Security News Curated from across the world
Until a certain change is applied the retail sector will remain main target of cyber fraud. But if the cloud company is serious, it can provide a solution even in these cases.
In 2012, the time to recognize such activity was on average 210 days. About 64% of all retail firms need approximately 90 days to spot a fraud. At the same time 5% of companies need 3 year to identify criminal intrusion.
Link: http://www.dubaichronicle.com/2013/02/13/e-retailers-cybercrime/
Only one in five emails were legitimate and email spam increased to 76 percent.
Analysis and news headlines show that multistage attacks with multiple vectors have challenged security capabilities, as they worked to find weak spots and circumvent defenses. Attacks identified by Websense indicate a need for integration at the actual defense level and deep content security intelligence with real-time security defenses.
When independent solutions are in place, there is no way to ensure that email, web, mobile, social and data loss defenses are each prepared to perform their role to cohesively address an emerging threat.
Link: http://www.net-security.org/virus_news.php?id=2411
Some experts think online espionage is costing us as much as $25 billion to $100 billion annually, and the Obama administration is stepping up its efforts to fight the problem. This week, the president is expected to issue an executive order outlining voluntary cyber security standards for important private-sector companies and for the sharing of threat information between the companies and the government. … The government needs specific evidence of hacking to take action, and when an institution like the Times reveals that it’s been targeted, it might encourage other companies to admit that they failed to prevent hackers from poking around in their computer systems.
Link: http://nymag.com/daily/intelligencer/2013/02/chinese-hackers-going-after-us-not-just-media.html
Several U.S. newspapers, including the Post, The Wall Street Journal and The New York Times accuse Chinese hackers of infiltrating their computer systems.
Duncan Clarke of Stanford University, who also chairs BDA — a China-based investment and advisory firm — said that if China is responsible for directing corporate espionage, it would be to help Chinese companies compete with their U.S. rivals. And we have not seen that level of concern in other countries, so the risk is that you actually hurt your own interests by taking too hard a line on this.”
The U.S. government has been concerned for years about the “significant and growing” threat of hackers stealing data for economic gain, and a report in The Wall Street Journal says businesses have long been well aware of the problem. So far, Washington’s response has included everything from giving written guidance to businesses on intellectual property crimes, to setting up a toll-free number to report problems, to unsuccessful efforts to get Congress to pass legislation on the issue.
Link: http://www.voanews.com/content/us-report-highlights-economic-threat-of-hacking/1601067.html
The Cyber Fighters began attacks on banks in September, claiming in statements posted to an Internet message board that they would continue until a YouTube video mocking the Islamic Prophet Muhammad was taken down. In addition to PNC, the attacks hit Citizens Bank, Fifth Third Bank and Huntington Bank in the Pittsburgh region.
Many government officials and Internet security experts have said they believe the attacks were carried out by the Iranian government or at its behest. Dave Aitel, CEO of the Miami Internet security firm Immunity Inc., said everything the Cyber Fighters wrote suggested Iran was involved. “Clearly this was state-sponsored, and the only state with an interest is Iran,” Aitel said, citing the frequent use of “proportional response” by the group to describe the attacks on banks.
Bardin said the attacks fit the standard mode of operation of Iran’s Revolutionary Guards, who “go around the world and set up proxy groups sympathetic to them.”
Link: http://triblive.com/news/allegheny/3363832-74/attacks-cyber-bank#axzz2KdfkRFjM
The Python-based tool, dubbed TSURT (trust in reverse) uses the open source web scrapy framework Scrapy to pull user information like logos or avatars from a target site which are then embedded in the phishing page.
In a video demonstration, the tool pulls down a Facebook account profile picture which is then placed inside a fake Facebook dashboard screen featuring a fake private message.
If an attacker wants to do a targeted attack its not the hardest thing in the world to have access to basic creds like account number or BSB.” “If a victim saw this in a banking dashboard it would definitely raise less alarms alarms as opposed to usual phishing techniques which just rudely slap the user with a login page.”
Link: http://www.scmagazine.com.au/News/331434,new-phishing-tool-mimics-logged-in-dashboards.aspx?utm_source=feed&utm_medium=rss&utm_campaign=SC+Magazine+All+Articles+feed