[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
Malware performs fraudulent actions on social media
Known as the Linux/Moose, the malware primarily targets Linux-based consumer routers and infect other Linux-based embedded systems. Once infected, the compromised devices are used to steal unencrypted network traffic and offer proxying services for the botnet operator.
According to ESET researchers, this type of malware has the capabilities to reroute DNS traffic, which enables man-in-the-middle attacks from across the Internet. Moreover, the threat displays out-of-the-ordinary network penetration capabilities compared to other router-based malware.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=29a8dc2ed7&e=20056c7556
Now there’s a program that lets novices hijack other people’s computers for ransom
The program, called Tox, lets users build their own ransomware, which they then send to unsuspecting victims.
Ransomware works by distributing malicious files which, when downloaded, seize all of the victims’ data until they fork over a specified amount of money.
When the file is downloaded users are instructed to pay the ransom in Bitcoin, which is then transferred to both the Tox makers and the people who sent the file.
Itâs free to use Tox, but the service takes 30% of the cut from the ransom.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d801b8e71d&e=20056c7556
Threat Intelligence: Knowledge is Power
Gone are the days when you implement a solution and wait for them to alert you of a potential threat and begin incident response. Organizations need to take a proactive approach to incident response.
Adding Threat Intelligence into existing processes could improve monitoring and once the threat intelligence data source is trusted, the data could be used to perform active inline blocking in order to capture potential threats before compromise.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=486773b560&e=20056c7556
State-Sponsored Cybercrime: A Growing Business Threat
Chinese cyber operations have typically been economically driven, often with a pure profit motive. Several top technology, aerospace, and defense companies have been breached by Chinese state-sponsored hackers, often in what appears to be an effort to steal intellectual property and identities. Chinaâs approach follows the same guiding philosophy the Chinese Army uses: throw as many people at the problem as possible, regardless of talent or training, and eventually youâre bound to get something.
Russian cyber operations enjoy a unique distinction from the other groups because they are more broadly used to collect intelligence, and like Chinese hackers are also involved in profit-motivated cyber crime. The Russians also have a history of aggressive offensive operations such as the Estonian cyber attacks of 2007 that swamped websites of Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country’s disagreement with Russia about the relocation of a statue, and more recent cyber attacks directed at Poland. Unlike Chinese counterparts, Russian hackers also like to spread ideological influence, a discipline known as âInformation Operationsâ within the intelligence community. This includes âtroll farmsâ staffed with hundreds whose job is to spread ideas and cause the appearance of consensus across online forums and social media.
Some notorious non-state actors have been working hard to reach levels of sophistication similar to these state-sponsored groups.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4bc4d7a7fe&e=20056c7556
Cost of data breaches increasing to average of $3.8 mln, study says
The total average cost of a data breach is now $3.8 million, up from $3.5 million a year ago, according to a study by data security research organization Ponemon Institute, paid for by International Business Machines Corp.
The direct costs include hiring experts to fix the breach, investigating the cause, setting up hotlines for customers and offering credit monitoring for victims. Business lost because customers are wary after a breach can be even greater, the study said.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8fb861a166&e=20056c7556
Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks
Commjackers try to lure devices â laptops, cell phones, tablets, what have you â away from a legitimate network onto a malicious network run from a small piece of illegal hardware. They make their networks alluring by using clever techniques; for instance, by offering higher bandwidth than other nearby networks, or masquerading as a trusted network.
The FS-ISAC has several suggestions for preventing commjacking. One is to encrypt all information when using Wi-Fi. Another is to use a VPN connection when using public Wi-Fi. A third is to use a “personal hotspot” cellular connection if available from a trusted and secured source. Perhaps most effective is the most draconian suggestion: don’t let employees use public Wi-Fi in the first place.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6508135c72&e=20056c7556
Profile Of A Cybercrime Petty Thief
Although the cybercrime game is dominated by organized criminals — according to IBM X-Force, 80 percent of cyber attacks are driven by highly organized crime rings — there are one-man operations getting a piece of the action, too. Trend Micro today proposed that actors like these may be the “evolved version of the petty thief,” and profiled one individual operating in Canada.
This individual, who Trend Micro calls Frapstar, doesn’t write code: he buys it. He isn’t very slick at hiding his tracks or identity. Yet he seems to make a comfortable living, either supplemented by or solely by selling dumps of credit card and Canadian passport data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7580a87d61&e=20056c7556
Insider threats can’t mask their behavior from Gurucul’s risk analytics
Gurucul’s team believes that identity â either compromised or misused user identity â is the root cause of many modern day threats. Identity is the underlying threat surface that Gurucul uses for its risk analysis.
Guruculâs approach starts by pulling identity information from a directory service, an identity and access management (IAM) platform, or an HR systemâwherever an organization keeps people and account information. The next step is to build a multi-dimensional contextual identity by overlaying access, activity, alerts and intelligence information onto the identity.
The next step is to use machine learning algorithms on this dataset. This includes behavioral profiling algorithms, which look at every new transaction coming in and compare that identity’s new transactions against a normal, baseline behavior. An identity’s actual behavior â say, accessing a system that holds confidential financial data â is compared to the identity’s baseline behavior to develop a risk score. If the person behind the identity works in the Finance department, the actual behavior might have a low risk score, but if this person works in Marketing, or Manufacturing, the behavior might trigger a higher risk score.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a96017b55c&e=20056c7556
A new wave of Cryptolocker has just showed up!
The first one is called Los Pollos Hermanos virus. No matter how surprisingly the name of this threat sounds, it seems that it is a very sophisticated version of Cryptolocker virus that is targeting Australians at the moment. After infecting the system and encrypting each of predetermined files, this threat requires to pay a ransom of $450, which is much bigger than the amount of money that was asked by the first versions of Cryptolocker. Besides, it seems that this is not the end. If the victim fails to pay this ransom, Los Pollos Hermanos promises to rise this payment to $1000. As you can see, it is a very nasty piece of malware with a very silly name.
Another threat that is closely related to Cryptolocker is called BitCryptor. It was detected just few days ago and, according to the latest reports, has already managed to infiltrate several hundreds of computers. This ransomware is different from the ones that have been tested previously because it is capable of blocking predetermined processes in task manager. Of course, one part of processes that this virus is designed to block belongs to security programs, such as mbam, spyhunter, roguekiller, etc. This can easily initiate problems when trying to remove this ransomware from the system. At the moment of writing, BitCryptor is asking to pay a ransom of 216 euros, so it is obvious that the main region where it is spread in Europe. However, as we have already warned you, each of Cryptolocker variants can be altered according to hackersâ needs..
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=851af713a9&e=20056c7556
Identity theft jump 27pc as thieves target innocent account-holders
Cifas, the fraud prevention service, warns credit cards, bank accounts and other financial services are at risk from crooks who steal your name.
The number of crimes involving the theft of innocent peopleâs identities to commit fraud has surged by more than a quarter, new figures have revealed.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8d0191b12e&e=20056c7556
5 tips for keeping your incident response team happy
Job postings for cyber security positions grew 74% from 2007-2013, according to labor market analytics firm Burning Glass Technologies. Those job postings took 24% longer to fill than other IT job postings and 36% longer than all job postings.
With demand for security skills outstripping supply, managers canât afford to leave incident response teams on cruise control. Security leaders offer their tips for keeping your incident response team happy and engaged.
1. Step back
2. Give them the tools they want â within reason
3. Listen to ideas and value their knowledge
4. Keep incentives fresh
5. Encourage competition
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ac60f93738&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage2.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=c431159927)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)