[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
Obviously, the big news is suspected hack of the OPM
So onto the news:
Govt: UK data breach costs have more than doubled since 2014
New research from the UK government claims that the average cost of a data breach to a large UK enterprise has more than doubled since 2014, underlining the growing impact of cybercrime on the British economy.
Carried out in collaboration with PwC, the 2015 edition of the Department for Business, Innovation and Skills’ Information Security Breaches Survey estimated that major firms incur costs of between £1.45 million and £3.14 million per cyber attack or accidental data disclosure incident.
In the 2014 report, the range was just £600,000 to £1.15 million. Data breaches have also become more frequent since then, with nine out of ten large enterprises (90 per cent) having now fallen victim to such an incident compared with just 81 per cent a year ago.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5681b53418&e=20056c7556
Businesses taking more than 100 days to contain data breaches, finds study
In its global security report for 2015 information security provider Trustwave said it takes businesses 86 days on average to detect a data breach and 111 days on average to contain the breach from the date of intrusion.
Trustwave said that 43% of the 574 data breach cases it investigated last year concerned retailers. Nearly half of all the investigations (49%) concerned the theft of personal data and payment card information. The report said that 40% of cases involved the loss of data at point-of-sale terminals. However, it said US retailers are more likely to be exposed to data breach cases at POS terminals because of their “lagging adoption” of ‘chip and pin’ technology that is used by UK banks.
The report also highlighted common security vulnerabilities it had identified in mobile technologies, networks and applications and found that many businesses are still using basic passwords.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=621fed60c1&e=20056c7556
Flash Malware Soars Over 300% in Q1 2015
There was a staggering 165% increase in ransomware attacks in the first three months of this year, while Adobe Flash malware soared 317% from Q4 2014, according to the latest threat report from McAfee.
The security giant’s McAfee Labs Threat Report for Q1 2015 claimed that the rise in ransomware could largely be explained by the prolific but hard-to-detect CTB-Locker family, as well as newcomer Teslacrypt, and new versions of CryptoWall, TorrentLocker and BandarChor.
CTB-Locker’s C&C servers are placed on the Tor network, making them almost impossible to locate and take down. It also uses “evasive techniques” to bypass security software, the report claimed.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=45d235cfcc&e=20056c7556
Tiny Tinba malware gets tough, new variants infect European banks
Writing on the company’s Security Intelligence blog earlier today, product and risk management expert Ori Bach gave an overview of how the ‘tiny banker’ malware, which was first discovered in 2012 when it was the smallest Trojan in circulation with a file size of just 20kB, has been spreading ever since its source code was publicly leaked in July 2011.
Eight months on, and IBM Security Trusteer researchers have gone onto discover a new Tinba infection campaign targeting Poland, Italy, the Netherlands and Germany. Nearly half of recognised incidents were focused on Poland (45 percent), with Italy a distant second (21 percent). Websense confirmed Poland as the number one infected country in an email to SC.
The number of UK incidents is unknown, although one source said the malware would likely to be targeting banks in the City. Towards the end of last year, Avast researchers found that a variant was infecting US and global banks, including Bank of America, JP Morgan Chase, HSBC and ING, via the Rig Exploit Kit.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6af33afad1&e=20056c7556
Ransomware up 165% in Q1 2015, new Intel Security report says
The McAfee Labs Threats Report: May 2015 said that McAfee Labs registered a 165% increase in new ransomware, mainly driven by the CTB-Locker family, a new ransomware family called Teslacrypt and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor. [click image below to enlarge]
In addition to the rapid proliferation of CTB-Locker, the first quarter also saw new Adobe Flash malware samples increase by 317% from Q4 2014 “as attackers shift focus from Java archive and Microsoft Silverlight vulnerabilities to exploit unpatched Adobe Flash vulnerabilities.” Researchers attributed the increase to several factors: the popularity of Adobe Flash as a technology; user delay in applying available Adobe Flash patches; new methods to exploit product vulnerabilities; a steep increase in the number of mobile devices that can play Adobe Flash files (.swf); and the difficulty of detecting some Adobe Flash exploits.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a86606b0f6&e=20056c7556
Toshiba Addressing Vulnerabilities in its Retail Software
Toshiba last week patched a potentially serious vulnerability in its CHEC self-checkout software prevalent in retail locations, while it is still wrangling with another security issue in its point-of-sale offering.
The vulnerability in Toshiba CHEC, or Checkout Environment for Consumer-Service, was a hard-coded cryptographic key that affected versions 6.6 and 6.7, and possibly older versions of the software as well.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=776e6deb12&e=20056c7556
RSA Research Finds Size Doesn’t Matter in Cybersecurity
Today, RSA, The Security Division of EMC (NYSE: EMC), released its inaugural Cybersecurity Poverty Index that compiled survey results from more than 400 security professionals across 61 countries. The survey allowed participants to self-assess the maturity of their cybersecurity programs leveraging the NIST Cybersecurity Framework (CSF) as the measuring stick. The research provides valuable global insight into how organizations rate their overall cybersecurity maturity and practices across a variety of organizational sizes, industries and geographies. While larger organizations are typically thought of as having the resources to mount a more substantive cyber defense, the results of the survey indicate that size is not a determinant of strong cybersecurity maturity and nearly 75% of all respondents self-reported insufficient levels of security maturity.
– Nearly 75% surveyed lack the maturity to address cybersecurity risks
– 83% of large organizations ranked themselves as below “developed” in maturity
– Up to 45% admit inability to measure, assess and mitigate cybersecurity risk
– The most mature capability revealed in research is in the area of Protection, Detect and Response capabilities lag
– Only one-third of financial services organizations report being adequately prepared
– NIST Cybersecurity Framework used as the measuring stick; yet the Americas rank themselves behind both APJ and EMEA in overall maturity
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ce24623574&e=20056c7556
Imperva Report Finds DDoS Attacks Resemble Advanced Persistent Threats in Sophistication
Imperva, Inc. (NYSE: IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today released its Q2 2015 Global DDoS Trends Report. The report findings, based on over 3,000 mitigated DDoS attacks and 60 million blocked bot sessions across all sites which were protected using Imperva Incapsula, show a high frequency and long duration of DDoS attacks against organizations during the period from March 1 through May 7, 2015.
The report also details DDoS attacks that are beginning to resemble advanced persistent threats, evidenced by long durations, repetition and changing attack vectors aimed at evading simple, signature-based defense systems. At the other end of the spectrum, there is increased evidence that inexpensive botnet-for-hire services are being used to perpetrate attacks. With these tools costing as little as $19.99 per month, and available for online purchase using Bitcoin, the barrier to mounting attacks has dropped significantly.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cf335da11f&e=20056c7556
More firms bought insurance against cyber attacks in 2014: Marsh
Marsh, an insurance broking and risk management firm, said on Tuesday that more groups are seeking financial protection through insurance to cover losses from data breaches and business outages as the intensity of cyber attacks increases.
According to a report released by the firm on Tuesday, in 2014, the number of US-based Marsh clients purchasing stand-alone cyber insurance increased by 32 percent over 2013, and the number will keep growing in 2015.
Healthcare and education clients had the highest cyber insurance take-up rates in 2014, respectively at 50 percent and 32 percent, followed by hospitality and gaming at 26 percent and services at 22 percent.
The report also said that all industries purchased more cyber insurance on average in 2014 than in 2013. Companies with revenue exceeding $1 billion purchased 22 percent higher cyber insurance limits on average in 2014 at $34.1 million compared to $27.8 million in 2013.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bb7d65f5ad&e=20056c7556
MalumPOS malware that can be configured to target any POS system
Researchers with Trend Micro have identified malware – known as MalumPOS – that can be configured to target any point-of-sale (POS) system, and which also takes steps to avoid detection.
MalumPOS – a POS RAM scraper written in the Delphi programming language – is also targeting Oracle Forms and Shift4 systems, but without much trouble the attackers can reconfigure the malware to breach other systems such as Radiant or NCR Counterpoint POS systems, Yaneza said in the post.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c2b4dd275c&e=20056c7556
Vawtrak banking malware found to use Tor2Web
Vawtrak’s code has DWORD values written in that correspond to domain name. Each DWORD value is a seed used to generate the domain name, Fortinet wrote on its blog. Those seeds are kept as fixed values within the code, which produce the same pseudo-randomized domain names.
Although the malware has typically used fixed Command and Control servers in its variants, it now uses Tor2Web, as well. Tor2Web allows users to access Tor services without directly connecting to the network or using the Tor client.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b2c25afaf8&e=20056c7556
Graylog 1.1 Adds Enterprise Log Management Capabilities
Graylog, Inc., the company behind the popular Graylog open source log analysis platform, today announced version 1.1 of its Open Source Graylog product. This new release provides significant enhancements — including an integrated log collector for Linux and Windows — that extend Graylog’s lead as an affordable and enterprise-ready log management platform for storing, searching and analyzing any type of machine data. Unlike other open source alternatives, Graylog does not require the integration of disparate collection, analysis and visualization tools.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bfd0791d60&e=20056c7556
Cybercrime Can Give Attackers 1,425% Return on Investment
“We’re showing what the motivation for and value of a cybercrime is,” says Charles Henderson, vice president of managed security testing at Trustwave. “To my mind, if you’re going to defend against cybercrime, you need to understand” the attackers’ motivation.
– Costs of a ransomware payload (CTB Locker in this example), infection vector (RIG exploit kit, which was most common), camouflaging services (encryption), and traffic (20,000 visitors) totaled $5,900 per month.
– Earnings for a 30-day campaign, assuming a 10 percent infection rate, a payout rate of 0.5 percent, and a $300 ransom, would total $90,000.
– That’s a profit of $84,100 and a ROI of 1,425 percent.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e87f8ff1b6&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6d5457412d)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)