TweakTown NewsRefine News by Category:
United Airlines says it wasn't breached as several MileagePlus members have discovered fraudulent activity on their accounts. It appears usernames and passwords were compromised from a third-party, and the unauthorized purchases began sometime in December 2014, the airline has confirmed. The California Office of the Attorney General was notified about the incident last week.
United is still trying to determine how the information was compromised, as criminals have increasingly targeted loyalty programs for airlines, hotels and other travel industry businesses. The accrued points are easy to cash out for restaurants, rental cars, air travel, hotels, and other perks.
Cybercriminals are finding new methods to find usernames and password credentials to steal - and the fraudulent activity suffered by MileagePlus members is an indication that trend will continue.
It appears the US Central Command Twitter and YouTube accounts were hacked by the Islamic State, corresponding with President Obama preparing to deliver a speech regarding cybersecurity. Both accounts have been temporarily suspended, as threatening messages were posted aimed at US soldiers.
One of the messages posted on the US Central Command Twitter page included: American soldiers, we are coming, watch your back. ISIS. #CyberCaliphate" and included a link to a Pastebin link.
This effort was designed to be an annoyance to the US government and US Central Command systems remain secure from attack. Meanwhile, US officials are looking into the breach, including extent of the incident and any messages that may have been sent from the hijacked accounts.
The FBI continues to say North Korea is responsible for a crippling cyberattack and data breach of Sony Pictures, and the Obama Administration vowed revenge, but Washington didn't drop the North Korean Internet, sources claim. However, those responsible for hitting North Korea likely didn't need to work very hard, and future attacks could be imminent.
"It looks more like the result of an infrastructure attack than an infrastructure failure," said James Cowie, chief scientist of Dynamic Network Services, in a statement to the AP. "There's nothing you can point to that says it has all the hallmarks of an attack by a nation state. It could have been anybody."
The entire country of North Korea only has four principal access point to the Internet, and while the US government has the capabilities to impact them, so do multiple other nation states - and smaller hacker groups.
Before Sony Pictures had its data released to the Internet, the Guardians of Peace offered to simply disappear if they were paid a ransom - an extortion attempt that Sony promptly denied. However, this type of criminal activity is overshadowed by the new forms of malware customized to encrypt files and demand payment from compromised victims.
Ransomware attacks tend to get the most attention when a new piece of malware hits the Web, infecting end-users and corporations. The ransoms range from as low as $200 up to thousands of dollars, with a short deadline before the files are permanently encrypted.
Cybersecurity experts warn these types of attacks will continue to increase in popularity, as many victims provide payment to the criminals.
The Anonymous hacker collective has publicly launched a campaign against Islamic extremists tied to the attacks on Charlie Hebdo, which has killed 12 people. The group plans to target al-Qaeda, ISIS and other terrorists, with a focus on bringing down their social media accounts and websites used to spread propaganda.
"We, Anonymous around the world, have decided to declare war on you the terrorists," the group declared in a YouTube video. "We intend to take revenge in their name, we are going to survey your activities on the net, we are going to shut down your accounts on all social networks."
#OpCharlieHebdo has already claimed one victim, though the victimized website returned to service after an hour or two of downtime. However, distributed denial of service (DDoS) attacks and other cyberattacks are expected to target the terrorist groups operating in Iraq, Syria, and elsewhere in the Middle East.
The North Korean Bureau 121 cyber warfare unit has continued to recruit new computer experts to its unit, with potential long-term plans of conducting wide-scale cyberespionage operations. Despite additional sanctions levied against Pyongyang, it hasn't slowed momentum of the secretive cyber unit.
"North Korea is currently running its 6,000 (-member) workforce for cyber warfare and performing cyberattacks for physical and psychological paralysis inside South Korea such as causing troubles for military operations and national infrastructures," said the South Korean Defense Ministry, in a statement published by Reuters.
The North Korean government has denied it was involved in breaching Sony Pictures Entertainment - but details of its hacker group continue to be published. Bureau 121 has been blamed for several notable breaches targeting South Korean banks and other infrastructure, with the unit's skills reportedly developing.
Based on its success during cybersecurity-based competitions, the University of Central Florida (UCF) has won the 2014 Collegiate Cybersecurity Championship Cup.
"The Cybersecurity Championship Cup program is designed to encourage collegiate participation in all cybersecurity-based competitions - not just specific events," said Dr. Gregory White, Director of the Center for Infrastructure Assurance and Security. "The program is similar to the FedEx or Sprint Cups - teams gain points for participation in placement in disparate cybersecurity competitions."
The cup competition is supported by a grant from the Department of Homeland Security Science and Technology Director Cyber Security Division, and is managed by the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio. There is a growing need for cybersecurity specialists - both by the private sector and the federal government - as foreign cyberattacks continute to warrant great concern.
Sony Pictures is still dealing with the aftermath of its data breach originally suffered seven weeks ago, and it has been a major headache. However, the incident will be covered by SPE's insurance, and likely won't require the company to endure additional cost-cutting measures, according to SPE CEO Michael Lynton.
"I would say the cost is far less than anything anybody is imaging and certainly shouldn't be anything that is disruptive to our budget," Lynton recently told Reuters.
The financial cost related to post-breach cleanup may be covered, but Sony Pictures must now work on its public relations image. Employee morale is reportedly high, and payroll has been managed, but leaked email conversations between SPE executives embarrassed the company. It will take time and effort, but Lynton acknowledge rebuilding trust with company employees and Hollywood partners already is being worked on.
Sony Pictures managed to release "The Interview" to the Internet on Christmas Eve and in theaters on Christmas, but it continues to be a bumpy road for the movie studio. The Guardians of Peace hacker group compromised SPE servers, took all the data, and then "wiped them clean" so Sony no longer had backups.
The initial breach took place shortly before Thanksgiving, and the movie studio's networks are still down - and likely won't be back online for a few more weeks, at the earliest.
"We are the canary in the coal mine, that's for sure," said Michael Lynton, Sony Pictures CEO, in an interview with the Associated Press. "There's no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions without being able to refer to a lot of experiences you've had in the past or other peoples' experiences. You're on completely new ground."
Companies struggle to keep their networks secure, and are becoming frustrated by cyberattacks and data breaches. Despite some interest in launching retaliatory attacks, there are a number of hurdles that make it difficult, legal issues aside - not only would it be ineffective because it could escalate the matter further, but there are concerns victims would launch cyberattacks against the wrong targets.
The topic came back to life after JPMorgan Chase may have recruited hackers to launch attacks in retaliation for a cyberattack. Cybersecurity experts and the US government don't recommend companies seek revenge, as US infrastructure has the most to lose - and it'll likely end poorly for the victim either way.
"The technical sector is the backbone of the American economy, and if we start engaging in these kind of behaviors, in these kind of attacks, we're setting a standard, we're creating a new international norm of behavior that says this is what nations do," said former NSA contractor Edward Snowden, in a an interview that PBS Nova will publish soon.