[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
New ‘Breaking Bad’ ransom Trojan is no laughing matter, says Symantec
The hook this time is that the Trojan uses a splash screen ransom demand for between $450 and $1,000 Australian dollars (up to $800) based on the fictional restaurant chain Los Pollos Hermanos used in the TV show.
It’s not clear why the criminals adopted Breaking Bad but their use of it is no accident – the extortion email address even references a quote by main character Walter White, “I am the one who knocks.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=08eebf413b&e=20056c7556
Cybercrooks used LINE to aim at Taiwan govt
Intended targets received a spear-phishing email that uses LINE as its subject and has .ZIP file attachment with the filename, add_line.zip. The said email message purports to come from the secretary of a political figure supposedly asking recipients (in a Taiwan government office) to join a specific LINE group, and to provide some information for profiling purposes. Once users open the .ZIP file, it contains a malicious executable file.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=73ea064379&e=20056c7556
Attackers Slipping Past Corporate Defenses with Macros and Cloud Hosting
What makes the current versions of macro malware particularly dangerous is that the code is often heavily obfuscated, making detection difficult. Furthermore, once the document is opened and macros are enabled, the malware installs and begins to monitor Internet Explorer, Chrome, and Firefox browser activities with the capability of grabbing screenshots and logging keystrokes. The attacker’s ultimate goal is stealing these login credentials that give access to corporate and financial data.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d1a603a7c5&e=20056c7556
Threat Clarity through iSIGHT Partners Threat Diagnostics: Recent Campaign Discoveries
Dyre, Dridex and Hijack (aka Shylock), three banking Trojans capable of stealing credentials from victim computers, have been seen across the hospitality, financial and commercial airline sectors.
Netwire, a remote access Trojan (RAT), has been identified in targeting of both financial and hospitality sectors.
Other RATs such as Gh0st, and PlugX, were associated with cyber espionage activity affecting media, financial and hospitality target sets.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=af51ff9f3c&e=20056c7556
Hackers target banks for bitcoin payout **
Hackers believed to be from overseas have threatened to launch fresh cyber attacks on Bank of China and Bank of East Asia unless they pay them not in cash, but with virtual currency bitcoin.
Link:** http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=80b3089eb9&e=20056c7556
Businesses need more guidance on trigger for data breach notifications, says expert
Data protection law specialist Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said that it is not clear from the wording of the proposed new General Data Protection Regulation (GDPR) when “the clock would start ticking” on the 72 hours companies would have to report the loss, theft or unauthorised accessing of personal data they are responsible for.
“The 72 hour deadline for notification is a demanding one,” Dautlich said. “Businesses are going to need to give some thought to questions that seem easy but – as anyone who has dealt with a breach will know – are often not at all, for example.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=848d088594&e=20056c7556
SEC’s Division of Investment Management Issues Cybersecurity Guidance
In Guidance Update No. 2015-02, the Division of Investment Management (Division) of the Securities and Exchange Commission (SEC) issued some high-level suggestions concerning the importance of cybersecurity for registered investment companies and registered investment advisers. The guidance outlines a number of measures these entities should consider for addressing cybersecurity risks. Of course, while some of these and other measures may have specific application to certain sectors of the financial services industry, many of these measures can and should be applied in most organizations, regardless of industry.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=54b9341aef&e=20056c7556
Security Vulnerability Discovered In Millions Of Business Computer Systems — Here’s What You Need To Know {Venom]
The vulnerability was discovered by Jason Geffner, a Senior Security Researcher at cybersecurity firm CrowdStrike. While Geffner and his colleagues did not publicize the vulnerability until 8:00 a.m. today, they began notifying affected vendors of the vulnerability in late April; a team at QEMU – a free, open-source system for creating and managing virtual machines (sometimes known as a hypervisor) whose code was the source of the vulnerability – wrote a patch which it distributed to various vendors that leverage QEMU code and were impacted by the vulnerability. By the time you read this, those vendors should have patches available for their customers, and many hosting providers should have already deployed them.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7874d6ec09&e=20056c7556
NTT Innovation Institute (NTT i3) Announces the Availability of the 2015 Global Threat Intelligence Report
The report is focused on the changing threat landscape and the quantifiable shifts over the last year that alter corporate risk, and require a reevaluation of risk posture which requires organizational security transformation. Using this awareness, business and security leaders will be able to focus the security goals addressing the threat and security investment of their enterprises on the things that are most impacting their organizations. The report delves into detailed analysis of the changing infiltration tactics, the commoditization of malicious capabilities, spread of the threat and how the business of cybercrime is responding to successful defensive strategies with rapidly adapting tactics. Some of the key finding of the report include: …. Threats against the end user are higher than ever, attacks show a clear and continuing shift towards success in compromising the end point. Distributed Denial of Service (DDoS) attacks changed in nature with a massive shift
towards amplification attacks using Universal Datagram Protocol (UDP) protocols and this accounted for 63% of all DDoS attacks observed by NTT Group.
Attacks against Business & Professional Services increased from 9% to 15%
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2586b0039d&e=20056c7556
Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis
In our current diffuse and multipolar threat environment, the DOD intelligence enterprise faces the daunting task of discerning abnormal and/or significant activities from normal patterns of activities. To truly revolutionize and fundamentally change from an individual exploitation process to analysis-based tradecraft, the enterprise needs to harness the potential of big data, replacing the methodology of individually exploited pieces of data with an activity-based analysis approach, known as Activity-Based Intelligence (ABI). Use of the ABI methodology will enable our intelligence analysts to focus on hard problems with critical timelines as well as normal day-to-day production activities across the spectrum of conflict. This methodology will aid in the development and understanding of patterns of life, which in turn will enable analysts to differentiate abnormal from normal activities as well as potentially defining a “new normal.” Furthermore, the sharp incline in the
amount of data, recent information technology (IT) advances, and the ABI methodology impel significant changes within the traditional DOD intelligence production model of PCPAD (planning and direction, collection, processing and exploitation, analysis and production, and dissemination).
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=226ef9d591&e=20056c7556
Cisco CTO: Security, Big Data Analytics Services Poised To Boom In The Channel
Although the IoT has great promise, it also makes security more complicated because it amounts to a dramatic expansion of the network. Cisco’s challenge, Warrior said, is about taking the security and intelligence it has built into its network infrastructure and extending that to devices and endpoints.
Cisco is tackling this challenge by adding more visibility into its network, Warrior said. “We have to help customers see what’s happening in their infrastructure, so they can apply the right technology to protect against malware and threats,” she said in the keynote.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dc4ac5a3f5&e=20056c7556
Oil & Gas Firms Hit By Cyberattacks That Forgo Malware
An unusual type of targeted attack underway for two years uses legitimate Windows file functions and a few homemade scripts — but no malware — to infiltrate companies in the oil and gas maritime transportation industry.
The attack campaign, dubbed Phantom Menace by Panda, was first spotted by the security team at an oil and gas transportation company in the U.K. It began with a convincing-looking spearphishing email with a phony PDF file that when opened by the victim user, was empty. “It has a self-destructor file, and it creates a folder where it puts files inside. It runs one of the batch files and that’s it. There are no malicious” code tools, he says.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=97b6ae88cd&e=20056c7556
Stealthy malware ‘Poweliks’ resides only in system registry
The concept of “fileless” malware that only exists in the system’s memory is not new, but such threats are rare because they typically don’t survive across system reboots, when the memory is cleared. That’s not the case for Poweliks, which takes a rather new approach to achieve persistence while remaining fileless, according to malware researchers from G Data Software.
When it infects a system, Poweliks creates a startup registry entry that executes the legitimate rundll32.exe Windows file followed by some encoded JavaScript code. This triggers a process similar in concept to a Matryoshka Russian nesting doll, said Paul RascagnA”res, senior threat researcher at G Data, in a blog post.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7a0a2c0bbf&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=3ee7f63690)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)