Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Much has been reported and discussed about the bank heists that affected Bangladesh, Vietnam, and Ecuador. All three cases involved the Society for Worldwide Interbank Financial Transfers (SWIFT), a system used by financial/banking institutions worldwide for communicating financial messages or instructions, and has more than 10,000 customers from the financial sector: banks, brokerage institutions, foreign exchanges, and investment firms, among others.
One particular mobile malware caught our attention with its unique combination that makes its attack stealthy, and it has the capability to locks a user’s device. A similar routine was reported previously in our entry on Operation Emmental in terms of locking the victim’s phone. However, this new malware does so as a failsafe and without the use of external commands.
Latest reports have uncovered a new ransomware strain called BadBlock targeting home users through malicious URLs and email attachments. Security firm Malwarebytes has also reported that DMA Locker has been updated with automated as well as command and control (C&C) protocols, using the Neutrino exploit kit to distribute the malware.
Ransomware is the scourge of the modern IT security team. If allowed to spread through your IT environment it could shut down the organization, denying access to mission critical data for potentially days, or even indefinitely. The result? The disruption of service delivery, lost productivity and a hefty hit to reputation and profits. Some believe the best answer is to block it at the email/web gateway and train staff to better spot suspicious emails. While this is critically important, it’s not the whole story.
State chief information officers and cybersecurity officials are calling on the federal government to finalize a plan of action for responding to major cyberattacks, which the U.S. Department of Homeland Security drafted over six years ago. The National Cyber Incident Response Plan, known as N-Chirp, seeks to coordinate efforts between federal, state and local officials, as well as other stakeholders, to mitigate damages and bounce back from cyberattacks aimed at disrupting power grids, or major communications and transportation systems, among other targets.
Just days after transferring $11,000 in stolen bitcoins to an anti-ISIS revolutionary group in Syria, hacktivist Phineas Fisher was at it again — not just defacing the website belonging to Spain’s Catalan police union, but actually posting an online tutorial showing how it was done. Phineas Fisher, aka “Hack Back!” and “GammaGroupPR!,” is the same online agitator credited with hacking Italy-based government surveillance technology provider Hacking Team and posting a how-to guide describing the attack’s methods.
Efforts by some utilities to modernize the aging electrical grid may actually work against their abilities to quickly recover from a cyberattack, experts told lawmakers in Washington, D.C., Wednesday. Digital automation, intended to make the grid run more smoothly, may make it more difficult to get up and running after an outage.
This year, experts say we’ll have a total of 6.8 billion connected devices on the planet, each one a tempting portal for hackers who want to steal your identity, your savings, or even shut down a city.
It’s an increasingly dangerous cyber arms race. The good news? San Antonio is leading the way in cybersecurity and has the largest collection of cybersecurity professionals outside of the nation’s capital.
Hillary Clinton disregarded State Department cyber-security guidelines by using a private email account and server, an internal audit found on Wednesday. Her staff twice brushed aside specific concerns that she was not following federal rules. The inspector general’s review also revealed that hacking attempts forced then-secretary of state Mrs. Clinton off email at one point in 2011, though she insists the personal server she used was never breached.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.