TweakTown NewsRefine News by Category:
Internet-enabled smart TVs can be compromised quickly and effectively by hackers, using the "red button attack" aimed at compromising users by sending spam and launching attacks. Hackers also have had success by hijacking built-in audio and video into smart TVs, the researchers warn. Any smart TV that is utilizes the hybrid broad-cast broadband (HbbTV) standard is vulnerable to the exploit - which is the majority of TVs in Europe, and about to become even more prevalent in the United States.
"For this attack you do not need an Internet address, you do not need a server," said Yossef Oren, Network Security Lab researcher from Columbia University. "You just need a roof and an antenna and once you are done with your attack, there's completely no trace of you."
The Internet of Things is expected to explode in popularity, but anti-virus and additional security measures need to be in place to keep devices secure. After first discovering the flaw in late 2013, it wasn't seen as widespread enough to change the standard - but security experts are finally paying attention.
The Russian Ministry of Internal Affairs announced two people have been arrested - and confessed - for their role in compromising Apple device owners with ransomware attacks. The suspects phished users and compromised iCloud logins, and used the stolen credentials to lock iPhones, iPads and Mac devices. Most users were affected in Australia, but Apple owners in the United States, United Kingdom, and New Zealand also fell victim. Both hackers, living in Moscow, are reportedly 17 and 23 years of age.
Russian authorities have seized PCs, mobile phones, and SIM cards reportedly used to launch the ransomware attacks.
Ransomware attacks are becoming increasingly common, as cybercriminals are able to compromise users and demand payment for access to devices and technology. In addition to the two people already arrested in Russia, other groups are reportedly trying to launch similar attacks on users.
Cyberattacks have a global ripple effect that leads to costs from $375 billion up to $575 billion per year, and the problem isn't getting any better, according to a recent report. Security firm McAfee and the Center for Strategic and International Studies teamed up to interview economists, lawyers and government officials specializing in cyberattack data. In 2013, the same group estimated cyberattacks costs around $100 billion to U.S. companies per year.
Companies are struggling to keep data secure, and as learned from the massive Target and eBay breaches, consumers often are on the losing end. However, it's difficult to try to analyze the actual cost of cyberattacks, with some companies unaware they were targeted - or don't want to run the risk of negative public perception caused by a breach.
A company that suffers a data breach should be proactive and inform customers, rather than burying the evidence and keep it secret.
The number of data records compromised during the first quarter has increased 46 percent year-over-year when compared to 2013, as an estimated 176 million records were compromised, according to a new security report.
Not surprisingly, the business sector suffered the highest number of breaches, accounting for 57.5 percent of reported incidents, ahead of government (15.7 percent), unknown (13 percent), education (7.3 percent), and the medical industry (6.4 percent). Almost 63 percent of incidents led to one to 1,000 records compromised, though six reported incidents led to at least one million records stolen.
"It's difficult to say whether security is deteriorating, bad actors are getting better or some combination of both," said Inga Goddijn, Risk Based Security insurance practice lead, in a statement. "What we do know is that there have been eight events in the past six months that have involved the compromise of at least 10 million records per event and the trend is continuing with the most recent revelations at eBay."
The hacker collective Anonymous is preparing to attack World Cup 2014 sponsors, in response to the Brazilian government spending outlandish amounts of money to prepare for the soccer tournament. It is unknown which specific companies will be hit, but World Sponsor companies include Adidas, Coca-Cola, Emirates Aireline, and Budweiser.
"We have already conducted late-night tests to see which of the sites are more vulnerable," a hacker known as "Che Commodore" told Reuters. "We have a plan of attack. This time we are targeting the sponsors of the World Cup."
The hacker group has already hit the Brazilian Foreign Ministry, compromising at least three hundred documents before the email system was shut down. A phishing attack was used to compromised the ministry, but cyberattacks on World Cup sponsors will likely rely on distributed denial-of-service (DDoS) attacks.
Cybercriminals are becoming more brazen about their cybercriminal activities, boasting on social media, and offering custom wares on underground forums. It's also possible to visit these forums to recruit cyber mercenaries to conduct hacking behavior and create malware to customers willing to pay for their services.
Tools available for purchase include some of the following: keyloggers, print screen stealers, webcam stealer, firewall bypasses, spam email dispatchers, remote logins, and similar technologies.
"Offering cybercrime software tools for sale is not new," a May 2014 malware report from RSA noted. "However, advertising them out on the open web and social networking sites like Facebook is quite unusual. This particular software tool author does not seem to be afraid or concerned about exposing his software or his email addresses to the general public. Such behavior goes against the trend of pushing cybercriminal activity further underground as has been witnessed by RSA over the last two years."
Governments and police authorities are cracking down on organized cybercrime groups operating botnets and other digital crime operations. Companies trying to stay safe from sophisticated attacks need to be aware of the tactics cybercriminals use, which largely depends on deception and exploiting users.
Botnets target a variety of different industries, but banks and financial intuitions must be aware of the growing risks their networks face.
"Deception is always the name of the game," said Joe Caruso, Global Digital Forensics (GDF) founder, in a press statement. "Whether it's a phishing email that's made to look like it's coming from a recognized and trustworthy source, with links to a fabricated website which can look quite convincing, or the evasion techniques malware uses to circumvent standard antivirus and antimalware solutions, the goal is to make you trust your eyes on face value."
At least 30 different Japanese government ministries and other organizations have faced cyberattack threats since May 2009, with many hijacked PCs and servers phoning home to Chinese-based servers. Japan is one of the most tech-savvy countries in the world, though is often overlooked in regards to cyberattacks that must be addressed. Much like other western countries, cybersecurity has become a major political talking point in Japan, in the country's effort to stay safe from espionage and theft.
Specifically, Japan must defend against a higher number threats from China and North Korea - and with China conducting cyberespionage operations against the United States and its partners, there is no surprise Japan is a popular target. The country saw 12.8 billion cyberattacks in 2013, according to the National Institute of Information and Communications Technology (NICT).
Japan also saw a lot of attacks from the United States, Russia and Brazil, including distributed denial of service (DDoS) and phishing attacks, along with network probes.
After a few road signs were hacked, the government is warning cities and highway operators using signs manufactured by Daktronics of possible cyberattacks. The United States Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a statement saying operators should prepare "defensive measures" against these types of attacks. The ICS-CERT team said hackers have published a guide on how to compromise Daktronics systems to alter the normal message.
"CIS believes it is likely that a small percent of Watch Dog players will experiment with compromising computers and electronic systems outside of game play," according to a recent report from the Center for Internet Strategy (CIS).
Years ago, vandals would write messages such as, "Warning, Zombies Ahead!" on road signs - and only small number of incidents have been reported. However, authorities were immediately concerned, because changing road signs can be a serious public safety issue, and the signs often help drivers deal with possible traffic and road issues.
Current Microsoft Windows XP users making tweaks to the registry to receive support for XP until April 9, 2019 was quickly discovered by Microsoft. A registry hack is available for both the 32-bit and 64-bit copies of XP, though Microsoft and security experts still recommend migrating to Windows 7 or 8/8.1.
The registry hack tricks traditional desktop versions of Windows XP into thinking it's really a copy of Windows Embedded POSReady 2009, a version of Windows designed for point-of-sale machines. However, Microsoft warns the security update won't make XP fully secure, and it's still advisable to upgrade to a newer OS.
"We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers," a Microsoft statement said. " The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP."