Issue No. 5 | May 2014 Monthly newsletter

სტატია

Issue No. 5 | May 2014

Cyber security monthly newsletter

May 8

U.S. House Judiciary Committee approves bill that would end NSA bulk data collection

The bill proposes cessation of the current total electronic communication harvesting practiced by the American secret services. It was passed by the Judiciary Committee under the House of Representatives of the U.S. Congress by a vote of 32-0.

May 13

“Cloud” construction for governmental bodies in Russia to be enforced by law

The Ministry of Communications and Mass Media of the Russian Federation has submitted a draft law stipulating provision of “cloud” services to Russian authorities.  The draft contains a list of amendments to the enacted FZ-149 On Information, Information Technologies and Information Protection. The bulk of the document is dedicated to a set of mandatory standards for “cloud” operators working with Russian clients.

May 13

Bank of Russia recommends banks set up host-to-host connections

 The Bank of Russia recommends that banks establish bank-to-bank communication channels when contracting with other lending institutions, according to a letter by Georgy Luntovsky, the institution’s deputy chairman, posted on its official website.

The letter also says that the interaction is necessary for Russia-wide transfers to avoid the operational and payment clearing centres commonly used in international payment systems.

The bank also advises "supporting said channels in a ready-to-use state."

Legislative news and regulatory recommendations

April 30

Android Trojan acts on behalf of Avito.ru

A pack of hackers have engaged in a series of recurring attacks to fake well-known companies or trademarks, arousing interest and gaining the trust of certain categories of users.  The cheats mostly use these tactics for stealing confidential information, phishing, promoting dubious services, and propagating malware apps.

May 12

Kaspersky Labs detect unusual mobile worm

Kaspersky Labs have detected a peculiar mobile worm aimed at the Sipnet Internet phone call service provider.  Unlike other similar malware, this one starts SMS-spamming soon after launching without any command from the hacker’s server.

May 14

Avast warns of rise in ransom program activity

On Monday Avast, a Czech anti-virus vendor, announced that over the last 45 days it has recorded an increase in ransom infections encoding user data.  Avast reported that around 200 mln devices using Windows, Mac, and Android have been infected by ransom malware produced, it seems, by one and the same team of culprits.

May 15

ESET warns of spam mailout containing malware

ESET, an international anti-virus company, has warned of a rash of Trojans disguised as .jpg files in email messages.  The attack is aimed at East European users.  The Trojan attacks the PC when the unhappy victim tries to open the file attached to an email, taking it for a jpeg image.  In fact it is an .exe file in disguise, containing a malicious code.

May 18

Hackers fake Kaspersky anti-virus

Kaspersky Lab experts have detected a fake version of Kaspersky anti-virus for mobile devices.  The phony Kaspersky application, which just shows pacifying messages without actually eliminating threats, appeared in the Windows Phone Store and Google Play.

May 20

What you need to know about HTML5 attacks

All the latest browser versions support HTML5; consequently, the industry is more than ready to accept and adjust to the new technology.  HTML5 is designed to simplify the process of including and processing graphic and multi-media content on the web without using third-party plugins or API. This article will talk about the new types of attack that HTML5 has introduced.

May 21

Win32.Sector file virus infects over one million PCs

File viruses are not common malware - hence Win32.Sector, which created a vast botnet, is of special interest to information security experts.  Doctor Web analysts have studied this virus and managed to estimate the current infection scale.

May 22

PayPal users subject to phishing attacks

PayPal payment system clients are now phishing targets.  Experts attribute perpetrators' surge in activity with the recent hack into eBay.  Protect your login and password.

May 22

eBay hacked - change your password!

According to BusinessWire, eBay, an auction site and global online retailer, has fallen prey to hackers as the resource's servers shuddered under a massive attack on the user password database.  The admins recommend changing your eBay password.

May 28

Avast anti-virus company reported its own forum hacked

Avast has announced that its own Internet forum has been hacked and 400,000 registered users could be stripped of their personal data.  According to Vincent Steckler, Avast Software’s CEO, the company today caters to around 200 million people, whereas 400,000 comprises only 0.2 percent of its database. 

Staying secure

Finance sector

May 8

Russian banks block client cards due to data leak through RZD tickets purchases

A number of Russian banks blocked or restricted the functionality of cards for clients who used them to purchase tickets via the Russian Railways website. This information was reported to Banki.ru by several lending institutions.

May 13

Voice phishing masters caught in Belgium and Holland

Potential Belgian victims received fake emails from a Belgian bank with a request to provide some personally identifiable information.  The Netherlands-based culprits then contacted the victims directly via phone in order to obtain more detailed personal and private information.  The information collected was later used to access and milk cash from the bank accounts.

According to Europol, the EU's police, Belgian banks and their clients have suffered million-euro losses.

May 13

Nature prompts new way to secure cash machines

ETH Zurich (Eidgenössische Technische Hochschule Zürich) experts have developed a special film which, when damaged, oozes extremely hot foam to ward off malicious hands.  This technique is supposed to counteract vandalism and cash machine burglary.

May 20

Hale & Hearty worker steals credit card data

A worker from Hale & Hearty, a New York-based company dealing in fast food delivery, has been copying clients' credit card data by means of a skimmer.  She got the device from a friend of hers who, according to the police, headed a criminal gang of 11, nbcnewyork.com reports.

May 21

Two-thirds of information leaks in Russia occur in SMB

InfoWatch, Russian corporate information internal security market leader, has published its first report dedicated to information security levels at SMB companies.  In 2013, the number of compromised client and staff entries at small and medium businesses exceeded 129 million.  Whereas globally, SMB demonstrated a little under 40 percent of total leakage registered, in Russia the companies were accountable for 61 percent, i.e. almost two thirds.

May 21

Who pays for the holes?

In early summer, the Bank of Russia is planning to publish a new standard on information security in the RF banking system.  The regulator is hoping to gain control over the mixed industry of finance application developers and dramatically decrease data leakage risks and electronic fraud.  Banki.ru got hold of some details of the upcoming guidelines.

May 27

Chinese authorities call upon local banks to abandon IBM servers

The Chinese authorities are pondering a threat imposed by high-performance IBM servers on the nation's financial security, Bloomberg reports with a link to reliable sources.

 

Internet and telecommunications

May 2

German hacker announces NSA website hack

Matthias Ungethüm affirmed he has managed to hack the official website of the National Security Agency.  The computer genius made the announcement today on MDR.

May 7

Hacker arrested for attacking Swiss banks

Yassine Gharib, a 26-year old Moroccan, got arrested in Thailand for allegedly hacking into Swiss clients' bank accounts and stealing money.  He and his friends stole over $20 million.

May 7

115,000 phishing attacks over second half of 2013

The Anti-Phishing Working Group consortium has published its Global Phishing Survey results for the second half of 2013.  Over half of the 681 entities have fallen prey to hackers from July to December of the previous year.

May 8

Apple acknowledges passing iPhone, iPad, and Mac users' files to U.S. authorities

Upon governmental request, Apple will procure and hand over not only identification information, but also personal photographs, contacts, conversation history, documents, and other information to the government, according to the company's new policy of collaboration with U.S. authorities and law enforcement structures.

May 8

Hackers avail selves of 1.3 mln Orange user accounts

Info on over a million Orange clients has been stolen in the second leak from the French mobile operator over the last three months. The names, phone numbers, birth dates, and email addresses of over 1.3 million people were stolen during the April cyber attack on Orange's servers. Today, Orange says it will reinforce its security policy regarding client data.

May 8

U.S. suspect arrested for allegedly stealing data from 110 mln Target clients

Texas police arrested a man suspected of stealing data from Target clients in the country's second largest hacking attack ever, local media reported.

May 12

Sailor hacks 30 U.S. government systems

Former U.S. Navy officer Nicholas Paul Knight is accused of hacking 30 government systems, including the U.S. Navy, Harvard University, and the Department of Homeland Security.

May 13

European Union Court requires Google to delete personal data upon users' request

It is now mandatory for Google to comply with the EU Data Protection Law and to make adjustments to its search engine, after a ruling by the European Union Court protecting the right to privacy.

May 16

FPS Economy of Belgium website hacked

Belgium's Federal Public Service Economy has reportedly suffered a data leak, its spokesmen report.  The prime suspect is a foreign intelligence agency.  No definite information on the attackers has been obtained so far; however, among the suspects are Russia, the NSA, and independent hacker groups.

May 19

740 mln personal files stolen or unlawfully reviewed in 2013

740 million confidential files were stolen and unlawfully reviewed by cybercriminals in 2013, a year that has become the worst ever in this respect. The news was revealed in a study conducted by Zurich Insurance Group in collaboration with analytics agency Atlantic Council.

May 20

Law enforcement bodies clamped down on Blackshades

EU and U.S. law enforcement bodies have announced a special operation to arrest clients, operators, and developers of a remote access tool, or backdoor, known as Blackshades RAT (ESET:  Win32/VB.NXB, Microsoft: Worm:Win32/Ainslot, Symantec: W32.Shadesrat).

May 20

Cisco CEO asked U.S. President to stop bugging routers

Cisco CEO John Chambers has asked U.S. President Barack Obama to keep his secret service in check, as their activities discredit products by Cisco and other American manufacturers.

May 21

FBI wants Chinese citizens from APT1 group

Last winter we told you about a report by Mandiant (now part of FireEye) on the Chinese APT1 group, aka Comment Crew.  The name was acquired by a group of hackers from the so-called Unit 61398 of the People's Liberation Army, which conducted cyber espionage operations in other countries.

May 21

Trend Micro has published an overview of cyber security threats in Q1 2014

Trend Micro has published an overview of cyber security threats in Q1 2014 entitled Cybercrime Hits the Unexpected.  According to the report, perpetrators keep finding new ways and new targets to lead successful money-stealing attacks. 

May 28

Hacker facing imprisonment helps U.S. government counter cyber attacks

Ex-leader of LulzSec hacker group Hector Monsegur, facing a long time behind bars for orchestrating cyber attacks and stealing bank card info, has agreed to collaborate with the American government. The hacker has so far helped prevent at least 300 hacker attacks on government networks.

 

Industry and services

May 5

Companies fail to restrain cybercriminals

Websense and Ponemon Institute have published a report entitled Exposing the Cybersecurity Cracks: A Global Perspective.  The research, aided by 5,000 cybersecurity experts from 15 countries, showed that current cybersecurity threats are virtually insurmountable for most companies. 

May 7

Cost of data breach increased by 15%

The annual Cost of Data Breach research has shown that this year, companies have suffered 15 percent more damage from info leaks compared to the previous year.  The study was conducted by the Ponemon Institute and funded by IBM.

May 20

84% of companies download malicious software every 10 minutes

While cyber threats continue to evolve, companies need to learn to understand the origins of new exploits and how they might affect corporate networking. Companies need to have all available information on potential cyber threats at their fingertips to develop a corresponding security system capable of withstanding the onslaught.

May 25

Network of 1,500 infected POS detected

Cyber security experts have detected a global network of 1,500 POS infected by specialized malware.  The network, established by hackers in 36 countries, includes machines for other operations in retail. 

Articles

May 6

Roskomnadzor testing online-editions monitoring system

Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications) has started testing an automatic online-editions monitoring system, Vadim Ampelonsky, the agency's official representative, reported.

May 8

IBM presents new Comprehensive Threat Protection System

IBM has presented new software for security systems and consulting services to help companies protect their critical data from advanced persistent threats, zero day attacks, and breaches through pervasive behavioral analytics and deep research expertise. 

May 12

Russian Armed Forces establishes Information Operations Corps

The Armed Forces of the Russian Federation have organized an Information Operations Corps. The group’s primary objective is to protect the Army's command, communication, and control system from cyberterrorism and to encode relevant data against would-be aggressors, ITAR-TASS reports, citing an RF Ministry of Defense source.

May 15

Sysdig – Linux-based systems diagnostics tool

For system data collection and analysis, Linux uses a whole set of utilities.  Every system component is diagnosed by a specific tool.

May 21

Finger vein pattern to replace bank cards

Hitachi has developed Finger Vein, a scanning device planned for application to modern systems. Itcard S.A., a maintenance service company for Polish banks in cooperation with Japanese engineers, will be implementing this innovative equipment all over the country.

May 21

Daily cyberthreat amount tracked with KL service

Kaspersky Lab has granted the public access to unique statistics data portraying the current status of the cyberworld and its dwellers. The company has collected statistics from all over the globe on its new site http://kaspersky-cyberstat.com/rus/. Now you can learn about what others do on the Web, what devices they use, and what threats they face.  All info is updated in real time, enabling the user to watch the surrounding world evolve.

May 22

CERN developers launched protected anonymous mail service ProtonMail

A team from the European Organization for Nuclear Research (CERN) has developed ProtonMail, a mail service claiming to be one of the most protected of its kind. All content undergoes end-to-end encryption, and ProtonMail servers are located in Switzerland, which is famous for its personal data protection laws.  The service creators believe ProtonMail has the potential to surpass the recently closed Lavabit used by Edward Snowden.

May 26

When AES() = is a cryptobinary trick

Ange Albertini, a reverse engineering expert from Corkami, was asked jokingly  whether he could generate a JPEG picture that, having been AES-encrypted, could be converted back to a valid JPEG.  Ange, in all seriousness, accepted the challenge, did some research and published a presentation with guidelines on how to do perform the task in various formats. 

Learn something new: cyber security technology updates

13 May

Enterprises Faced with Analyzing 10K Security Events Per Day

Think the IT department has a handle over the security landscape within a company? Think again: new research has revealed that devices in a typical company’s network are generating a staggering aggregate average of 10,000 security events per day, with the most active generating around 150,000 events per day.

13 May

Fresh Phishing Scam Aims at Google Account Passwords

Hackers have been stealing Google account passwords in a new and better crafted phishing attack that is hard to catch with traditional heuristic detection, warns Bitdefender. A particularity in how Google Chrome displays data using Uniform Resource Identifiers (URIs) makes Chrome users most vulnerable, however the phishing attack also targets Mozilla Firefox users.

13 May

Pirated Content Usually Serves Up Malware Too

Online piracy of TV and films continues to thrive, but new research suggests that people looking for free entertainment often get free malware as part of the deal.

25 May

Serious Flaw in Yahoo Websites allows attackers to delete any comment

The Egyptian security researcher Ahmed Aboul-Ela has discovered a vulnerability which allowed deleting comments of any user in all Yahoo sites.

26 May

Critical Infrastructure, hackers targeted public utility SCADA

Cyber attacks could pose a potentially huge risk to US critical infrastructure, state-sponsored hackers and cyber criminals are increasing their activity.

27 May

CYBERPOL Investigates Indentify theft online

CYBERPOL the International Cyber-Security Organization (ICSO) is looking into the ID theft of personalities on social websites online that offers very little, if any protection of your identity being used by third parties.

27 May

Google Advances Fight Against Mac Malware with VirusUploader

Google has launched a new desktop version of its popular VirusTotal Uploader tool for Mac OS X in a bid to encourage malware fighters to make the Apple ecosystem more secure.

28 May

Spotify Android app hacked, change password and Upgrade it

Spotify company is investigating unauthorized access to its systems and internal company data. Android users urge to update the app and change the password.

Foreigner corner

იყო თუ არა ინფორმაცია სასარგებლო?