TweakTown NewsRefine News by Category:
A whopping 99 percent of mobile threats during the first three months of 2014 targeted the Google Android platform, with 275 total Android threat families and variants, according to security firm F-Secure Labs. Compared to Q1 of 2013, Android faced 149 new threat families, as cybercriminals perfect their craft in an effort to compromise smartphones and tablets.
"These developments give us signs to the direction of malware authors," said Mikko Hypponen, F-Secure Chief Research Officer, in a press statement. "We'll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies."
The private sector has taken great interest in developing Android security - along with hardware manufacturers using the open source platform - but there is still a lot of work left to do. Companies also have found they need to do a better job speaking with Android users, alerting them of security threats, while teaching them how to remain more secure.
United States security officials are concerned that Russian-based hackers could retaliate for stricter sanctions, launching cyberattacks against the U.S. government and large corporations. Whether directly from the Russian government, or splinter support groups, there will continue to be an increased urgency to defend US infrastructure from foreign attack.
"A cyberattack is a real concern that we all need to have," said Paul Smocer, head of the industry Financial Services Roundtable, in a statement to the press. "Nation states' ability to launch the cyberattacks is certainly real nowadays, and so in any conflict, I think that the possibility exists as we worry about escalation."
The political situation between Russia and Ukraine already has led to cyberattacks, with the Kremlin being attacked in retaliation for targeted attacks against Ukrainian infrastructure. Unfortunately, the U.S. Department of Homeland Security has greatly struggled to try and recruit cybersecurity experts, while other government branches have voiced similar concerns.
Microsoft is currently working to patch a security bug that leaves users of Internet Explorer 6 to 11, which accounts for 55 percent of the Internet browser search market right now, exposed to targeted attacks from cybercriminals.
"It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors," said Vitor De Souza, FireEye spokesman, in a statement to Reuters. "It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering."
FireEye didn't disclose which cybercriminals groups are reportedly behind "Operation Clandestine Fox," and didn't say which companies might have been compromised. As expected, following the April 8 end of support deadline, Windows XP users won't receive an update for the IE bug. It's believed 15 to 25 percent of PCs currently use XP, so cybercriminals have a large pool of exposed PCs they can target.
Personal information of almost 27,000 University of Pittsburgh Medical Center (UPMC) employees has been exposed in a data breach first reported in February. For all employees with their Social Security Numbers stolen, they have received an advisory letter informing them that personal information is at risk.
"As of today, 788 employees have been the victims of tax fraud," according to Gloria Kreps, UPMC spokesperson. "We want to assure our patients that no patient information was breached. We are continuing to work with the IRS, Secret Service and FBI to determine the source of the breach. We continue to urge our employees to register with LifeLock as an important step to deter any additional fraudulent activity."
A previous UPMC statement reported just 322 affected employees following the breach, though that number is expected to go up. It's still unsure how the information was stolen, though criminals did find success filing fraudulent tax returns for UPMC workers.
Mobile security solutions designed to protect smartphones and tablets continues to evolve, and consumers should make use of such solutions, researchers point out. The Google Android platform, which is extremely popular worldwide, also has been targeted by cybercriminals trying to compromise devices.
Companies such as Samsung, which relies heavily on Android for its smartphones and tablets, has worked to ensure hardware boosts Android security efforts. Meanwhile, security companies are ramping up production of security software designed to keep users safer from malware, viruses, and other threats.
"The main task of a mobile security solution is to secure user data from cybercriminal actions and prevent the device from turning into a source of spam or other cyberattacks," said Viktor Chebyshev, Kaspersky Lab Mobile Threat Research Group Manager, in a press statement. "When a user chooses a solution, its impact on the device's performance often becomes a major factor. So it is important that a security product for smartphones and tablets ensures high-level protection against cyberthreats and, at the same time, does not affect the user experience."
An increase in the popularity of online gambling has created a successful underground market for money laundering, according to a new McAfee study.
To make matters worse, Internet anonymity and such a wide variety of payment options gives criminals the chance to exchange stolen funds, bitcoins, and currency.
"As a result, illegal proceeds can be laundered by wagering them on one end of a transaction and receiving the payouts as gambling wins on the other end," according to the McAfee report. "Gambling wins can also be exchanged as payment for illegal goods or services changing hands elsewhere."
The United States government and military face a hiring shortage of skilled cybersecurity experts, at a time when improving security on PCs and networks from foreign threat is a major effort. The Department of Homeland Security (DHS) is struggling due to complicated layers of bureaucracy that the government is notorious for installing.
"It's self-inflicted damage, it's not that they need something from Congress," said Alan Paller, co-chairman of a board designed to recommend how the DHS can improve its cybersecurity methods. "I called this out as a key issue or critical issue, which I don't think is solved."
Cybersecurity experts often find the private sector to be more lucrative, and tend to find it easier and more efficient to hire new staff. A Senate Homeland Security and Governmental Affairs Committee said the DHS will receive a streamlined ability to hire workers, but that in itself has proven to be a difficult task to work through.
While the bitcoin cryptocurrency remains popular among supporters, trying to mine bitcoins effectively has proven difficult. However, cybercriminals are hijacking everything from smartphones and tablets to servers in their effort to cash in on distributed computing and mining. And these hijacked apps are now being found in the Google Play store, with users downloading these apps before they are spotted.
Security experts recommend all mobile users utilize some type of anti-malware and anti-virus software solutions, though that is especially true for users suffering from battery life problems.
Cybercriminals are finding Android's open source architecture - and the Google Play store - great assets in their effort to steal information and compromise users. A recent Iowa State University (ISU) data breach, which opened up to 30,000 to potential identity theft, was caused by criminals trying to hijack servers to mine for bitcoins.
After an extended discussion on the Senate floor, California legislators shot down mandatory smartphone kill switch legislation pushed by Sen. Mark Leno and San Francisco District Attorney George Gascon. Leno plans to ask the Senate to vote on the bill again in the near future, hoping to sway a few more lawmakers before the second vote.
The bill received 19 votes in favor, falling short of the 21 necessary from the 40-member Chamber in Sacramento. Lawmakers remain concerned that mandatory legislation would be too strict and prevent companies from opening up shop in California.
Smartphone manufacturers and wireless carriers have been hesitant to embrace kill switches, though have agreed to offer voluntary solutions starting after July 2015. The addition of smartphone kill switches would help consumers save up to $2.6 billion per year, with metropolitan areas continuing to see a rise in smartphone robbery and theft.
Cybercriminals have a large arsenal of different methods and tools to compromise users and corporations, but 92 percent of 100,000 security incidents analyzed by Verizon can be traced to nine basic attack patterns.
"After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime - and the bad guys are winning," said Wade Baker, Data Breach Investigations Report principal author, in a press release. "But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effective and strategically."
The following are listed as the nine most typical threat patterns: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial of service attacks; cyberespionage; point-of-sale intrusions; and payment card skimmers.