TweakTown NewsRefine News by Category:
Launching social engineering attacks, typically using phishing tactics, will remain a success for cybercriminals - and companies struggle to teach their employees how to detect and avoid these attacks. Phishing emails often trick employees to turn over usernames and passwords, or install some type of file with malware.
"Phishing relies on human mistakes, not technology, so the number one way to combat this particularly effective form of social engineering is to raise awareness enterprise-wide," said Joe Caruso, CEO and CTO of Global Digital Forensics. "Time is your enemy after a cyber breach or incident, so every second counts. The faster the problem is identified and eradicated, the less costly it will be in the long run for the entire organization."
As more people embrace mobile devices, such as smartphones and tablets, cybercriminals are adjusting their attack strategies. More employees are using their personal devices for work, and criminals have the opportunity to steal personal and corporate information.
Sony Pictures Entertainment has tasked cybersecurity firm Mandiant with helping it clean up after a vicious cyberattack that knocked its computer networks offline last week. The "Guardians of Peace" claimed responsibility for the attack, saying they stole terabytes of data from SPE, with SPE's IT team unable to defend against the attack.
The SPE email system is expected to be restored by end of business tomorrow, while Sony executives remain relatively quiet about the incident.
It is a lucrative time to be in cybersecurity, as companies are turning to private sector companies for additional consultations - as cyberattacks are on the rise, with criminals able to steal internal data, disrupt daily work activities, and compromise customers.
Forget China and Russia - Sony Pictures Entertainment is investigating a major cyberattack that could have originated from North Korea. The attack crippled SPE's email and computer systems since Monday, interrupting employee operations throughout the short holiday week. Several movies being promoted by SPE were also impacted, as Twitter feeds were disrupted by the cyberattack.
The "Guardians of Peace" group claimed responsibility for the attack, and said it has a large amount of internal Sony data that it has taken. GOP is reportedly preparing a "volume of the data" to the Internet in the immediate future.
SPE is the studio behind "The Interview," a geopolitical satire that features James Franco and Seth Rogen as a talk show host and producer turned American operatives tasked with killing Kim Jong Un.
The use of credit cards with magnetic chips in the United States is slowly but surely being replaced by new chip and PIN cards that are more secure. However, retailers need to make sure their employees are properly trained in how to accept payments with chip and PIN cards, especially with some retailers replacing their own magnetic cards with the newer security.
Target, which suffered a massive breach at the end of 2013, is rolling out support for chip and PIN cards - and other retailers that suffered data breaches are expected to follow suit. But customers are finding checkout to be a tedious process when cashiers are unsure how to handle this new this payment process, however, the growing pains should prove to be worth it.
The use of chip and PIN technology will likely begin to transition from large retailers down to smaller businesses, as they discover its added security benefits. "It's about the peace of mind for the consumer, right?" said Shane Cowger, Arvest Bank sales manager, in a statement. "More consumers feel comfortable coming into your store, hopefully the more money they're going to spend in return."
There have been more than 6 million email accounts and credentials leaked over the past three months, as several major data breaches gave criminals a treasure trove of information. There are typically just 150,000 accounts stolen per month, according to Heimdal Security, so seeing more than 6 million is being seen as an epidemic.
"As a security company we only pick up a smaller part of what hackers actually have access to, and you have to remember that the 6 million accounts have only been discovered over the last three months," said Morten Kjaersgaard, Heimdal Security CEO. "The actual number could be 20 times as high or more."
The entire year has been a painful lesson in how evolved cybercriminals have become in their craft, as experts believe data breaches - and more compromised information - is likely to happen multiple times in the future.
Danish citizen Hammad Akbar pleaded guilty for advertising and selling StealthGenie, a spyware application designed to allow customers to snoop on mobile phones. Akbar will have to pay $500,000 and turn over source code, but avoided jail time for marketing the app.
StealthGenie allowed users to monitor phone calls, text messages, videos, and other communications on victims' smartphones. The spyware was able to be installed on Apple iPhones, Google Android smartphones, and BlackBerry devices, and was extremely difficult to detect on compromised devices.
"Mr. Akbar is the first-ever person to admit criminal activity in advertising and selling spyware that invades an unwitting victim's confidential communication," said Andrew McCabe, FBI Assistant Director in Charge, in a statement. "This illegal spyware provides individuals with an option to track a person's every move without their knowledge. As technology evolves, the FBI will continue to evolve to protect consumers from those who sell illegal spyware."
Panda Security collected 20 million new malware samples created worldwide, with an average of 227,747 new samples per day during Q3. The global infection rate increased from 36.87 percent up to 37.93 percent year-over-year, and Trojans are the most common type of malware. Trojans accounted for 78.08 percent of malware types, with viruses (8.89 percent) and worms (3.92 percent) also making an appearance.
Internet users face a cybersecurity threat from hackers, state-sponsored cybercriminals, and national government spy agencies - and trying to stay secure is rather difficult. China (49.83 percent), Peru (42.38 percent) and Bolivia (42.12 percent) are the three countries most targeted by cyberattacks, with nine European countries in the top ten most secure nations: Norway (23.07 percent), Sweden (23.44 percent), and Japan (24.02 percent) are the top three most secure.
"Over recent months cybercrime has continued growing," said Luis Corrons, PandaLabs Technical Director at Panda Security. "Cyber-crooks are still creating malware in order to infect as many computers as possible and access confidential data - but corporate environments have also come under attack. For example, over the last three months large companies have been the subjects of some scandals, such as the infamous 'Celebgate,' in which photos of actresses and models hosted on Apple's iCloud service were leaked, or the theft of Gmail and Dropbox passwords."
Europol is targeting cybercriminals suspected of using stolen debit and credit card information to purchase airline tickets. The large raid took place in 45 countries and 80 airports, with 118 people arrested - and airlines lose more than $1 billion per year due to fraudulently purchased tickets.
"Airlines are fighting credit card fraud on their ticket sales on daily basis," said Meta Backman, a Europol European airline fraud prevention group. "It is clear to the airlines that they are up against organized crime in this fight."
The Global Airport Action initiative will rely on better communication between local police, national police, and federal agencies working with airlines and credit card companies to identify suspected fraud. Credit card fraud was reportedly linked to human trafficking and truck trafficking, which will also be investigated by European authorities.
It seems like only a matter of time before another significant data breach hits US consumers, and it could happen before the end of the year. Many retailers don't have appropriate infrastructure in place to defend against cyberattacks, and the criminals are adapting their strategies to ensure they are successful. A recent study found 58 percent of retailers are now less secure than they were within the past year, as criminals can easily surpass firewalls and compromise customer data.
As more consumers shop online and head to local stores, it's the perfect storm for criminals to seize bulk debit and credit card data in a single breach. Meanwhile, some experts say the cost of expensive next-generation security solutions to be passed down to consumers, according to the study from BitSight Technologies.
"Bad guys know that this is a big shopping season," said Bob Ackerman, cybersecurity specialist and managing director of Allegis Capital. "Bad guys are on the prowl, they are active, and they know this is a time of year where there is a lot more fish that their net can capture."
Following a massive data breach that left 56 million debit and credit card details stolen, along with 53 million email addresses, the company spent $43 million during Q3 to deal with the aftermath. The company expects to receive $15 million reimbursement as part of a $100 million network liability insurance policy - and must now work to ensure the problem doesn't occur again.
Meanwhile, the company faces multiple lawsuits and will "incur significant legal and other professional services expenses" due to the incident. The company's payment card data network was complaint in fall 2013, and was undergoing 2014 certification when the breach occurred, according to an independent auditor.
"The forensic investigator working on behalf of the payment card networks may claim the company was not in compliance with those standards at the time of the data breach," Home Depot noted.