal information was compromised in a data breach, which took over headlines as major retailers were hit.
On the bright side, new account fraud, which is when a criminal opens up an account in a victim's name, dropped to a record low in 2014. In addition, new monitoring and protection systems saw the amount lost due to fraud dropping 11 percent year-over-year, from $18 billion in 2013 down to $16 billion in 2014.
"Despite the headlines, the occurrence of identity fraud hasn't changed much over the past year, and it is still a significant problem," said Al Pascual, director of fraud & security at Javelin Strategy & Research. "Consumers, financial institutions and retailers are all taking aggressive steps, yet we must remain vigilant. The criminals will continue to find new ways to commit fraud, so taking advantage of available technology and services to protect against, detect and resolve identity fraud is a must for all individuals and corporations."
The "FREAK attack" may have exposed millions of Apple and Google Android Internet users, though there have been no confirmed cases of attacks against Web browsers. If exploited, hackers could compromise usernames, passwords, and other personal information in a rather simple manner.
The "Factoring attack on RSA-EXPORT Keys" attack stems from a US law that required "export-grade" products with weaker encryption protocols to be shipped overseas. Despite the federal restrictions being lifted more than 15 years ago, popular software - which eventually found its way to the United States - were still vulnerable.
Apple and Google have both created software updates to prevent this type of attack from being problematic. The Apple update will be issued next week, while Google has already offered an update to wireless carriers and smartphone manufacturers.
Former NSA contractor Edward Snowden wants to return to the United States in the future, but needs guarantees of a fair trial. The only promise he has been given is that he wouldn't face the death penalty if he is convicted - and privacy advocates believe the US government, which wants to do anything to get him into custody, cannot be trusted.
"He is thinking about it," said Anatoly Kucherena, a Russian lawyer representing Snowden, during a recent news conference. "He has a desire to return and we are doing everything we can to make it happen. Snowden is ready to return to the United States, but on the condition that he is given a guarantee of a legal and impartial trial."
Kucherena also noted that he is working with a group of international lawyers to determine the best method for Snowden's potential return to the United States. Snowden has a three-year Russian residency, but would likely face immediate arrest if he tried to leave Russia.
The US federal government is worried about a growing number of cases related to Stolen Identity Refund Fraud (SIRF), with criminals filing state and federal taxes - and making off with the tax refunds. Tax-related identity theft was the most reported type of fraud submitted to the Federal Trade Commission (FTC) in 2014, with the agency receiving 109,063 complaints.
Recently, the Internal Revenue Service (IRS) issued another public advisory to remind people that any telephone calls or emails claiming to be the IRS are fraudulent. In these scams, criminals ask victims to provide personal information or transfer money to them.
"It is a massive problem," said Brian Krebs, independent cybersecurity investigative reporter, in a statement published by the Milwaukee Journal Sentinel. "It's probably going to emerge as the biggest identity theft problem this year."
Ben Lawsky, a New York financial regulator and head of the New York Department of Financial Services, is reportedly considering new regulation to help prevent against "an Armageddon-type" cyberattack. There is concern that a coordinated cyberattack would be able to hit the "broader economy" of the United States.
"We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time," Lawsky said while speaking at Columbia Law School.
To help prevent against a "cyber 9/11," Lawsky wants financial institutions and insurance companies be graded by the DFS. The legislation may also require multifactor authentication and other requirements to keep data secure. Banks also must be proactive in their effort to keep data secure, as foreign-based hackers continue their attempts to disrupt Wall Street.
Lenovo likely only collected $200,000 up to $250,000 for its Superfish adware installations on consumer PCs, according to a report from Forbes. Previous estimates predicted higher figures - but considering the company's major earnings - the low sum likely won't be worth the legal and public relations headaches.
It is alarming Lenovo, which finalized a deal in summer 2014 to pre-install Superfish, received such a small amount for jeopardizing so much. In addition to promising no more Superfish installations, the company's website was reportedly compromised by the Lizard Squad hacker group last week.
It looks like Lenovo is learning from its mistakes, promising to be more transparent about pre-installed software in the future. For new machines running Microsoft Windows 10, the Lenovo standard image will only include the OS, security software, Lenovo applications, and software/drivers required to make hardware work well.
More than five billion downloaded Google Android apps could be targeted by hackers, according to cybersecurity experts. Most forms of malware (96 percent) are focused on compromising Android, according to data from the FireEye cybersecurity firm.
Android is open source and allows more developers to contribute to the OS, but that also gives hackers a great opportunity to create sophisticated malware. Malware targeting Android drastically increased from 240,000 samples in 2013 up to 390,000 unique samples last year - and the problem seems to be accelerating.
"You can get all the code and then you can insert additional instructions and make it look and feel like the original app and no way for a consumer to tell the difference when they download it," said Jason Steer, director of technology strategy at FireEye, in a statement given to CNBC.
Cyberattacks from foreign states and rogue hacker groups have become the top threat to the United States, according to US intelligence experts. Director of National Intelligence, James Clapper, is especially concerned of potential attacks from Russia, China, Iran and North Korea - saying low-to-moderate level cyberattacks pose a long-term threat against critical infrastructure.
In addition to cyberespionage from foreign governments, there is rising concern of hacker groups able to infiltrate government agencies and companies - sometimes with support from foreign governments - with the goal of interrupting business operations, stealing money, and compromising employee and customer personal data.
Unfortunately, the US government has focused more on its cyber surveillance programs while largely neglecting cybersecurity. Even though it's effective to have offensive weapons, the United States has a lot more to lose than other countries if a major data breach occurs - and there is growing focus on being able to identify and defend against attacks.
By 2018, 40 percent of large enterprises will have some type of plan to respond to aggressive cybersecurity business disruptions, a drastic increase from zero percent in 2015, according to the Gartner research group.
Gartner describes an aggressive business disruption attack as a coordinated and sophisticated effort to interfere with and damage business operations - wiped data, servers knocked offline, intellectual property stolen.
"Entirely avoiding a compromise in a large complex enterprise is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as several attack patterns and overwhelming evidence support that a compromise will occur," said Paul Proctor, VP and distinguished analyst at Gartner. "Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security program."