TweakTown NewsRefine News by Category:
Danish citizen Hammad Akbar pleaded guilty for advertising and selling StealthGenie, a spyware application designed to allow customers to snoop on mobile phones. Akbar will have to pay $500,000 and turn over source code, but avoided jail time for marketing the app.
StealthGenie allowed users to monitor phone calls, text messages, videos, and other communications on victims' smartphones. The spyware was able to be installed on Apple iPhones, Google Android smartphones, and BlackBerry devices, and was extremely difficult to detect on compromised devices.
"Mr. Akbar is the first-ever person to admit criminal activity in advertising and selling spyware that invades an unwitting victim's confidential communication," said Andrew McCabe, FBI Assistant Director in Charge, in a statement. "This illegal spyware provides individuals with an option to track a person's every move without their knowledge. As technology evolves, the FBI will continue to evolve to protect consumers from those who sell illegal spyware."
Panda Security collected 20 million new malware samples created worldwide, with an average of 227,747 new samples per day during Q3. The global infection rate increased from 36.87 percent up to 37.93 percent year-over-year, and Trojans are the most common type of malware. Trojans accounted for 78.08 percent of malware types, with viruses (8.89 percent) and worms (3.92 percent) also making an appearance.
Internet users face a cybersecurity threat from hackers, state-sponsored cybercriminals, and national government spy agencies - and trying to stay secure is rather difficult. China (49.83 percent), Peru (42.38 percent) and Bolivia (42.12 percent) are the three countries most targeted by cyberattacks, with nine European countries in the top ten most secure nations: Norway (23.07 percent), Sweden (23.44 percent), and Japan (24.02 percent) are the top three most secure.
"Over recent months cybercrime has continued growing," said Luis Corrons, PandaLabs Technical Director at Panda Security. "Cyber-crooks are still creating malware in order to infect as many computers as possible and access confidential data - but corporate environments have also come under attack. For example, over the last three months large companies have been the subjects of some scandals, such as the infamous 'Celebgate,' in which photos of actresses and models hosted on Apple's iCloud service were leaked, or the theft of Gmail and Dropbox passwords."
Europol is targeting cybercriminals suspected of using stolen debit and credit card information to purchase airline tickets. The large raid took place in 45 countries and 80 airports, with 118 people arrested - and airlines lose more than $1 billion per year due to fraudulently purchased tickets.
"Airlines are fighting credit card fraud on their ticket sales on daily basis," said Meta Backman, a Europol European airline fraud prevention group. "It is clear to the airlines that they are up against organized crime in this fight."
The Global Airport Action initiative will rely on better communication between local police, national police, and federal agencies working with airlines and credit card companies to identify suspected fraud. Credit card fraud was reportedly linked to human trafficking and truck trafficking, which will also be investigated by European authorities.
It seems like only a matter of time before another significant data breach hits US consumers, and it could happen before the end of the year. Many retailers don't have appropriate infrastructure in place to defend against cyberattacks, and the criminals are adapting their strategies to ensure they are successful. A recent study found 58 percent of retailers are now less secure than they were within the past year, as criminals can easily surpass firewalls and compromise customer data.
As more consumers shop online and head to local stores, it's the perfect storm for criminals to seize bulk debit and credit card data in a single breach. Meanwhile, some experts say the cost of expensive next-generation security solutions to be passed down to consumers, according to the study from BitSight Technologies.
"Bad guys know that this is a big shopping season," said Bob Ackerman, cybersecurity specialist and managing director of Allegis Capital. "Bad guys are on the prowl, they are active, and they know this is a time of year where there is a lot more fish that their net can capture."
Following a massive data breach that left 56 million debit and credit card details stolen, along with 53 million email addresses, the company spent $43 million during Q3 to deal with the aftermath. The company expects to receive $15 million reimbursement as part of a $100 million network liability insurance policy - and must now work to ensure the problem doesn't occur again.
Meanwhile, the company faces multiple lawsuits and will "incur significant legal and other professional services expenses" due to the incident. The company's payment card data network was complaint in fall 2013, and was undergoing 2014 certification when the breach occurred, according to an independent auditor.
"The forensic investigator working on behalf of the payment card networks may claim the company was not in compliance with those standards at the time of the data breach," Home Depot noted.
Former GCHQ boss Sir John Adye believes current generation biometrics need more control, as he has concerns related to fingerprint scanners used by the Apple iPhone 6 and other devices. Despite believing the use of biometrics is a positive step toward device security, Sir John also is concerned about what happens to people's data when using these devices.
Sir John called out Apple specifically, with Apple Pay now allowing users to make payments simply with their fingerprint.
"I think Apple has done some good things. They appear to have a good system at the moment for protecting their operating system so it's difficult for anyone outside to penetrate it and retrieve data from it. But how long will that last, because the criminals... are very inventive at finding ways in, and although you can protect it in that way on the device itself, what happens if the device is lost or stolen?"
Cybercriminals are having their way with companies and users, with distributed denial of service (DDoS) attacks growing in size - and sophistication - during Q3, according to reports. DDoS attacks 10 Mbps or above ramped up 38 percent from Q2 to Q3, according to the Verisign Distributed Denial of Service Trends Q3 2014 report, with the media and entertainment verticals most targeted.
Average attack size declined from Q2 to Q3, but that was because of an overwhelming number of attacks launched during the second quarter, the report states. "Rather than using volumetric attacks to overwhelm servers, organizations should be wary of cyberattackers targeting crucial ports to thwart legitimate traffic from reaching online destinations," according to the report.
Looking ahead to 2015, cybersecurity experts will certainly have their hands full, trying to defend against DDoS, malware, and advanced persistent threats (APTs) - as companies struggle to improve their network security.
Company executives should be concerned - and prepared - if their company ends up getting hit by a successful cyberattack, possibly leading to a data breach. However, a general misconception that the IT staff is proactive and ready to defend against cyberattacks often is not the case, especially with overworked IT teams unable to keep up.
Although there are steps to make a data breach preventable, they certainly aren't fool-proof - and every company should have plans in place if a breach occurs.
It's also worth noting that cybercrime is done for a number of reasons, and it's not just about stealing personal information, such as debit and credit card data. Although that appears to be the basis of the Target, Home Depot and other retailer breaches, there is a growing worry of cyberespionage targeting companies and their host nation.
News of malware attacks targeting point-of-sale (POS) systems became common place in 2014, and the problems are spreading away from retailer checkouts. The d4re|dev1 (daredevil) malware is able to compromise Harmony WinPOS, Figure Gemini POS, OSIPOS Retail Management System, and QuickBooks Point of Sale - able to launch keylogging features and can be used as an advanced backdoor.
Next-generation security measures are needed to help keep POS malware in check, and that doesn't seem to be happening soon enough.
"IntelCrawler believes that such kind of devices will become the new target for cybercriminals," the company said in a blog post. "These kiosks and ticket machines don't usually house large daily lots of money like ATMs, but many have insecure methods of remote administration allowing for infections payloads and the exfiltration of payment data in an ongoing and undetected scheme."
The Southern District of Texas offered a misdemeanor plea deal to hacker Fidel Salinas, 28, just a few months after the hacker was charged with 44 felony counts of computer fraud and cyberstalking. Each count had a maximum 10-year prison sentence, totaling a potential 440 years in prison.
Instead, the suspected Anonymous-linked hacker plead guilty to one misdemeanor count of computer fraud and abuse - and must also pay $10,000. He faces up to one year in prison when sentenced on February 2, 2015, and his attorney will argue the monetary restitution is enough.
Salinas reportedly tried to access the Hidalgo County administrative website, using a script that racked up more than 14,000 access attempts. The brute force attack led county IT administrators to be locked out of the system themselves.