Banking expert warns of potential for ‘really bad’ cyberattack. From CNBC. Cyberattacks on banks need to be looked at with the same kind of urgency as physical threats, because there is the potential for things to get really bad, banking and cybersecurity expert Ben Lawsky said Wednesday. “We live in a world where each day we are surprised by something new when it comes to the sophistication and the capabilities of hackers,” he said in an interview with CNBC.
There’s a Stuxnet Copycat, and We Have No Idea Where It Came From. From Vice. After details emerged of Stuxnet, arguably the world’s first digital weapon, there were concerns that other hackers would copy its techniques. Now, researchers have disclosed a piece of industrial control systems (ICS) malware inspired heavily by Stuxnet. Although the copycat malware—dubbed IRONGATE by cybersecurity company FireEye—only works in a simulated environment, it, like Stuxnet, replaces certain types of files, and was seemingly written to target a specific control system configuration.
If you use Waze, hackers can stalk you. From Fusion.net. Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas over a three-day period.
- Meet the malware that screwed a Bangladeshi bank out of $81m. From The Register. February’s hack against Bangladesh’s central bank that netted $81m in diverted funds is one of the biggest cyber heists of all time. Now researchers think they’ve found the malware that did it. A sample of the software nasty was obtained by researchers at defense contractors BAE Systems. The malware appears to have been custom built to use the global SWIFT (Society for Worldwide Interbank Financial Telecommunication) system and its Alliance Access backend.
- RuMMS Android Malware Attacks via SMS Spam, Steals Money from Bank Accounts. From Softpedia. Security researchers have discovered a new Android malware family that’s being spread using SMS spam messages and has been secretly stealing money from victims’ bank accounts after infecting their devices. At the time of writing, this malware family which FireEye researchers have named RuMMS has targeted only users living in Russia. The first infections hit users on January 18 and have continued until late April.
- National Infrastructure Attacks Mark Ominous Milestone for Cyber Security From InfoSecurity Magazine. Hundreds of thousands of homes across western Ukraine were suddenly left without power last December after a massive blackout. Though power was eventually restored, this event should serve as a wake up call for governments around the world, not just because of the severity, but due to the cause .
- Amazon force-resets some account passwords, citing password leak. From ZDNet. Amazon has force-reset an unknown number of accounts, after passwords may have been compromised. A number of readers told ZDNet they received an email from Amazon saying the company has reset their account password. The message was also sent to their account message center on Amazon.com, and Amazon.co.uk, confirming the message is genuine.
- How an email sparked a squabble over Chinese-owned Lenovo’s role at Pentagon. From Washington Post. Ever since Chinese computer maker Lenovo spent billions of dollars to acquire IBM’s personal-computer and server businesses, some lawmakers have called on federal agencies to stop using the company’s equipment out of concerns over Chinese spying. But an email circulated within the Air Force appeared to indicate Lenovo being kicked out.
A Brief History Of Ransomware. From DarkReading. The rise in ransomware extortion as a reliable weapon for cybercriminals to make the most of victims’ system vulnerabilities has now spanned the better part of a decade. But the last year has seen hockey stick growth as attackers perfected their methods and targeted victims. At this point ransomware has established itself as $60 million a year criminal enterprise, with that number sure to rise as the income is funneled into improving the next ransomware generation.
- FireEye Threat Intelligence Review. From SC Magazine (2015). This is an extremely powerful system for gathering, analyzing and acting on cyberthreat intelligence. The wealth of available data is impressive and FireEye is an experienced player with a heavy recorded history of data going back 10 years or more. We do wish, however, that this wealth of analytical power was readily available as a standalone service for threat analysts who are not necessarily part of a network defense team.
- Interview: Security and scalability of the IoT in business. From ITProPortal.
We spoke to Klaus Gheri, VP and GM of Network Security at Barracuda Networks about the challenge of securing IoT devices in industry and the tools being developed to overcome IoT barriers to adoption.
Transportation Official: Cybersecurity Rules May Be Needed for Cars. From MorningConsult. The head of the National Highway Traffic Safety Administration told a House panel Thursday that his agency may need to craft rules to enhance cybersecurity as more vehicles are connected to the internet. “You need some best practices, and potentially rules, to establish certain kinds of hard protections in things,” NHTSA Administrator Michael Rosekind said.