TweakTown NewsRefine News by Category:
Chinese iCloud users are under attack, likely by Chinese government state-sponsored hackers, in an effort to compromise Apple iPhone 6 and iPhone 6 Plus users. Users are hijacked by data that is routed through a malicious third party, utilizing a self-signed certificate that makes victims believe they are accessing iCloud through the SSL-protected service.
It wouldn't be surprising to hear the Chinese government wants to compromise users - especially with security researchers noting potential gaps in iCloud security - as the "great firewall" of China undergoing change. Despite the Chinese government trying to clamp down on what Internet users have access to, there are a number of ways to bypass security.
"This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud, such as iMessages, photos, and contacts," according to the Great Fire Chinese Internet freedom group. "If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities."
Cybercriminals targeting free and open source software continue to rattle developers and consumers, with high-profile attacks hitting security flaws that should have been resolved. Specifically, the Heartbleed and Shellshock exploits have led to an increased demand from private companies and the U.S. government to step up programming assistance, but that hasn't been well received among many open source developers. However, it has provided a much-needed wakeup call that open source software should be monitored more closely to prevent such high-profile breaches.
"It's going to be a wake-up call for a lot of people to understand why we aren't auditing this software better," said Greg Martin, Threat Stream Inc founder and chief technology officer. "Everybody's been scratching their heads and saying, 'How could we miss this?'"
Hackers are increasingly organized - and well-funded - and that has made it difficult to defend against attacks, especially open source software. In theory, open source software provides a much larger pool of developers to help fix flaws, but others say proprietary software is more secure since the code is closed off from the public.
Even with FBI Director James Comey speaking out against Google and Apple providing encryption security on smartphone devices, Apple shipped its Yosemite OS with FileVault by default. The FBI - and other government agencies - are worried that encryption will prevent law enforcement from cracking down on criminals... or so they say.
"With Apple's new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default," Comey recently said. "Shortly after Apple's announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won't be able to unlock phones, laptops, and tablets to reveal photos, documents, email, and recordings stored within."
It's impressive to see Google, Apple and other tech companies trying to put customers first - as many users become more concerned about security - and not listening to the FBI's rather questionable concerns.
Russian hackers have generated an estimated $2.5 billion over the past year, as state-sponsored groups are able to breach companies in the United States and Western Europe. The Target breach, impacting millions of customers, helped them generate a tremendous amount of revenue, according to the Group-IB report.
Stealing and selling credit card information - among other personal information - helped the groups generate $680 million, with financial fraud also raking in $426 million. In addition to the Target breach, The Home Depot was recently compromised, with Russian-based hackers likely involved.
Both Russia and China have been named major threats to the United States, launching organized cyberattacks with a focus on corporate espionage and compromising users. Unfortunately, hackers are better organized and able to compromise point-of-sale (POS) terminals in retail stores, hack ATM machines, and steal consumer personal information at a rapid pace.
A growing number of U.S. retailers are being victimized by data breaches, leading to millions of consumers at risk of identity theft and fraud - and now President Obama has stepped in, signing an executive order to enforce increased payment security measures. The federal government will now use chip-and-PIN technology for all government credit cards, providing an additional layer of security for all agencies that handle monetary payments.
"We applaud the administration for taking proactive and positive steps by adopting PIN and chip technology for government-issued debit and credit cards, among other things," said Matthew Shay, National Retail Foundation (NRF) CEO, in a statement. "From insisting our PIN and chip cards to facilitating greater information sharing among retailers and other sectors, we are committed to finding the right answers with the latest technologies to stop these cyber thieves."
Moving forward, the President also wants additional transparency when companies suffer a data breach and consumers are impacted. Meanwhile, WalMart, Home Depot, Target, Walgreens, and other retailers plan to use chip-and-PIN point-of-sale (POS) terminals in their retail stores, starting in early 2015.
Credit card company MasterCard is rolling out a new contactless payment card in 2015 that uses a fingerprint sensor. The company partnered with Zwipe, which wants to replace a debit card PIN number or credit card signature, with a fingerprint. Consumers just wave the card near an NFC reader at the checkout, with biometric authentication reportedly safer than a chip and PIN system.
The card will roll out to the UK market in 2015, after a trial run conducted in Norway. The card doesn't require a battery and will harvest power from the contactless till at the payment terminal each time it's used. Fingerprint data is stored directly on the card, so MasterCard and retailers won't have an external database that could be breached.
"Our belief is that we should be able to identify ourselves without having to use passwords or pin numbers," said Ajay Bhalla, MasterCard president of enterprise security solutions. "Biometric authentication can help us achieve this."
U.S. FBI Director James Comey isn't a big fan of the encryption technologies used by Google Android and Apple iOS devices, saying they could interfere with police investigations. The FBI were able to use court orders to gain access to devices, but there is a growing number of law enforcement unable to crack into phones, tablets and laptops.
"If this becomes the norm, I suggest to you that homicide cases could be stalled, suspects walked free, child exploitation not discovered and prosecuted," Comey said.
Comey's comments are ill-timed, as American smartphone owners aren't impressed by government surveillance and snooping - revelations made public by former NSA contractor Edward Snowden last year.
The FBI has recently issued a warning to U.S. companies that potential Chinese state-sponsored hackers have unleashed another wave of cyberattacks - and it appears targeting customers and conducting cyber espionage are the top goals. The memo sent to corporations warns them who is suspected of targeting them, and the methods they are using to gain access.
"The FBI has recently observed online intrusions that we attribute to Chinese government affiliated actors," said Josh Campbell, FBI spokesperson. "Private sector security firms have also identified similar intrusions and have released defensive information related to those intrusions."
The threat of foreign-based cyberattacks is nothing new, but the hackers - largely sponsored by governments - have continued to evolve their attack strategies. Trying to stifle their success has proven to be extremely difficult, while millions of U.S. citizens have been caught in the cross fire.
The CryptoWall ransomware has migrated to the TOR network, encrypting critical files that are necessary to conduct day-to-day operations for business users. Ideally for the cybercriminals, users won't be able to rely on a backup and the company will instead choose to pay the ransom for access to their own PCs and servers. Using TOR makes CryptoWall 2.0 more difficult to track down and remove, giving cybercriminals a potential goldmine as they victimize businesses.
KnowBe4 was contacted by a company that was hit by the new variant of CryptoWall, with the IT admin's computer infected - which spread to seven servers in just one hour, shutting down the entire server farm. Despite having recent backups that could be used, there would be too much downtime to recover data and have the servers operational in a timely manner.
"The cyber criminals hit pay dirt with this one and the admin ended up paying the ransom, 1.3 bitcoin, rather than face the serious costs caused by days of downtime," said Stu Sjouwerman, KnowBe4 CEO, in a press statement. "This is the next generation of ransomware and you can expect this new version to spread like wildfire."
Around 100 cybercriminal kingpins help wreak havoc on the world, according to Troels Oerting, the head of the Europol Cybercrime Center. Trying to crack down on cybercriminals can be a daunting task, especially trying to bring them to justice, as Web-based attack activity largely remains a borderless bureaucratic nightmare.
"We roughly know who they are," Oerting recently said. "If we can take them out of the equation then the rest will fall down. This is not a static number, it will increase unfortunately. We can still cope but the criminals have more resources and they do not have obstacles. They are driven by greed and profit and they produce malware at a speed that we have difficulties catching up with."
Not surprisingly, many of the leading cybercriminal bosses are in Russian-speaking countries - though cybersecurity experts also warned of growing threats from China. Trying to bring these criminals to justice is near impossible, with Russia and other Eastern European nations ignoring the western world when it comes to apprehending these criminals, Europol noted.