Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
TippingPoint brings research and threat expertise with DVLabs, which provides the threat intelligence that powers those products. TippingPoint also brings in a truly unique asset, the Zero Day Initiative (ZDI): the industry’s first, best respected and most prolific broker of responsibly disclosed security vulnerabilities.
Pawn Storm, the long-running cyber espionage campaign, added to its long list of targets several government offices (including the office of the prime minister and the Turkish parliament) and one of the largest newspapers in Turkey. Pawn Storm has been known to attack a diverse list of targets–including armed forces, diplomats, journalists, political dissidents, and software developers.
On March 4th, cancer treatment center 21st Century Oncology Holdings shared details of a breach that affected over 2 million patients. The investigation conducted by the Federal Bureau of Investigation and a dedicated cyber forensics firm revealed that the theft of patient information—including names, Social Security numbers, physicians’ names, treatment and insurance details—took place in November after malicious parties gained access to the center’s database in October.
Now that 2015 has passed, we can look back and take the measure of the truth of that prediction. As you’ll see in our 2015 Annual Security Roundup “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies” 2015 was indeed the year of “better, bigger and more successful hacking attempts,” certainly from the standpoint of attacks against and theft of data.
Researchers at ESET have spotted a new Android banking trojan that camouflages itself as a legitimate mobile banking app, but instead of giving access to a person’s bank account it steals login credentials. Dubbed Android/Spy.Agent.si, the malware has targeted the customers of 19 banks located in Turkey, New Zealand and Australia.
For the first time, Apple Mac users have been hit with functioning ransomware, a scary variant of malware that prevents users from getting to their data unless they pay criminals a ransom, and which usually deletes peoples’ data if you they do not pay the ransom within a few days.
Qualcomm Snapdragon SoCs (systems on a chip) power a large percentage of smart devices in use today. The company’s own website notes that more than a billion devices use Snapdragon processors or modems. Unfortunately, many of these devices contain security flaws that could allow an attacker to gain root access. Gaining root access on a device is highly valuable; it allows the attacker access to various capabilities they would not have under normal circumstances.
Threats never stand still, and exploits kits were no exception. 2015 saw multiple changes to this part of the threat landscape: freshly-discovered exploits were added, and compromised websites and malvertising were used to deploy and spread threats using exploit kits. Exploits kits need to continuously add new vulnerabilities to target to ensure they remain potent even as users upgrade to newer versions of software.
The Wall Street Journal Venture Capital Dispatch is the latest to cite research from Gartner, Inc. which reports the world-wide cybersecurity market topped $75 billion in 2015. “Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks,” said Elizabeth Kim, research analyst at Gartner.
After more than a year of working with Israeli cyber-security start-up Cybereason, US aerospace and data protection firm Lockheed Martin officially released a cyber-security solution based on the Israeli firm’s technology.