Hacking, Security & Privacy News - Page 48

In an effort to protect federal and private computer assets from cyberattacks, President Barack Obama wants to receive $14 billion in the 2016 fiscal year to put towards cybersecurity. The US government has increasingly called upon defense contractors and the private sector to provide next-generation software and hardware designed to help keep critical infrastructure safer from attack.

As part of his multi-billion-dollar cybersecurity effort, Obama wants to include additional intrusion detection and prevention solutions, along with increased intelligence sharing between the government and private sector.

"Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity," according to a White House summary.

A new cyber threat victimizing users is the 'RansomWeb' attack, which leaves compromised websites encrypted - and they will remain that way until the victim pays a ransom to cyberattackers. The threat was first detected by cybersecurity firm High-Tech Bridge, investigating a client website, which displayed a database error.

The cybercriminals demanded a $50,000 ransom in exchange for decrypting the database, despite it being compromised six months prior. A closer inspection found that several server scripts were edited so data was encrypted before it was submitted to the database, and data was decrypted after being pulled from the database.

Instead of an immediate ransom demand - like ransomware attacks against business users - the cybercriminals patiently waited until backups were also overwritten.

Don't ever click porn links on Facebook - it's a very good rule to follow in general, however if you're looking to get a porn fix through this popular social media, you need to be extremely alert and aware. Reportedly infecting over 110,000 Facebook users within two days, not everyone is as smart as you might have hoped.

Disguised as a Flash update, this disguised-malware post will tell you to quickly download and run an update in order to see a withheld porn video - doing so will download a Trojan directly onto your system, allowing a hacker to take control of your keyboard and mouse. This virus will then start linking multiple similar links on your wall and tagging up to 20 friends with each post.

Facebook have released an official statement on the matter, saying "we use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we're aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites." In order to cull the wave of infections, Facebook is "blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook."

Companies are under cyberattack, and a single distributed denial of service (DDoS) attack could cost companies from $52,000 up to $444,000 depending on how large the company is. Enduring downtime due to a DDoS cyberattack also hurts the company's public relations image, with disclosures made to customers and federal regulatory bodies.

Following a DDoS attack, 61 percent of victims lost access to critical business information, while 38 percent were unable to conduct day-to-day business operations. As cybercriminals are becoming more organized - and finding new strategies to launch cyberattacks - volumetric attacks tend to be increasing, outnumbering application-layer attacks.

"A successful DDoS attack can damage business-critical services, leading to serious consequences for the company," said Eugene Vigovsky, head of the Kaspersky DDoS protection at Kaspersky Lab. "For example, the recent attacks on Scandinavian banks caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this."

The Drug Enforcement Agency (DEA) is currently engaged in a widespread license plate reader program nationwide, and millions of license plates have been collected, according to a report from the American Civil Liberties Union (ACLU). The campaign started in 2008 and focused on taking pictures of vehicles, occupants and license plates, in an effort to identify and better track suspected criminals smuggling drugs and money to and from Mexico.

"It's not the kind of information government should be compiling," said Jay Stanley, a policy analyst for the ACLU, in a statement to the media. "Location data is very powerful information."

The following states were targeted, based on popular drug smuggling routes on highways: California, Arizona, New Mexico, Nevada, Texas, Georgia, Florida and New Jersey. Once collected and archived, the DEA shared information with local and state policy officials. Data was stored on record for two years until 2012, when program officials dropped it down to six months, the ACLU report found.

Hackers hijacked Taylor Swift's Twitter and Instagram accounts today, threatening to release naked pictures of the popular singer. Swift has bitten back, announcing on her Twitter that there are no 'nudes' to be had and the only way they could 'uncover' anything would be to use Photoshop.

After stating that her Twitter had been compromised though Tumblr, she later announced that her Instagram had also fallen victim. People are questioning if the superstar has been using the same password for multiple social media accounts, as it's uncommon to see a small amount of accounts compromised like this - usually its a singular service taken or its everything in one go.

The hacker-made tweets have now been deleted from her account and everything has gone back to normal. Seemingly Swift has been able to shake it off quite well - laughing in the face of the hackers.

Launching cyberattacks against targets once was a time intensive, difficult and costly effort, but it has become easier and inexpensive to launch distributed denial of service (DDoS) attacks.

Groups such as Anonymous and Lizard Squad are able to launch devastating attacks against large corporations and major targets using botnets of hijacked computers and routers. However, companies are becoming better at identifying these types of cyberattacks, but prove to be hugely inconvenient when the attacks succeed.

"There's been a massive jump in the number of very large attacks going on out there," said Darren Anstee, senior analyst at Arbor, while speaking to BBC. "In 2014 we saw more volumetric attacks, with attackers trying to knock people offline by saturating their access to the Internet."

The US government is no stranger to casting a large net in hopes of catching a few fish, so news of a new vehicle tracking database isn't entirely surprising. The Justice Department has a sophisticated database to track vehicle movements, and several other agencies are already using the data.

Several US law enforcement agencies already use automated license plate scanners mounted to police vehicles, and there also stationary systems that monitor highways and also take pictures of the vehicles. Some of these systems can actually be used to identify individuals inside of the vehicles.

The Justice Department has noted that there are already 343 million records in the database. This data includes the vehicle, time, and direction of travel. The primary intention is to find trafficking offenders for the DEA, but the Justice Department plans to expand the system to search for vehicles involved in rapes and murders. There is no word if the system will be expanded to encompass even more types of crime.

Companies have struggled against cyberattacks and distributed denial of service (DDoS) attacks, while mobile devices remain "the perfect target for attackers," said Thomas Tschersich, Deutsche Telekom's computer security chief.

Cybercriminals are able to easily compromise mobile devices, and with connection speeds via mobile topping many home broadband connections, can be exploited to launch attacks against targets. To counter this threat, Deutsche Telekom informs around 20,000 German subscribers per month about malware infection - and urges them to remove the malware.

Despite Deutsche Telekom's proactive efforts, attack bandwidth is estimated at several gigabytes per hour from these mobile devices. For just a couple hundred euros, criminals are able to launch attack and generate an impressive return on investment (ROI) for their efforts.

Business leaders need to become more computer literate so they are better able to understand evolving threats posed by cybercriminals. Criminals are using the digital equivalent of an F-16 fighter jet to launch attacks against governments and corporations, finding surprising levels of success, according to an Israeli cybersecurity expert.

"The breakers in cyber are one step ahead of the makers... we're out of equilibrium," said Nadav Zafrir, former Israel Defense Force tech commander and founder of Team8 Cyber Security Venture Creation, during a recent meeting with corporate leaders. "You have to redefine control. You have to let go, and it's scary. It's too important to leave it to the cyber experts. You [the CEO] have to become cyber literate."

Business leaders are confused in their efforts to defend against cyberattacks, often unsure how to prevent data breaches - and what to do if one occurs. However, analysts and experts recommend companies focus on preventing insider attacks, try to clamp down on outside threats, and have a recovery plan in case a breach does take place.