TweakTown NewsRefine News by Category:
Forget China and Russia - Sony Pictures Entertainment is investigating a major cyberattack that could have originated from North Korea. The attack crippled SPE's email and computer systems since Monday, interrupting employee operations throughout the short holiday week. Several movies being promoted by SPE were also impacted, as Twitter feeds were disrupted by the cyberattack.
The "Guardians of Peace" group claimed responsibility for the attack, and said it has a large amount of internal Sony data that it has taken. GOP is reportedly preparing a "volume of the data" to the Internet in the immediate future.
SPE is the studio behind "The Interview," a geopolitical satire that features James Franco and Seth Rogen as a talk show host and producer turned American operatives tasked with killing Kim Jong Un.
The use of credit cards with magnetic chips in the United States is slowly but surely being replaced by new chip and PIN cards that are more secure. However, retailers need to make sure their employees are properly trained in how to accept payments with chip and PIN cards, especially with some retailers replacing their own magnetic cards with the newer security.
Target, which suffered a massive breach at the end of 2013, is rolling out support for chip and PIN cards - and other retailers that suffered data breaches are expected to follow suit. But customers are finding checkout to be a tedious process when cashiers are unsure how to handle this new this payment process, however, the growing pains should prove to be worth it.
The use of chip and PIN technology will likely begin to transition from large retailers down to smaller businesses, as they discover its added security benefits. "It's about the peace of mind for the consumer, right?" said Shane Cowger, Arvest Bank sales manager, in a statement. "More consumers feel comfortable coming into your store, hopefully the more money they're going to spend in return."
There have been more than 6 million email accounts and credentials leaked over the past three months, as several major data breaches gave criminals a treasure trove of information. There are typically just 150,000 accounts stolen per month, according to Heimdal Security, so seeing more than 6 million is being seen as an epidemic.
"As a security company we only pick up a smaller part of what hackers actually have access to, and you have to remember that the 6 million accounts have only been discovered over the last three months," said Morten Kjaersgaard, Heimdal Security CEO. "The actual number could be 20 times as high or more."
The entire year has been a painful lesson in how evolved cybercriminals have become in their craft, as experts believe data breaches - and more compromised information - is likely to happen multiple times in the future.
Danish citizen Hammad Akbar pleaded guilty for advertising and selling StealthGenie, a spyware application designed to allow customers to snoop on mobile phones. Akbar will have to pay $500,000 and turn over source code, but avoided jail time for marketing the app.
StealthGenie allowed users to monitor phone calls, text messages, videos, and other communications on victims' smartphones. The spyware was able to be installed on Apple iPhones, Google Android smartphones, and BlackBerry devices, and was extremely difficult to detect on compromised devices.
"Mr. Akbar is the first-ever person to admit criminal activity in advertising and selling spyware that invades an unwitting victim's confidential communication," said Andrew McCabe, FBI Assistant Director in Charge, in a statement. "This illegal spyware provides individuals with an option to track a person's every move without their knowledge. As technology evolves, the FBI will continue to evolve to protect consumers from those who sell illegal spyware."
Panda Security collected 20 million new malware samples created worldwide, with an average of 227,747 new samples per day during Q3. The global infection rate increased from 36.87 percent up to 37.93 percent year-over-year, and Trojans are the most common type of malware. Trojans accounted for 78.08 percent of malware types, with viruses (8.89 percent) and worms (3.92 percent) also making an appearance.
Internet users face a cybersecurity threat from hackers, state-sponsored cybercriminals, and national government spy agencies - and trying to stay secure is rather difficult. China (49.83 percent), Peru (42.38 percent) and Bolivia (42.12 percent) are the three countries most targeted by cyberattacks, with nine European countries in the top ten most secure nations: Norway (23.07 percent), Sweden (23.44 percent), and Japan (24.02 percent) are the top three most secure.
"Over recent months cybercrime has continued growing," said Luis Corrons, PandaLabs Technical Director at Panda Security. "Cyber-crooks are still creating malware in order to infect as many computers as possible and access confidential data - but corporate environments have also come under attack. For example, over the last three months large companies have been the subjects of some scandals, such as the infamous 'Celebgate,' in which photos of actresses and models hosted on Apple's iCloud service were leaked, or the theft of Gmail and Dropbox passwords."
Europol is targeting cybercriminals suspected of using stolen debit and credit card information to purchase airline tickets. The large raid took place in 45 countries and 80 airports, with 118 people arrested - and airlines lose more than $1 billion per year due to fraudulently purchased tickets.
"Airlines are fighting credit card fraud on their ticket sales on daily basis," said Meta Backman, a Europol European airline fraud prevention group. "It is clear to the airlines that they are up against organized crime in this fight."
The Global Airport Action initiative will rely on better communication between local police, national police, and federal agencies working with airlines and credit card companies to identify suspected fraud. Credit card fraud was reportedly linked to human trafficking and truck trafficking, which will also be investigated by European authorities.
It seems like only a matter of time before another significant data breach hits US consumers, and it could happen before the end of the year. Many retailers don't have appropriate infrastructure in place to defend against cyberattacks, and the criminals are adapting their strategies to ensure they are successful. A recent study found 58 percent of retailers are now less secure than they were within the past year, as criminals can easily surpass firewalls and compromise customer data.
As more consumers shop online and head to local stores, it's the perfect storm for criminals to seize bulk debit and credit card data in a single breach. Meanwhile, some experts say the cost of expensive next-generation security solutions to be passed down to consumers, according to the study from BitSight Technologies.
"Bad guys know that this is a big shopping season," said Bob Ackerman, cybersecurity specialist and managing director of Allegis Capital. "Bad guys are on the prowl, they are active, and they know this is a time of year where there is a lot more fish that their net can capture."
Following a massive data breach that left 56 million debit and credit card details stolen, along with 53 million email addresses, the company spent $43 million during Q3 to deal with the aftermath. The company expects to receive $15 million reimbursement as part of a $100 million network liability insurance policy - and must now work to ensure the problem doesn't occur again.
Meanwhile, the company faces multiple lawsuits and will "incur significant legal and other professional services expenses" due to the incident. The company's payment card data network was complaint in fall 2013, and was undergoing 2014 certification when the breach occurred, according to an independent auditor.
"The forensic investigator working on behalf of the payment card networks may claim the company was not in compliance with those standards at the time of the data breach," Home Depot noted.
Former GCHQ boss Sir John Adye believes current generation biometrics need more control, as he has concerns related to fingerprint scanners used by the Apple iPhone 6 and other devices. Despite believing the use of biometrics is a positive step toward device security, Sir John also is concerned about what happens to people's data when using these devices.
Sir John called out Apple specifically, with Apple Pay now allowing users to make payments simply with their fingerprint.
"I think Apple has done some good things. They appear to have a good system at the moment for protecting their operating system so it's difficult for anyone outside to penetrate it and retrieve data from it. But how long will that last, because the criminals... are very inventive at finding ways in, and although you can protect it in that way on the device itself, what happens if the device is lost or stolen?"
Cybercriminals are having their way with companies and users, with distributed denial of service (DDoS) attacks growing in size - and sophistication - during Q3, according to reports. DDoS attacks 10 Mbps or above ramped up 38 percent from Q2 to Q3, according to the Verisign Distributed Denial of Service Trends Q3 2014 report, with the media and entertainment verticals most targeted.
Average attack size declined from Q2 to Q3, but that was because of an overwhelming number of attacks launched during the second quarter, the report states. "Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyberattackers targeting crucial ports to thwart legitimate traffic from reaching online destinations," according to the report.
Looking ahead to 2015, cybersecurity experts will certainly have their hands full, trying to defend against DDoS, malware, and advanced persistent threats (APTs) - as companies struggle to improve their network security.