TweakTown NewsRefine News by Category:
Cybercriminals are having their way with companies and users, with distributed denial of service (DDoS) attacks growing in size - and sophistication - during Q3, according to reports. DDoS attacks 10 Mbps or above ramped up 38 percent from Q2 to Q3, according to the Verisign Distributed Denial of Service Trends Q3 2014 report, with the media and entertainment verticals most targeted.
Average attack size declined from Q2 to Q3, but that was because of an overwhelming number of attacks launched during the second quarter, the report states. "Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyberattackers targeting crucial ports to thwart legitimate traffic from reaching online destinations," according to the report.
Looking ahead to 2015, cybersecurity experts will certainly have their hands full, trying to defend against DDoS, malware, and advanced persistent threats (APTs) - as companies struggle to improve their network security.
Company executives should be concerned - and prepared - if their company ends up getting hit by a successful cyberattack, possibly leading to a data breach. However, a general misconception that the IT staff is proactive and ready to defend against cyberattacks often is not the case, especially with overworked IT teams unable to keep up.
Although there are steps to make a data breach preventable, they certainly aren't fool-proof - and every company should have plans in place if a breach occurs.
It's also worth noting that cybercrime is done for a number of reasons, and it's not just about stealing personal information, such as debit and credit card data. Although that appears to be the basis of the Target, Home Depot and other retailer breaches, there is a growing worry of cyberespionage targeting companies and their host nation.
News of malware attacks targeting point-of-sale (POS) systems became common place in 2014, and the problems are spreading away from retailer checkouts. The d4re|dev1 (daredevil) malware is able to compromise Harmony WinPOS, Figure Gemini POS, OSIPOS Retail Management System, and QuickBooks Point of Sale - able to launch keylogging features and can be used as an advanced backdoor.
Next-generation security measures are needed to help keep POS malware in check, and that doesn't seem to be happening soon enough.
"IntelCrawler believes that such kind of devices will become the new target for cybercriminals," the company said in a blog post. "These kiosks and ticket machines don't usually house large daily lots of money like ATMs, but many have insecure methods of remote administration allowing for infections payloads and the exfiltration of payment data in an ongoing and undetected scheme."
The Southern District of Texas offered a misdemeanor plea deal to hacker Fidel Salinas, 28, just a few months after the hacker was charged with 44 felony counts of computer fraud and cyberstalking. Each count had a maximum 10-year prison sentence, totaling a potential 440 years in prison.
Instead, the suspected Anonymous-linked hacker plead guilty to one misdemeanor count of computer fraud and abuse - and must also pay $10,000. He faces up to one year in prison when sentenced on February 2, 2015, and his attorney will argue the monetary restitution is enough.
Salinas reportedly tried to access the Hidalgo County administrative website, using a script that racked up more than 14,000 access attempts. The brute force attack led county IT administrators to be locked out of the system themselves.
A well-known Ukrainian hacker, Andrey Hodirevski, is reportedly linked to the massive Target breach that hit the retailer in late 2013. Hodirevski is a prominent cybercriminal and carder, and while no public information has proven his link to the breach, cybersecurity experts wouldn't necessarily be surprised if he played a role in the operation.
"He has a high reputation and credibility among other carders and hackers," said Dmitry Volkov, head of the Group-IB computer security firm. "He is not just another carder."
There is significant concern of cyberattacks targeting retailers, exposing millions of customers, as companies seem to be unable to stop these types of attacks from happening.
Anonymous has continued its #OPKKK campaign against members of the Ku Klux Klan in Missouri, after the group brazenly challenged the hacker collective online. The @KuKluxKlanUSA Twitter account was compromised last week, and the hacking fun was only beginning for Anonymous.
I won't link directly to the dox page, but it doesn't take much imagination into how one would easily find the information posted online, courtesy of Anonymous. Frank Ancona, the "KKK Imperial Wizard," had his address, phone number, Social Security number, credit card information, and other personal information - with the dox also targeting his wife - posted online.
Anonymous also might target government websites and infrastructure in Missouri to respond for the Grand Jury failing to indict Officer Darren Wilson: "We find it disturbing that you, the grand jury, have chosen this patch as everyone will not choose to stand calm and let you choose to let him walk free. As you've seen all the riots and businesses, police cars, etc., being burned down while Anonymous shall target any Missouri government or bank sites now, so you better increase your security because we're here and we're not going to stand by and watch you let this man walk free."
Former NSA contractor Edward Snowden was disgusted by NSA and GCHQ mass surveillance activities, and disclosed the questionable actions of both agencies. However, multiple lawmakers and politicians have spoken out against his actions, saying he has put military personnel and intelligence agents at risk.
British lawmakers hope to push the Communications Data Bill, which would force ISPs and mobile service carriers to keep Internet browsing activity, social media, email correspondence, voice calls, Internet gaming activity, texting, and other records on file for a minimum of 12 months. Phone and email contact data is already retained due to the Data Retention Regulations 2014 bill.
"Consequently there are people dying who actually would now be alive," said Lord West, a former UK security minister and Navy admiral. "It is now critical that we move forward the Communications Data Bill that was paused so unreasonably because there is a very real danger that unless we do this, I think it is not exaggerating to say that people will die in this country who would have been safe if that had been in place."
Sigurdur Thordarson, a computer hacker and former Wikileaks associate, has pleaded guilty for embezzling at least $240,000 from the group. Operating under the name of "Siggi the Hacker," the Icelandic man claims he also became an FBI informant in 2011, though rejected accusations he stole any funds from the group.
"After going over the charges thoroughly and speaking with my client, he has decided to plead guilty to all charges," said Vilhjalmur Vilhjalmsson, the hacker's attorney, noted. It was a surprising announcement, but Thordarson changed his mind - and his reasoning remains unknown - but he will face sentencing in Iceland sometime in the future.
"He was a volunteer who abused his position through fraud to obtain money from T-shirts and coffee mugs just after we were imposed with the banking blockade," said Kristinn Hrafnsson, Wikileaks representative. "We lodged a complaint in Denmark pertaining to a meeting that took place between him and FBI agents in 2011. We want that to be probed on the basis that it was an illegal operation according to Danish law."
The British government requested data on one journalist as part of Operation Elveden, focused on alleged bribes made to public officials for information, and "accidentally" received data on 1,000 News UK staff. Vodafone said there was some type of human error that led to the extra data being supplied, while police officials said they returned the information.
Police wanted information focused on one journalists that worked for News UK from 2005 to 2007, and used the Regulation of Investigatory Powers Act (RIPA) to receive the data - and the information was returned back to Vodafone after about four months.
"Unfortunately, there was a human error during the processing of this information - which was drawn manually from a legacy system - as a consequence of which the Met Police were supplied with a corrupted dataset containing a significantly higher volume of metadata than had been the focus of the warrant received by Vodafone. The metadata in question relates to call logs and other information, such as pricing data, not the content or location of any communications."
One-third of consumers are careless when making online transactions, opening them up to potential security problems, according to the Kaspersky Lab Consumer Security Risks Survey. Only 58 percent of Google Android smartphone users utilize a security solution on their mobile device, and 30 percent of consumers are storing financial data on their phones and tablets.
Kaspersky offers the following advice: Don't use public Wi-Fi while shopping online, and ensure there is a mobile security solution installed if using a smartphone or tablet. Always turn off Bluetooth and switch to cellular when using a mobile device.
"When people ignore safety measures they can fall victim to cybercriminals," said Ross Hogan, Kaspersky Lab Global Head of the Fraud Protection Division. "However, the banks often end up having to pay for that negligence. With so many careless users, banks and e-payment systems operators must ensure themselves against financial and reputational risks by using specialized security solutions that can prevent cybercrime."