Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. What also struck us the most about this RAT (detected as BKDR_LODORAT.A) is how it abuses the Port Forward feature in routers. Learn more in our latest blog post.
An anonymous Greek official confirmed on May 4 that Greece’s central bank was the victim of a cyberattack on May 3. According to the source, the attack lasted “several minutes” and targeted the bank’s security systems. The group Anonymous, an activist hacking organization, is responsible for the cybersecurity breach. In a YouTube video, Anonymous had previously warned that it would soon begin a 30-day campaign called “OpIcarus – Shut Down the Banks” against central banks around the world.
Terrorist-linked hackers have targeted about 3,000 ordinary New Yorkers in a cyberattack, posting their personal information online and announcing, “We want them #Dead,” the I-Team has learned. FBI and NYPD officials plan to visit the homes of everyone targeted, but say there is no specific threat of violence against them.
To answer the question we posed before: Yes, cybercriminals and terrorists are more similar than we think – they use similar platforms and services online, but also with some key differences. Unsurprisingly, remaining anonymous is of utmost importance to cybercriminals and terrorist organizations alike.
On April 12 Paunch, the creator of the infamous Blackhole exploit kit, was sentenced to seven years in a Russian prison. This was soon followed by Aleksandr Panin, the creator of SpyEye: he was sentenced by a United States federal court to nine and a half years in prison for his role in creating SpyEye. One of his partners, Hamza Bendelladj, was sentenced to fifteen years.
On Thursday, the US Supreme Court presented Congress with changes in the Rules of Criminal Procedure that will allow judges to issue warrants directed at electronic devices outside their jurisdiction. These changes vastly expand the government’s surveillance and hacking power.
In April, Sen. Ed Markey introduced the Cybersecurity Standards for Aircraft to Improve Resilience Act, or Cyber AIR Act, to address aircraft security by requiring the Federal Aviation Administration to develop cybersecurity guidelines for the aviation industry and also requiring airlines to report cyberattacks to the government.
Hack a car in Michigan, go to prison for life…at least if a newly proposed cybersecurity bill become law. While some Canadian officials are worried about distracted driving in the future, such as drivers being too busy having sex in self-driving cars to be attentive to the vehicle’s “take over” command, Michigan lawmakers are so worried about car hacking that they’ve proposed making it punishable by life in prison.
The buzz at yesterday’s inaugural Cyber Investing Summit – held on Wall Street at the New York Stock Exchange – was that most CEOs and board members don’t get cybersecurity. Cybercrime is on the rise — to the tune of $2.1 trillion by 2019, according to Juniper Research. The Verizon 2016 Data Breach Investigations Report (DBIR) states that no location, industry or organization is immune from attack. A DBIR executive summary — described as the C-level guide to what they need to know — is chock full of information that most CEOs will struggle to understand.
Better employee training, more quickly fixing known vulnerabilities and thinking like a hacker are three things companies can do to better protect themselves from data breaches and digital mischief, according to the Verizon Enterprise Solutions 2016 Data Breach Investigations Report. The report found the top 10 known vulnerabilities accounted for 85% of successful exploits, even though patches to fix them were available.
The Australian entrepreneur who has claimed to be the inventor of Bitcoin has reneged on a promise to present new “proof” to support his case. Craig Wright had pledged to move some of the virtual currency from one of its early address blocks, an act many believe can only be done by the tech’s creator. This would have addressed complaints that earlier evidence he had published online was misleading.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.