TweakTown NewsRefine News by Category:
Apple Pay is helping lead a mobile payment revolution, with consumers and retailers seeing a wider number of payment options at checkout. Mobile security is expected to reach upwards of $11 billion in 2015 alone, industry analysts forecast, and trying to keep mobile payment platforms will need special attention.
Upwards of 30 million smartphones could be used for mobile payments worldwide, according to Deloitte, with five percent of NFC-equipped devices estimated to be used for in-store transactions. If interest is accelerating in mobile payment adoption, then it's likely cybercriminals will adapt their attack strategies.
"It's very easy to predict that as the adoption of mobile payment systems like Apple Pay increases, that attacks will grow to follow that," said Chris Doggett, North American managing director at Kaspersky Lab, in an interview with the Washington Post. "It's like that famous saying, 'Why do you rob banks? Because that's where the money is.' If Apple Pay becomes a big, pervasive system for payments, you can be sure that the criminals are going to be right behind, figuring out how to breach Apple's security and how to steal money."
Even with cybercriminals using sophisticated attack methods to compromise companies, business leaders must deal with employees recklessly clicking links and installing unknown software, according to the "2015 State of the Endpoint" study.
Seventy-eight percent of surveyed IT professionals believe careless employees are the biggest threat, 68 percent blame personal devices in the workplace, and 66 percent cite commercial cloud apps used at work.
"Respondents in this year's study have shifted their thinking and are now also attributing endpoint risk to human behavior in addition to particular device vulnerabilities," said Chris Merritt, director of solution marketing at Lumension. "This is a significant cultural shift to note because it illustrates how IT is starting to look at cybersecurity holistically. In addition to technology solutions, in 2015 IT must also take into account company policies and control processes, user awareness and overall employee education."
Former NSA contractor Edward Snowden recently said he went through the "channels" to inquire about oversight and compliance regarding NSA activities, but was shut down by big bureaucracy.
However, the NSA said they conducted an investigation and "have not found any evidence to support Mr. Snowden's contention that he brought these matters to anyone's attention," the NSA noted.
"The email, provided to the committee by the NSA on April 10, 2014, poses a question about the relative authority of laws and executive orders - it does not register concerns about NSA's intelligence activities, as was suggested by Snowden in an NBC interview this week," said Sen. Dianne Feinstein (D - Calif), chair of the Senate Intelligence Committee, in a statement.
Cybercrime is maturing while those interested in launching attacks are better organized and skilled with their ability to breach networks. There are a growing number of paid cyberattack tools available on the black market, which can be custom scripted for additional payments, broadening the scope of these attacks.
Following its success of dropping the Microsoft Xbox Live and Sony PlayStation Network on Christmas, the Lizard Squad hacker group showed off its distributed denial of service (DDoS) tool. The DDoS-for-hire attack service, dubbed Lizard Stresser, put the for-pay cyberattack market in front of a larger audience - and it appears people are interested.
"I really feel Lizard Squad has upped the ante on the DDoS for hire market," said Terrence Gareau, Chief Scientist at NexusGuard, in a statement to SiliconANGLE. "They have taken an approach much like Silicon Valley startups that focuses on marketing and media to push a product and make their stresser appear better than competitors."
The US Central Command Twitter and YouTube accounts were compromised on Monday morning, with hackers posting threatening messages and officer contact information. CENTCOM servers and classified data remained intact, and the FBI and Department of Defense (DoD) are now investigating the issue. If nothing else, this is a rather embarrassing issue for the US military, as cybersecurity protocols are being taken more seriously.
"It's embarrassing as all get-out for CENTCOM," said Matthew Aid, a cybersecurity specialist, in a statement to the USA Today. "It looks like rather low-level classified documents. They came off a protected network. Regardless of the low level of sensitivity, the fact that it was done should scare the crap out of people."
However, CENTCOM officials note that the account's username and password were compromised, but its networks were not breached in the incident: "This is little more, in our view, than a cyber-prank," said Army Col. Steve Warren, a spokesman for the Pentagon. "It's an annoyance. We wish it wouldn't happen because we have to spend our time on it. But in no way compromises our operations in any way shape or form."
President Barack Obama wants cybersecurity to have a more prominent role among companies and federal agencies, including cybersecurity information sharing. As part of the proposal, Obama wants streamlined threat intelligence sharing between the private sector and government agencies.
In addition, Obama wants to disrupt botnet operators - including the sale or rental of botnets for criminal use - to be investigated, disrupted and prosecuted by federal courts.
Obama yesterday announced an updated proposal so national data breach reporting is modified following a cyberattack and data breach. Instead of a mix of state laws, a single federal statute would be created, so businesses better understand their responsibilities while informing customers.
The Australian Communications and Media Authority is warning everyone to be careful when receiving emails that have anything to do with an "ISIS threat," after numerous reports of people becoming infected when opening emails containing the subject "ISIS attacks in Sydney?" have surfaced.
The Australian Government's Stay Smart Online service statement reads "new emails referring to ISIS terrorism activities carry a malicious attachment that can be used to infect your computer," further commenting that "clicking on the attachment could result in malicious code being installed that allows an attacker to take control of your computer."
The body of the email in question goes on to mention "ISIS has warned Australian Police today about new attacks in Sydney," further stating that "attached the places in word file which ISIS planning to attack in Sydney this year 2015."
The Russian FSB intelligence security service reportedly tried to recruit former NSA contractor Edward Snowden, approaching him while he was stranded in the Sheremetyevo International Airport in 2013. The American fugitive declined the offer.
Snowden was reportedly approached only once and he "didn't give anything to the Russians at all," according to WikiLeaks staffer Sarah Harrison, a close friend to the stranded American.
Snowden was granted temporary asylum to stay in Russia in August 2013, and he remains inside of Russian borders.
United Airlines says it wasn't breached as several MileagePlus members have discovered fraudulent activity on their accounts. It appears usernames and passwords were compromised from a third-party, and the unauthorized purchases began sometime in December 2014, the airline has confirmed. The California Office of the Attorney General was notified about the incident last week.
United is still trying to determine how the information was compromised, as criminals have increasingly targeted loyalty programs for airlines, hotels and other travel industry businesses. The accrued points are easy to cash out for restaurants, rental cars, air travel, hotels, and other perks.
Cybercriminals are finding new methods to find usernames and password credentials to steal - and the fraudulent activity suffered by MileagePlus members is an indication that trend will continue.
It appears the US Central Command Twitter and YouTube accounts were hacked by the Islamic State, corresponding with President Obama preparing to deliver a speech regarding cybersecurity. Both accounts have been temporarily suspended, as threatening messages were posted aimed at US soldiers.
One of the messages posted on the US Central Command Twitter page included: American soldiers, we are coming, watch your back. ISIS. #CyberCaliphate" and included a link to a Pastebin link.
This effort was designed to be an annoyance to the US government and US Central Command systems remain secure from attack. Meanwhile, US officials are looking into the breach, including extent of the incident and any messages that may have been sent from the hijacked accounts.