TweakTown NewsRefine News by Category:
Small businesses are a lucrative target for cybercriminals trying to launch ransomware malware attacks, and the problem is only getting worse. Careless employees are tricked, typically using phishing emails, and the custom malware encrypts various files - demanding a ransom payment or the files will be permanently encrypted.
"They set the ransom so low that, as violated as I feel and as much as I wanted to fight, at the end of the day I realized I can pay and get back to work," said Mark Stefanick, president of Advantage Benefits Solutions, in a statement published by the Wall Street Journal. Stefanick chose to pay the $400 ransom so files were quickly decrypted and his company could get back to normal operation.
Around 30 percent of ransomware victims choose to pay the ransom to end the cyberattack, according to Trend Micro chief cybersecurity officer Tom Kellerman. There were at least 250,000 new ransomware samples studied by Intel Security during Q4 2014, a whopping 155 percent increase quarter-over-quarter.
A hacker group with support from the Chinese government has operated for more than 10 years without being detected, able to compromise information from companies and reporters, according to FireEye. Many of the attacks started with social engineering, with victims unknowingly installing the Mysterious Eagle malware onto PCs - so the hacker group could remotely monitor and control the compromised systems.
The APT30 group has been in operation from 2004 and was able to collect information "about journalists, dissidents and political developments in relation to China targeting government and military organizations, and targeting economic sectors of interest to China's economy."
The Chinese government has long been accused of funding cybercriminal groups aimed at compromising western targets - much of the attention is focused on the US government and companies with US customers.
Most headlines featuring hackers tend to focus on cybercriminals trying to breach security protocols for criminal gain - but there is a growing effort to support "white hat" hackers working in an ethnical manner to find security bugs.
"There are actually a lot of good hackers out there that are revealing vulnerabilities and bugs in technology that we all rely on," said Keren Elazari, analyst for GigaOM Research, while speaking during the Atlantic Security Conference, in a statement to CBC's "Mainstreet" program. "A lot of companies are still kind of reluctant to open their doors to hackers... that's something I'm trying to change."
Google, Facebook, Tesla, and other companies rely on so-called "bug bounty" programs that provide cash and other incentives for coders. It can be difficult for internal programmers to try to work out bugs and vulnerabilities in their own software, so having outside help can be critical.
Even with companies spending more on cybersecurity efforts, data security breaches are at an all-time high, the Gartner research group recently said.
However, these high-profile breaches are finally sounding alarm bells among C-level executives - and they may be desperate to spend money - but aren't really sure what they are buying and trying to implement.
The number of security information and event management (SIEM) solutions leads the way in regard to cybersecurity, collecting, saving and analyzing security data. However, trying to sort through all of that data remains rather confusing, but security analytics technology is maturing.
Cybersecurity is a complicated issue that has serious ramifications for the United States and other countries that aren't focusing enough attention on the matter. More national governments are developing programs to attack political rivals, in an effort to steal information and cause data breaches.
"Cyber is a weapon of war," said Ray Boisvert, former head of intelligence for the Canadian Security Intelligence Service (CSIS), in a statement to The Register. "The NASDAQ and Home Depot hacks are examples of this."
There are around 60 countries involved in various forms of cyberespionage, including terrorist groups like Hezbollah, according to US assistant secretary of defense for Homeland Defense and Global Security, Eric Rosenbach. Boisvert thinks that number is accurate, though much of the attention is focused on Russia and China.
Russian intelligence agents are now sharing sophisticated malware created for cybercriminals and organized crime to use in their efforts to conduct cyberespionage.
"Russian nationalism and organized crime are being assisted by Russian state security," said Ray Boisvert, former assistant director and the head of intelligence for the Canadian Security Intelligence Service (CSIS), in a statement to The Register. "The red lines have gone because of Ukraine. Organized crime is being told they can disrupt Western interests."
Russia has been accused on multiple occasions of providing support to organized crime and hacker groups, willing to conduct cyberattacks against foreign targets. However, trying to catch perpetrators and hold them responsible for data breaches, cyberespionage, and other similar crimes is extremely difficult for US authorities.
Cybercriminals had an extremely successful year in 2014, and are constantly looking for new ways to compromise businesses and users. Last year saw "far-reaching vulnerabilities, faster attacks, files held for ransom and far more malicious code than in previous years," according to the Symantec 2015 Internet Security Threat Report - and information security is becoming more important for companies.
There were 317 million new pieces of malware written in 2014, while ransomware attacks aimed at breaching user files increased 113 percent. Data breaches remained a major problem, with millions of US consumers compromised, as the total number of incidents increased 23 percent.
"The criminals are getting better," said Kevin Haley, director of security response at Symantec, in a statement published on NBC News. "Success breeds success and other criminals want to get into the game, so we need to step up our game in terms of protecting our information and keeping it safe."
The Government Accountability Office (GAO) is showing increased concern that hundreds of commercial aircraft are vulnerable to possible cyberattack from remote operators. If done successfully, hackers would be able to possibly install malware on flight control computers, take over control of the aircraft, compromise navigation systems and warning systems.
Air traffic control also is increasing to support Internet-based solutions, giving criminals another pipeline to tamper with flights. The House Transportation and Infrastructure Committee and several senators wish to read over the full GAO report - and expect the Federal Aviation Administration (FAA) to make necessary security protocols mandatory.
"Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems," the GAO report says. That level of IP connectivity, however, is what could create a link between aircraft and cybercriminals - posing a threat to the aircraft, its crew and passengers.
Victims of the CoinVault ransomware have another option when trying to retrieve information - and not paying a ransom to hackers. Cybersecurity company Kaspersky Lab has partnered with the National High Tech Crime Unit (NHTCU) of the Netherlands' police, providing decryption keys and a decryption application online.
Using information collected from a CoinVault command & control server, Kaspersky Lab, NHTCU and the Netherlands' National Prosecutors Office hope victims will be able to retrieve files without paying a ransom.
"If you get infected with the CoinVault ransomware, please check noransom.kaspersky.com," urged Jornt van der Wiel, security researcher for the global research and analysis team at Kaspersky Lab. "We have uploaded a huge number of keys onto the site. If we do not currently have records for a particular Bitcoin wallet, you can check again in the near future, because together with the National High Tech Crime Unit of the Netherlands' police we are continuously updating the information."
Phishing remains a successful social engineering tactic used by cybercriminals, taking just 82 seconds to catch the first victim, according to a new report compiled by Verizon. An unfortunately alarming number of 25 percent of phishing email recipients are likely to open the fraudulent email - and trying to educate employees remains difficult for companies.
Instead of worrying about using a complicated software exploit, it's easier - and extremely effective - for hackers to just phish a victim and get them to turn over usernames and passwords. Companies that properly teach their employees to identify and avoid phishing emails reduce their likelihood of falling victim from one in four down to one in 20, according to researchers.
"They should be treating employees as tools in the fight rather than as lambs to the slaughter," said Bob Rudis, lead author of the Verizon report, in a statement published by BBC.