TweakTown NewsRefine News by Category:
Research indicates a whopping 90 percent of the top 30 most visited Internet piracy websites in the United Kingdom contained some form of malware or "Potentially Unwanted Programs" (PUPs) to compromise user systems.
The piracy sites often rely on social engineering techniques to trick users into clicking fraudulent links: "These fake play buttons, and that sort of thing, are very much driven by the desire of people to download content," said according to the group. "We view it as a kind of social engineering attack on the users who are tricked into downloading stuff."
In an ongoing effort to combat piracy, copyright holders might have more success trying to inform users of the security threats they open themselves up to when downloading content - it would be a unique twist on sometimes rudimentary scare tactics.
England faced the largeset amount of mobile malware during the first quarter of 2014, with 15-20 malware files blocked for every 10,000 users, averaging to about one in every 500, according to security firm F-Secure. Following England, the United States, India and Germany each had five to 10 malware blocked per 10,000 users, with Saudi Arabia and Netherlands trailing behind.
Google is being urged to improve Android security, as it could face a drastic issue due to the massive amount of security threats.
Also in the report, F-Secure noted that 99 percent of malware during the quarter was aimed at the Android OS - though with software and hardware developers boosting security - many of the attempted intrusions weren't successful. A previous report found 97 percent of mobile malware is targeting Android devices, and threats in 2013 at least doubled year-over-year - with security specialists increasingly informing users to be vigilant about what they install on their smartphones and tablets.
Cybercriminals based in Nigeria are reportedly launching wire fraud attacks against U.S. companies, with private sector companies alerted to the potential threat, according to security firm TrustedSec. A number of U.S. companies are dealing with data breaches, while scores of others aren't even aware they've been affected.
The criminals are compromising third-party vendor or partner email accounts - specifically for accounting and invoicing - register a domain name to closely mimic the compromised company, and then the criminals will request refunds, lines of credit, or change orders. Sometimes this doesn't work, and they resort to email spoofing - all in an effort to get money wired from the impacted company to the criminals.
"The scary part with this one is that they are using already trusted third parties and already have knowledge of certain financials from these companies," said David Kennedy, TrustedSec founder, in a statement to SCMagazine. "The wire transfers are initiated because they already have a trust relationship with the company."
A whopping 99 percent of mobile threats during the first three months of 2014 targeted the Google Android platform, with 275 total Android threat families and variants, according to security firm F-Secure Labs. Compared to Q1 of 2013, Android faced 149 new threat families, as cybercriminals perfect their craft in an effort to compromise smartphones and tablets.
"These developments give us signs to the direction of malware authors," said Mikko Hypponen, F-Secure Chief Research Officer, in a press statement. "We'll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies."
The private sector has taken great interest in developing Android security - along with hardware manufacturers using the open source platform - but there is still a lot of work left to do. Companies also have found they need to do a better job speaking with Android users, alerting them of security threats, while teaching them how to remain more secure.
United States security officials are concerned that Russian-based hackers could retaliate for stricter sanctions, launching cyberattacks against the U.S. government and large corporations. Whether directly from the Russian government, or splinter support groups, there will continue to be an increased urgency to defend US infrastructure from foreign attack.
"A cyberattack is a real concern that we all need to have," said Paul Smocer, head of the industry Financial Services Roundtable, in a statement to the press. "Nation states' ability to launch the cyberattacks is certainly real nowadays, and so in any conflict, I think that the possibility exists as we worry about escalation."
The political situation between Russia and Ukraine already has led to cyberattacks, with the Kremlin being attacked in retaliation for targeted attacks against Ukrainian infrastructure. Unfortunately, the U.S. Department of Homeland Security has greatly struggled to try and recruit cybersecurity experts, while other government branches have voiced similar concerns.
Microsoft is currently working to patch a security bug that leaves users of Internet Explorer 6 to 11, which accounts for 55 percent of the Internet browser search market right now, exposed to targeted attacks from cybercriminals.
"It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors," said Vitor De Souza, FireEye spokesman, in a statement to Reuters. "It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering."
FireEye didn't disclose which cybercriminals groups are reportedly behind "Operation Clandestine Fox," and didn't say which companies might have been compromised. As expected, following the April 8 end of support deadline, Windows XP users won't receive an update for the IE bug. It's believed 15 to 25 percent of PCs currently use XP, so cybercriminals have a large pool of exposed PCs they can target.
Personal information of almost 27,000 University of Pittsburgh Medical Center (UPMC) employees has been exposed in a data breach first reported in February. For all employees with their Social Security Numbers stolen, they have received an advisory letter informing them that personal information is at risk.
"As of today, 788 employees have been the victims of tax fraud," according to Gloria Kreps, UPMC spokesperson. "We want to assure our patients that no patient information was breached. We are continuing to work with the IRS, Secret Service and FBI to determine the source of the breach. We continue to urge our employees to register with LifeLock as an important step to deter any additional fraudulent activity."
A previous UPMC statement reported just 322 affected employees following the breach, though that number is expected to go up. It's still unsure how the information was stolen, though criminals did find success filing fraudulent tax returns for UPMC workers.
Mobile security solutions designed to protect smartphones and tablets continues to evolve, and consumers should make use of such solutions, researchers point out. The Google Android platform, which is extremely popular worldwide, also has been targeted by cybercriminals trying to compromise devices.
Companies such as Samsung, which relies heavily on Android for its smartphones and tablets, has worked to ensure hardware boosts Android security efforts. Meanwhile, security companies are ramping up production of security software designed to keep users safer from malware, viruses, and other threats.
"The main task of a mobile security solution is to secure user data from cybercriminal actions and prevent the device from turning into a source of spam or other cyberattacks," said Viktor Chebyshev, Kaspersky Lab Mobile Threat Research Group Manager, in a press statement. "When a user chooses a solution, its impact on the device's performance often becomes a major factor. So it is important that a security product for smartphones and tablets ensures high-level protection against cyberthreats and, at the same time, does not affect the user experience."
An increase in the popularity of online gambling has created a successful underground market for money laundering, according to a new McAfee study.
To make matters worse, Internet anonymity and such a wide variety of payment options gives criminals the chance to exchange stolen funds, bitcoins, and currency.
"As a result, illegal proceeds can be laundered by wagering them on one end of a transaction and receiving the payouts as gambling wins on the other end," according to the McAfee report. "Gambling wins can also be exchanged as payment for illegal goods or services changing hands elsewhere."
The United States government and military face a hiring shortage of skilled cybersecurity experts, at a time when improving security on PCs and networks from foreign threat is a major effort. The Department of Homeland Security (DHS) is struggling due to complicated layers of bureaucracy that the government is notorious for installing.
"It's self-inflicted damage, it's not that they need something from Congress," said Alan Paller, co-chairman of a board designed to recommend how the DHS can improve its cybersecurity methods. "I called this out as a key issue or critical issue, which I don't think is solved."
Cybersecurity experts often find the private sector to be more lucrative, and tend to find it easier and more efficient to hire new staff. A Senate Homeland Security and Governmental Affairs Committee said the DHS will receive a streamlined ability to hire workers, but that in itself has proven to be a difficult task to work through.