Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Business Email Compromise (BEC) campaigns can be considered one of the most dangerous threats that businesses of any size today are at risk of becoming a victim of. In our continued efforts to study and understand BECs, we’ve discovered that 40% of BECs in the past two years have targeted CFOs more than any other company position.
Businesses today pride themselves on responding quickly to changing conditions. Unfortunately, cybercriminals aren’t any different. A newly discovered malware family hitting point-of-sale (PoS) systems has been found which emphasizes speed in how the information is stolen and sent back to attackers. We called this attack FastPOS, due to the speed and efficiency of its credit card theft capabilities.
The threat of a cyberattack is greater for today’s businesses than ever before. Criminals are continually devising new ways to attack your data and potentially harm your business. It’s up to you to make sure that you have the necessary security strategy and technologies in place to defend against not just today’s cyberthreats but the future ones as well. Here’s a look at the four biggest cybersecurity threats this year.
While SNSLocker isn’t a stand-out crypto-ransomware, after looking closer at its code, we discovered that this ransomware contains the credentials for the access of its own server. We also found out that they used readily-available servers and payment systems. This shows that the authors behind SNSLocker are in it for the same reason a lot of cybercriminals have moved to ransomware: easy setup of systems for massive infection, and quick return of income.
In May, hacktivist group Anonymous warned multiple financial institutions that it was going to take them down as part of Operation Icarus. Late last week, on Thursday (June 2), the London Stock Exchange (LSE) found itself in the group’s crosshairs in the latest leg of the attack, reported Newsweek. The stock exchange’s site reportedly experienced a two-hour disruption as the result of what is believed to be a DDoS attack carried out by the well-known hackers.
The U.S. and India have agreed in principle to a new enhanced cybersecurity relationship encompassing a broad range of online activity, President Barack Obama and Prime Minister Narendra Modi announced June 7 in a joint statement. As part of the new Framework for the U.S.-India Cyber Relationship, Obama and Modi said the countries would work to preserve the Internet as an engine of commerce not managed by any one government.
In the race for national cybersecurity, Belgium is coming in last. The European nation is the country most exposed to hacking and other cyberattacks, according to a list compiled by information security firm Rapid7 released this week. Rapid7 created a “heat map” of the world by scanning every public-facing IP address in the world. The map compiled a list of “open doors,” or servers that have ports open to an insecure service.
A hacker, who has links to the recent MySpace, LinkedIn, and Tumblr data breaches, is claiming another major tech scalp — this time, it’s said to be millions of Twitter accounts. A Russian seller, who goes by the name Tessa88, claimed in an encrypted chat on Tuesday to have obtained the database, which includes email addresses (and sometimes two per person), usernames, and plain-text passwords.
Hackers care less about ease and more about outcomes, and exploit techniques are becoming increasingly sophisticated, according to the “2016 State of Vulnerability Risk Management” report from NopSec, a vendor of cloud-based cybersecurity threat prediction and remediation technology. Social media is playing a larger role in the realm of cybersecurity, the report found, and Twitter is becoming one of the top platforms for security researchers and attackers looking to disseminate proof-of-concept exploits.
Top official in Defense Department’s cybersecurity unit says the organization is doing an ‘effective job’ at recruiting, but keeping up with the evolving threat landscape remains a challenge. At U.S. Cyber Command, the top brass has made recruiting top talent a leading priority, but those efforts have been slowed by challenges in attracting and retaining the next generation of cyber warriors.
For today’s car-owners, over-the-air updates are a great thing–except when they aren’t. Some Lexus owners have learned that the hard way, thanks to a software update that’s been crashing vehicles’ navigation systems. More alarming is the possibility that Lexus has been the target of a cyberattack. One Toyota spokesperson, Cindy Knight, told Bloomberg that satellite communications to Lexus vehicles’ navigation systems “had been disrupted.”
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.