[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
New ‘Breaking Bad’ ransom Trojan is no laughing matter, says Symantec<\/p>\n
The hook this time is that the Trojan uses a splash screen ransom demand for between $450 and $1,000 Australian dollars (up to $800) based on the fictional restaurant chain Los Pollos Hermanos used in the TV show.<\/p>\n
It’s not clear why the criminals adopted Breaking Bad but their use of it is no accident – the extortion email address even references a quote by main character Walter White, “I am the one who knocks.”<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=08eebf413b&e=20056c7556<\/p>\n
Cybercrooks used LINE to aim at Taiwan govt<\/p>\n
Intended targets received a spear-phishing email that uses LINE as its subject and has .ZIP file attachment with the filename, add_line.zip. The said email message purports to come from the secretary of a political figure supposedly asking recipients (in a Taiwan government office) to join a specific LINE group, and to provide some information for profiling purposes. Once users open the .ZIP file, it contains a malicious executable file.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=73ea064379&e=20056c7556<\/p>\n
Attackers Slipping Past Corporate Defenses with Macros and Cloud Hosting<\/p>\n
What makes the current versions of macro malware particularly dangerous is that the code is often heavily obfuscated, making detection difficult. Furthermore, once the document is opened and macros are enabled, the malware installs and begins to monitor Internet Explorer, Chrome, and Firefox browser activities with the capability of grabbing screenshots and logging keystrokes. The attacker\u2019s ultimate goal is stealing these login credentials that give access to corporate and financial data.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d1a603a7c5&e=20056c7556<\/p>\n
Threat Clarity through iSIGHT Partners Threat Diagnostics: Recent Campaign Discoveries<\/p>\n
Dyre, Dridex and Hijack (aka Shylock), three banking Trojans capable of stealing credentials from victim computers, have been seen across the hospitality, financial and commercial airline sectors.<\/p>\n
Netwire, a remote access Trojan (RAT), has been identified in targeting of both financial and hospitality sectors.<\/p>\n
Other RATs such as Gh0st, and PlugX, were associated with cyber espionage activity affecting media, financial and hospitality target sets.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=af51ff9f3c&e=20056c7556<\/p>\n
Hackers target banks for bitcoin payout **
\nHackers believed to be from overseas have threatened to launch fresh cyber attacks on Bank of China and Bank of East Asia unless they pay them not in cash, but with virtual currency bitcoin.
\nLink:** http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=80b3089eb9&e=20056c7556<\/p>\n
Businesses need more guidance on trigger for data breach notifications, says expert<\/p>\n
Data protection law specialist Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said that it is not clear from the wording of the proposed new General Data Protection Regulation (GDPR) when “the clock would start ticking” on the 72 hours companies would have to report the loss, theft or unauthorised accessing of personal data they are responsible for.<\/p>\n
“The 72 hour deadline for notification is a demanding one,” Dautlich said. “Businesses are going to need to give some thought to questions that seem easy but \u2013 as anyone who has dealt with a breach will know \u2013 are often not at all, for example.”<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=848d088594&e=20056c7556<\/p>\n
SEC\u2019s Division of Investment Management Issues Cybersecurity Guidance<\/p>\n
In Guidance Update No. 2015-02, the Division of Investment Management (Division) of the Securities and Exchange Commission (SEC) issued some high-level suggestions concerning the importance of cybersecurity for registered investment companies and registered investment advisers. The guidance outlines a number of measures these entities should consider for addressing cybersecurity risks. Of course, while some of these and other measures may have specific application to certain sectors of the financial services industry, many of these measures can and should be applied in most organizations, regardless of industry.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=54b9341aef&e=20056c7556<\/p>\n
Security Vulnerability Discovered In Millions Of Business Computer Systems — Here’s What You Need To Know {Venom]<\/p>\n
The vulnerability was discovered by Jason Geffner, a Senior Security Researcher at cybersecurity firm CrowdStrike. While Geffner and his colleagues did not publicize the vulnerability until 8:00 a.m. today, they began notifying affected vendors of the vulnerability in late April; a team at QEMU \u2013 a free, open-source system for creating and managing virtual machines (sometimes known as a hypervisor) whose code was the source of the vulnerability \u2013 wrote a patch which it distributed to various vendors that leverage QEMU code and were impacted by the vulnerability. By the time you read this, those vendors should have patches available for their customers, and many hosting providers should have already deployed them.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7874d6ec09&e=20056c7556<\/p>\n
NTT Innovation Institute (NTT i3) Announces the Availability of the 2015 Global Threat Intelligence Report<\/p>\n
The report is focused on the changing threat landscape and the quantifiable shifts over the last year that alter corporate risk, and require a reevaluation of risk posture which requires organizational security transformation. Using this awareness, business and security leaders will be able to focus the security goals addressing the threat and security investment of their enterprises on the things that are most impacting their organizations. The report delves into detailed analysis of the changing infiltration tactics, the commoditization of malicious capabilities, spread of the threat and how the business of cybercrime is responding to successful defensive strategies with rapidly adapting tactics. Some of the key finding of the report include: …. Threats against the end user are higher than ever, attacks show a clear and continuing shift towards success in compromising the end point. Distributed Denial of Service (DDoS) attacks changed in nature with a massive shift
\ntowards amplification attacks using Universal Datagram Protocol (UDP) protocols and this accounted for 63% of all DDoS attacks observed by NTT Group.<\/p>\n
Attacks against Business & Professional Services increased from 9% to 15%<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2586b0039d&e=20056c7556<\/p>\n
Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis<\/p>\n
In our current diffuse and multipolar threat environment, the DOD intelligence enterprise faces the daunting task of discerning abnormal and\/or significant activities from normal patterns of activities. To truly revolutionize and fundamentally change from an individual exploitation process to analysis-based tradecraft, the enterprise needs to harness the potential of big data, replacing the methodology of individually exploited pieces of data with an activity-based analysis approach, known as Activity-Based Intelligence (ABI). Use of the ABI methodology will enable our intelligence analysts to focus on hard problems with critical timelines as well as normal day-to-day production activities across the spectrum of conflict. This methodology will aid in the development and understanding of patterns of life, which in turn will enable analysts to differentiate abnormal from normal activities as well as potentially defining a \u201cnew normal.\u201d Furthermore, the sharp incline in the
\namount of data, recent information technology (IT) advances, and the ABI methodology impel significant changes within the traditional DOD intelligence production model of PCPAD (planning and direction, collection, processing and exploitation, analysis and production, and dissemination).<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=226ef9d591&e=20056c7556<\/p>\n
Cisco CTO: Security, Big Data Analytics Services Poised To Boom In The Channel<\/p>\n
Although the IoT has great promise, it also makes security more complicated because it amounts to a dramatic expansion of the network. Cisco’s challenge, Warrior said, is about taking the security and intelligence it has built into its network infrastructure and extending that to devices and endpoints.<\/p>\n
Cisco is tackling this challenge by adding more visibility into its network, Warrior said. “We have to help customers see what’s happening in their infrastructure, so they can apply the right technology to protect against malware and threats,” she said in the keynote.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dc4ac5a3f5&e=20056c7556<\/p>\n
Oil & Gas Firms Hit By Cyberattacks That Forgo Malware<\/p>\n
An unusual type of targeted attack underway for two years uses legitimate Windows file functions and a few homemade scripts — but no malware — to infiltrate companies in the oil and gas maritime transportation industry.<\/p>\n
The attack campaign, dubbed Phantom Menace by Panda, was first spotted by the security team at an oil and gas transportation company in the U.K. It began with a convincing-looking spearphishing email with a phony PDF file that when opened by the victim user, was empty. “It has a self-destructor file, and it creates a folder where it puts files inside. It runs one of the batch files and that’s it. There are no malicious” code tools, he says.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=97b6ae88cd&e=20056c7556<\/p>\n
Stealthy malware ‘Poweliks’ resides only in system registry<\/p>\n
The concept of “fileless” malware that only exists in the system’s memory is not new, but such threats are rare because they typically don’t survive across system reboots, when the memory is cleared. That’s not the case for Poweliks, which takes a rather new approach to achieve persistence while remaining fileless, according to malware researchers from G Data Software.<\/p>\n
When it infects a system, Poweliks creates a startup registry entry that executes the legitimate rundll32.exe Windows file followed by some encoded JavaScript code. This triggers a process similar in concept to a Matryoshka Russian nesting doll, said Paul RascagnA”res, senior threat researcher at G Data, in a blog post.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7a0a2c0bbf&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=3ee7f63690)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: New ‘Breaking Bad’ ransom Trojan is no laughing matter, says Symantec The hook this time is that the Trojan uses a splash screen ransom demand for between $450…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1074","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1074","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1074"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1074\/revisions"}],"predecessor-version":[{"id":3561,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1074\/revisions\/3561"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1074"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1074"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1074"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}