UK National Crime Agency Disrupts ‘Shylock’ Malware

Distribution of the “Shylock” malware has been disrupted by the UK National Crime Agency (NCA), in an effort to prevent a growing number of users from being compromised.

The Shylock malware reportedly infected more than 30,000 PCs across the world, with a specific focus on targeting bank accounts of UK residents.  Shylock, which included Shakespeare’s The Merchant of Venice passages hidden within its code, targeted PCs running Microsoft Windows.

The NCA confiscated servers responsible for distributing the malware – and the malware was able to steal banking login credentials.  Shylock could also capture data entered on select websites, and then upload it back to its home servers.

Here is what Andy Archibald, NCA’s National Cyber Crime Unit deputy director, said in a statement announcing the police operation:

“This phase of activity is intended to have a significant effect on the Shylock infrastructure and demonstrates how we are using partnerships across sectors and across national boundaries to cut cybercrime impacting the UK.  We continue to urge everybody to ensure their operating systems and security software are up to date.”

At the very least, security experts recommend users update their PCs and mobile OSes with the latest security updates, along with running anti-virus and anti-malware software.  Also, end-users need to be aware of clever phishing attacks using social engineering to trick them into clicking fraudulent links or downloading malicious programs.

Thank you to The Guardian for providing us with this information

Image courtesy of Getty Images

Luis Suárez World Cup ‘Petition’ Phishing Scam Making The Rounds

A clever phishing website is using the popularity of the 2014 FIFA World Cup, compromising users with a website that mimics FIFA’s official website.

Asking football fans to sign a petition in defense of Luis Suarez, a player from Uruguay now notorious for biting Italian national player Giorgio Chiellini.  The website adds each person, required to enter an email address, and could lead users to be added to a spam emailing list, suffer targeted attacks, or receive emails with malicious attachments.

The spoofed website closely matches the design of the official website, and any links redirect to FIFA’s official website, security researchers note.  The domain was created on June 27, 2014 and is tied to a person operating out of London.

Here is what Nadezhda Demidova, Kaspersky Lab Content Analyst, in a statement:

“Armed with users’ email addresses and telephone numbers, cybercriminals can conduct targeted attacks involving banking Trojans for computers and mobile devices.  This technique is used to get round two-factor authentication in online banking systems in cases where a one-time password is sent via SMS.”

Cybercriminals have found great success using social engineering tactics – simply tricking users into turning over their own personal information – and the problem persists.

Thank you to Kaspersky Lab providing us with this information

Image courtesy of Secure List

UK Government Partners With Open University to Teach Cybersecurity Defense

The UK government has partnered with the Open University and plans to launch a cybersecurity course that will open up classes for future candidates.  The multi-year program will hopefully develop students interested in technology to focus on security, which will help boost UK defenses from foreign attack.

As western governments try to wrap their heads around growing cyberthreats, there is a shortage of skilled security specialists.  Unfortunately, it has proven to be a difficult and expensive process, while data breaches and cyberattacks continue to be successful.

Here is what Natalie Black, Cabinet Office deputy director of Cyber Defence and Incident Management said:

“A key tenet of the national cybersecurity strategy is developing the cybersecurity skills we need to keep the UK safe and to do that we have to work together, we have to work through industry and academia.  It goes without saying that the government takes cybersecurity incredibly seriously and we’re investing £860m over the course of five years.”

The United States government wants to recruit cybersecurity specialists for the military – but has struggled to find qualified candidates – especially compared to private sector companies willing to open up their checkbooks.  There are similar efforts to partner with universities and private sector companies to help boost education to create future cybersecurity specialists.

Thank you to The Inquirer for providing us with this information

Image courtesy of Wired UK

Insider Threats Major Concern For Companies, Infosecurity Europe Survey Finds

Insider threats and advanced persistent threats (APTs) were listed as the top threats facing companies, despite increasing cyberattacks from outside criminals, according to a survey taken during Infosecurity Europe.

Companies are being more open about malware attacks, which have been rising – 42 percent of respondents said they have been affected, a drastic over the 18 percent that reported similar incidents last year.  Also worth noting, only 14 percent said they were unaware if hit, which is a significant drop off from the 37 percent in 2013.

Companies are now more cognizant of sophisticated malware and other security threats they must deal with, although still struggle to keep networks, employees, and customers secure.

Here is what TK Keanini, Lancope CTO, said in a statement to Infosecurity:

“The reason being, the attacker here is not triggering security events.  Either through their credentials or ones they have stolen they move around the work without triggering traditional security devices.  Where traditional security devices detect incident from a blacklist, anomaly detection is the perfect complement where a whitelist of good behaviour is known and established and what is not good sticks out like a sore thumb.”

The increasing volume of ransomware, which typically relies on a user to mistakenly click a fraudulent link, indicates there are still many problems to address.  However, decision makers struggle to inform employees how to conduct day-to-day business while minimizing risk of infection.

Thank you to Infosecurity Magazine for providing us with this information 

Companies Struggle to Defend Against Growing Surge of Cyberattacks

Sophisticated cyberattacks are giving security experts around the world complete fits, indicating how serious the problem continues to be. Custom-created malware and cyberattack strategies are easily found online and used to exploit unsuspecting users on a frequent basis.

Most recently, Domino’s Pizza restaurants in Belgium and France suffered cyberattacks, in which hackers stole customer data.  Customer records of around 650,000 were affected by the breach, as hackers demanded a ransom payment or information would be posted online.

Although some companies are stepping up to embrace modern security platforms, the amount of data stored without password-protection and encryption is staggering. A data breach can be costly for companies, but many executives would rather ignore the problem, roll the dice, and hope they aren’t targeted.

If nothing else, it’s clear that companies are struggling in their effort to keep customer and employee data secure from data theft. Once information is stolen and made available on the underground market, it can be hours – or months – before bulk records are sold or traded.

Credit card data, for example, must be distributed quickly, as customers will alert banks to flag stolen data. However, companies that either don’t inform users of a data breach, or are unaware they have been compromised, give cybercriminals better opportunity to get rid of the information at their own leisure.

Thank you Fierce CIO for providing us with this information

GCHQ Wants to Share Cyber Threat Analysis With Private Companies

The GCHQ intelligence agency plans to become more proactive in its fight against cyberattacks, opening up cyber threat intelligence information with private companies. It’s a unique turn of events following former NSA contractor Edward Snowden’s snooping disclosures, which also accused the GCHQ of organized surveillance activities.

To bolster support for the initiative, Cabinet Office minister Francis Maude mentioned how a “state-sponsored” criminal group accessed an account on an intranet government secure network.

Here is what GCHQ said in a statement:

“GCHQ will commit to sharing its classified cyber threat information at scale and pace to help communications service providers protect their customers; starting with suppliers to government networks and then moving on the other sectors of critical national infrastructure.”

The GCHQ hopes to help companies become the first line of security defense against sophisticated cyberattacks – a growing problem, as cybercriminals are becoming increasingly sophisticated when launching attacks. Compromised stolen data is worth big bucks on the underground market, with bulk records from data breaches available for sale.

The UK has seen an uptick of organized attacks from China and Russia, in an effort to steal intellectual property and gain a competitive advantage, which officials are keen to defend.

Thank you to the Engineering and Technology Magazine for providing us with this information

Image courtesy of Wired UK

‘Human Error’ to Blame For 95 Percent of Data Breaches in 2013

Organizations can implement next-generation cybersecurity technologies, but 95 percent of security issues in 2013 were caused by “human error,” according to the IBM Security Services 2014 Cyber Security Intelligence Index.

Companies are struggling to keep employee and customer data secure, and cybercriminals are exploiting these weaknesses.  A major retailer with millions of leaked credit and debit card information could face upwards to £59 million in direct costs that also includes government fines.

Using custom malware is a popular technique, but phishing attacks are an easy way for criminals to compromise data.  Here is what Nick Bradley, IBM Threat Research Group practice lead said in a recent interview with SC Magazine:

“Protecting yourself or a company from a phishing attack is obviously not an easy task.  If it were, phishing would not be as successful as it is.  User education is a powerful tool… teach your employees that they should not provide personal information to unfamiliar requesters.”

The United States and Germany suffered the highest total average cost following a data breach, while Brazil and India have the lowest total average cost.  In 2013 alone, more than 500 million records of personal information were stolen by criminals, with the information sold online.

In addition to companies, colleges and universities that suffer 40,000 or more record losses might lose up to £3.2 million in losses.

Thank you SC Magazine for providing us with this information

Bank of England Unveils New Framework to Defend Against Cyberattacks

The Bank of England officially launched its CBEST framework to help mitigate the risk of cyberattacks, as criminals continually target banks and other financial institutions.

Using guidelines and threat intelligence from the British government and security providers, CBEST is designed to identify attacks against specific banks.  And then attack strategies are replicated so banks are able to test their defenses to try to determine future methods to reduce risks.

In addition, the realistic penetration tests are replicated, with indicators available to assess cybersecurity maturity.  Banks will be able to better understand where and how they are vulnerable – and how IT staff can improve security efforts.

The Digital Shadows UK cyberintelligence company assisted in developing the new testing framework, and it will be monitored and modified as needed.

“The idea of CBEST is to bring together the best available threat intelligence from government and elsewhere, tailored to the business model and operations of individual firms, to be delivered in live tests, within a controlled testing environment,” said Andrew Grace, Bank of England Executive Director, in a statement.  “The results should provide a direct readout on a firm’s capability to withstand cyberattacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability.”

Financial crime is a high-profile target, with cyberattacks targeting financial institutions serving as the second largest source of direct loss from cybercrime, according to McAfee’s “Net Losses: Estimating the Global Cost of Cybercrime” report.

Source: Bank of England.