Hacking, Security & Privacy - Page 28

Cybercriminals have their pick of vulnerable targets to compromise, and want to focus more on conducting identity theft over just stealing payment information.

After a data breach, especially if a debit or credit card information has been stolen, compromised users ask their banks to cancel cards. However, a data breach in which names, addresses, Social Security numbers and other personal data are stolen give criminals the ability to take their time to launch future attacks.

"We're clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number," said Tsion Gonen, VP of strategy for identity and data protection of Gemalto. "Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes."

Antivirus products missed almost 70 percent of malware infections within the first hour of submission, according to Damballa's "Q4 2014 State of Infections Report." In addition, only 66 percent of malware signatures were accurately identified when rescanned within 24 hours of infection - with that number going up to 72 percent within seven days.

Antivirus security companies share malicious file findings with one another, but it takes time for new discoveries to be integrated into their own programs.

"What's clear from these figures is that we have to turn the table on infection 'dwell' time," said Brian Foster, CTO of Damballa. "In much that same way that a flu vaccine hinges on making 'best-guess' decisions about the most prevalent virus strains - AV is only effective for some of the people some of the time. Viruses morph and mutate and new ones can appear in the time it takes to address the most commonly found malware."

Anthem's recent data breach should be a startling wakeup call to other insurance carriers and companies operating in the medical world.

Up to 80 million of the company's members could be at risk of identity theft, with hackers able to make off with client names, physical mailing addresses, birth dates, email addresses, Social Security numbers and medical ID data.

The cost of the breach could top $100 million, as Anthem's cyberinsurance policy will likely be exhausted following this incident.

Automakers want to embrace connected technology in new vehicles, but have failed to ensure proper cybersecurity protocols are available, according to Sen. Edward Markey (D - Mass.). The Senator believes almost all connected vehicles are vulnerable to some type of security risk, according to Markey's staff.

Following a number of security-related incidents showed connected cars are vulnerable, Markey wants to know what safeguards are being put in place to keep car owners secure. The report indicated "there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information."

"Drivers have come to rely on these new technologies, but unfortunately the automakers haven't done their part to protect us from cyberattacks or privacy invasions," Sen. Markey said in a statement.

The recent breach of Anthem was a brutal wakeup call that cybercriminals want personal records, and healthcare data is near the top of their list. UnitedHealth Group, Aetna and other groups have issued cybercrime-related warnings since 2011, but it didn't seem like a major concern among members until recently.

"A name, address, social and a medical identity... that's incredibly easy to monetize fairly quickly," said Bob Gregg, CEO of ID Experts, in a statement published by Reuters. Cybersecurity experts have warned that health-related data tends to be extremely lucrative on the black market.

Organized groups will try to target healthcare providers in an effort to compromise insurance companies, hospitals, doctor's offices, and medical equipment makers - with companies urged to improve their cybersecurity protocols.

More than 60 percent of popular dating mobile apps pose significant cybersecurity risks, with personal user information and corporate data at risk.

Twenty six of 41 dating apps available for Google Android had medium or high severity vulnerabilities, according to the IBM Security researchers. In addition, dating apps are being used to download malware, along with credit card data stolen and GPS information used to track movements.

"Many consumers use and trust their mobile phones for a variety of applications," said Caleb Barlow, VP of IBM Security. "It is this trust that gives hackers the opportunity to exploit vulnerabilities like the ones we found in these dating apps. Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship."

The introduction of smartphone kill switches by manufacturers and wireless carriers helped reduce the number of device thefts in New York City, San Francisco, and London, supporters say. Apple iPhone theft in San Francisco dropped 40 percent, reported incidents slid 25 percent in New York, and thefts in London were cut in half.

The software kill switch allows phone owners to lock lost or stolen devices, along with bricking devices so they cannot be used or sold on the black market.

"The huge drops in smartphone theft have occurred since the kill switch has been on the market are evidence that our strategy is making people safer in our cities, and across the world," said Eric Schneiderman, New York State Attorney General, in a statement.

It's not just the United States and UK launching sophisticated cyberespionage attacks against foreign government states, with China, Russia, Iran, North Korea, and other nations increasingly jumping into the fun. Groups in China and Russia have been linked to major data breaches, such as Target, The Home Depot, Anthem and Sony Pictures, with future breaches expected to happen.

China is the most active country involved in launching cyberattacks, routinely targeting US infrastructure - and other lucrative targets, such as financial institutions and government departments. As witnessed by CrowdStrike, skilled Chinese hacker groups are able to adapt their strategies while avoiding detection.

The Obama administration has publicly criticized China for its cyberespionage activities, but has been unable to launch any meaningful political crackdowns.

Consumers and business users face a wide variety of different cyberattacks, and security experts are increasingly concerned about ransomware. Ransomware, a custom form of malware designed to hijack computers and work files, typically encrypt vital documents - unless a ransom is paid.

Microsoft Windows PC users face the largest threat from CryptoWall, a ransomware variation that has uncrackable encryption and uses anonymity networks to avoid detection.

Another nasty form of ransomware recently discovered is Invincea, which delivers the payload straight to system memory instead of targeting files on a hard drive.

Cybersecurity incidents are going to occur, and companies should rethink their current security strategies. Instead of focusing on preventing criminals from accessing their data - which has become increasingly difficult - decision leaders should have a plan in place for when a breach finally does occur.

The median length cybercriminals have inside a compromised victim's network is 229 days, which gives them a significant amount of time to access data, find additional loopholes, and plan what information they will take. Companies often are unaware a breach has taken place, and don't have an appropriate strategy to boot the hackers and secure their networks.

Typical cybersecurity defenses need to focus on having "a description of the bad guys before they can help you find them," said Dave Merkel, CTO of FireEye, in a statement published by the San Jose Mercury News. "That's just old and outmoded. And just doesn't work anymore. There's no way to guarantee that you never are the victim of a cyberattack."

The United States publicly unveiled its Cyber Threat Intelligence Integration Center (CTIIC), a new program designed to study cyber threats facing government agencies.

The idea of increased communication between federal government agencies, law enforcement and private sector corporations seems like a wise idea - but is going to be extremely difficult. The CTIIC wants to create a first step towards that goal, with government agencies and law enforcement coordinating to discuss current cyberattack patterns.

Even though the US government is being pressured to become more proactive in the fight against cyberattacks, some have questioned if the CTIIC will be an effective tool. "In principle, having a single 'belly button' is a nice idea," said Jeff Williams, CTO and founder of Contrast Security, in a statement to NBC News. "But in reality, it's just one more agency with cybersecurity responsibility."

The main Twitter page for Newsweek was hacked by CyberCaliphate, a mysterious pro-ISIS group, with a new profile picture, main image and number of tweets posted. A series of tweets also took aim at the first lady Michelle Obama and her family, threatening them - and the FBI is now investigating the matter.

"We apologize to our readers for anything offensive that might have been sent from our account during that period, and are working to strengthen our newsroom security measures going forward," said Kira Bindrim, Managing Editor of Newsweek, in response to the data breach.

Newsweek was able to regain control of its Twitter account in 20 minutes, but the hijacked Twitter messages were tweeted and shared among the news organization's 2.51 million followers.

Popular fast casual restaurant Chipotle has issued an apology to its Twitter followers, after being hacked over the weekend. Insensitive tweets were published to more than its 634,000 followers, including racist messages aimed at President Obama - before Twitter could suspend the account. A separate tweet claimed the company would be shutting restaurants before the end of the year.

The attack also reportedly hit the official Chipotle website, which led visitors to a different website.

"Our Twitter account was hijacked overnight for about two hours during which a series of offensive tweets was posted to the account," said Chris Arnold, communications director of Chipotle. "We apologize for the nature of the posts that were made during that time, and we are now conducting an investigation to try to determine what happened and who might have been involved."

In the aftermath of the Anthem data breach last week, the New York Financial Services Department said it plans to conduct cybersecurity audits of insurance companies. The "regular" and "targeted assessments" will be a part of its examination process, and enhanced regulations should keep New York insurance members safer from future data breaches.

The Anthem data breach could affect upwards of 80 million people, as personal information was taken during the sophisticated cyberattack.

"We're still in the process of finalizing and determining the enhanced requirements, but we are moving quickly and expect to begin putting them forward in the coming weeks," said Matt Anderson, spokesman of the New York Financial Services Department, in a statement published by Reuters. "These requirements are specific to New York, but we're of course always willing to discuss these issues with other states."

The Anonymous hacker collective is taking aim at ISIS in Syria and Iraq, launching attacks to disrupt the group's social media accounts. As part of its #OpISIS campaign, Anonymous has taken down hundreds of Twitter, Facebook, and other social media accounts linked to ISIS - used to spread propaganda and woo potential recruits.

"ISIS: We will hunt you, take down your sites, accounts, emails and expose you," Anonymous pledges. "From now on, no safe place for you online... you will be treated like a Virus, and we are the cure. We own the Internet. We are Anonymous; we are Legion; we do not forgive, we do not forget. Expect us."

In addition to listing Twitter and Facebook accounts - of both compromised accounts and possible targets - Anonymous has revealed email addresses, IP addresses, VPN connections and websites used by the extremist group.

The recent data breach suffered by Anthem is further proof that companies are under cyberattack - and find it difficult to keep up with increasing numbers of sophisticated attacks. Many corporations understand they face cybersecurity threats, but can do very little to prevent crippling data breaches.

"For any given unit of time that goes by, the probability of an organization being compromised is trending to 100 percent," said John Hering, co-founder of the Lookout security firm, in a statement to CNBC. "We need to move to a world where security is not reactive, but proactive and predictive."

Financial institutions and medical companies typically have more stringent security protocols in place, but still find it difficult to prevent attacks. Late last year, JPMorgan Chase suffered a data breach that affected millions of customers, with phishing attacks and other threats targeting compromised victims.

Opposition fighters trying to overthrow the regime of Syrian President Bashar al-Assad have fallen prey to one of the oldest social engineering tactics: hackers use fake Facebook and Skype profiles of young, beautiful women to target rebels, inviting them to chat. Pictures are exchanged, though the hackers load images with malware able to copy chat logs and steal strategic information.

The tactic continues to work on oblivious Syrian fighters, continually chatting with pro-Assad hackers - and the results have been devastating. A FireEye report revealed 7.7GB of data has been compromised, along with more than 12,000 contacts and 31,000 Skype conversations.

"We are really seeing the convergence of traditional methods of espionage and Internet communication tools," said Richard Turner, EMEA VP of FireEye, told CNBC. "The evidence of that is the use of the attractive lady avatar to generate interest and open up individuals to deliver malware and compromise their communication."

In an effort to protect federal and private computer assets from cyberattacks, President Barack Obama wants to receive $14 billion in the 2016 fiscal year to put towards cybersecurity. The US government has increasingly called upon defense contractors and the private sector to provide next-generation software and hardware designed to help keep critical infrastructure safer from attack.

As part of his multi-billion-dollar cybersecurity effort, Obama wants to include additional intrusion detection and prevention solutions, along with increased intelligence sharing between the government and private sector.

"Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity," according to a White House summary.

A new cyber threat victimizing users is the 'RansomWeb' attack, which leaves compromised websites encrypted - and they will remain that way until the victim pays a ransom to cyberattackers. The threat was first detected by cybersecurity firm High-Tech Bridge, investigating a client website, which displayed a database error.

The cybercriminals demanded a $50,000 ransom in exchange for decrypting the database, despite it being compromised six months prior. A closer inspection found that several server scripts were edited so data was encrypted before it was submitted to the database, and data was decrypted after being pulled from the database.

Instead of an immediate ransom demand - like ransomware attacks against business users - the cybercriminals patiently waited until backups were also overwritten.

Don't ever click porn links on Facebook - it's a very good rule to follow in general, however if you're looking to get a porn fix through this popular social media, you need to be extremely alert and aware. Reportedly infecting over 110,000 Facebook users within two days, not everyone is as smart as you might have hoped.

Disguised as a Flash update, this disguised-malware post will tell you to quickly download and run an update in order to see a withheld porn video - doing so will download a Trojan directly onto your system, allowing a hacker to take control of your keyboard and mouse. This virus will then start linking multiple similar links on your wall and tagging up to 20 friends with each post.

Facebook have released an official statement on the matter, saying "we use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we're aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites." In order to cull the wave of infections, Facebook is "blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook."