Sony Reportedly ‘Spooked’ It Could Be Victimized by Cyberattack Again

Sony Pictures Entertainment is still trying to recover from a major data breach that saw several movies leaked online, personal employee data stolen, and confidential emails published for the world to see.

It looks like the company is worried it could be victimized again after the scheduled Christmas release of “The Interview,” which features Seth Rogen and James Franco. Considering the FBI noted that 90 percent of companies would likely fall victim to the same type of attack, it will be curious to see if Sony is able to quickly improve its defenses.

“They are spooked,” according to an anonymous government source, when speaking of Sony’s recent experiences following the data breach. The Department of Justice’s National Security Division is investigating the breach, indicating the federal government wants to verify if a foreign state government could be involved.

The FBI hasn’t been able to determine what hacker group is behind the breach, while a group called the “Guardians of Peace” claimed credit. Alleged ties to North Korea, which haven’t been verified, continue to seem like a possible source involved in the attack.

(Image courtesy of The Huffington Post)

UK National Crime Agency Arrests Five in Cybercrime Sweep, While Threats Continue

As part of an international operation targeting cybercriminals using remote access tools (RATs) to hijack computers, five people were arrested in the UK. There is an international effort to promote cybersecurity for both consumers and businesses, along with trying to crack down against cybercriminals.

The National Crime Agency (NCA) arrested the five suspects on Nov. 19 and Nov. 20, with a 20-year-old, one 30-year-old, two 33-year-olds, and a 40-year-old suspect detained in the national sweep.

Here is what Andy Archibald, director of the NCA’s National Cyber Crime Unit, said (via press statement):

“This operation demonstrates once again that all of UK law enforcement is working to respond effectively to cyber crime, and together we will continue to collaboratively target those who use technology to misuse other people’s devices, steal their money, or unlawfully access confidential information. Anyone who is tempted to get involved in this type of crime should understand that it can result in prison time, and substantial restrictions on your life afterwards.”

The first layer of protection against installing RAT software, and malware, is to be careful when clicking on links and attachments in emails – or while browsing the Internet. However, cyberattacks are increasing in sophistication, as the criminals behind these operations perfect their craft, with serious money available to them when successful.

Peter Goodman, from the East Midlands Deputy Chief Constable, had this to say:

“Cybercriminals are using very sophisticated technology to breach online security systems and to conceal their digital tracks. However, the police forces in the UK and overseas have the expertise to identify and disrupt those who are determined to access computers in order to steal data or to commit serious offences, wherever they are in the world.”

(Thank you to the NCA for providing us with this information. Image courtesy of NCA Twitter)

“Zombie Zero” Malware Starting The XPocalypse For Ageing Windows XP Systems

The end of official support for Windows XP passed in April this year and since then Microsoft has warned of the security risks of continuing to use the outdated OS. Microsoft no longer issues core OS security updates for Windows XP users unless they have purchased expensive personalised support packages from Microsoft. According to Microsoft this makes unprotected Windows XP systems five times more vulnerable to security risks and viruses.

It looks like time could now be running out for Windows XP users as Security Company TrapX warns of a Windows XP based malware infection that is spreading rapidly among business XP systems. The malware allows cybercriminals to steal documents and sensitive data: a huge problem for businesses that run a vulnerable version of Windows XP.

The Zombie Zero malware started in China after terminal scanners running Windows XP embedded were injected with the malware infection. This infection is able interfere with these Windows XP systems and spread the malware further with the help of a centrally controlled Chinese-based botnet. The security issue isn’t necessarily an XP-only problem but security firm TrapX notes that Windows XP systems are more vulnerable given the number of security exploits that exist for it.

Source: Softpedia

Image courtesy of Microsoft

Mobile Bitcoin Mining Isn’t Worth The Effort, Unless You’re a Cybercriminal

Trying to mine for bitcoins using mobile devices won’t become an industry trend anytime soon, except for cybercriminals hijacking unsuspecting users.

Even if cybercriminals hijack smartphones and tablets, which has been noted in the past few months by security researchers, it still will be a slow, tedious process.  Devices hijacked with a mining Trojan tend to run hotter, battery levels drop significantly faster, and phone performance drags to a crawl, which is when users will likely notice the problem.

Using a single Samsung Galaxy SIII smartphone mining for 24 hours earns just .00000007 bitcoin – and it’d take more than 14 million devices to mine a single bitcoin each day, according to security firm Lookout.

Here is what Olaf Carlson-Wee, Operations at Coinbase, recently noted:

“To make mobile mining profitable, phones would need more powerful processors at a cheap cost.  Even if this were the case, mobile phones will never compete with hardware specifically designed to mine efficiently, like bitcoin ASICs (application specific integrated circuits).”

Mining for bitcoins effectively takes a mix of computer hardware, time and electricity to make it successful – and it will remain a difficult business model to adapt.

Criminals will continue hijacking PCs and mobile devices to steal banking information, conduct click fraud schemes, and compromise users to demand ransoms.  However, security experts still recommend users be aware of mining threats, and run anti-malware and anti-virus solutions on PCs and mobile devices.

Thank you to Lookout for providing us with this information

Image courtesy of New Bitcoin World

Luis Suárez World Cup ‘Petition’ Phishing Scam Making The Rounds

A clever phishing website is using the popularity of the 2014 FIFA World Cup, compromising users with a website that mimics FIFA’s official website.

Asking football fans to sign a petition in defense of Luis Suarez, a player from Uruguay now notorious for biting Italian national player Giorgio Chiellini.  The website adds each person, required to enter an email address, and could lead users to be added to a spam emailing list, suffer targeted attacks, or receive emails with malicious attachments.

The spoofed website closely matches the design of the official website, and any links redirect to FIFA’s official website, security researchers note.  The domain was created on June 27, 2014 and is tied to a person operating out of London.

Here is what Nadezhda Demidova, Kaspersky Lab Content Analyst, in a statement:

“Armed with users’ email addresses and telephone numbers, cybercriminals can conduct targeted attacks involving banking Trojans for computers and mobile devices.  This technique is used to get round two-factor authentication in online banking systems in cases where a one-time password is sent via SMS.”

Cybercriminals have found great success using social engineering tactics – simply tricking users into turning over their own personal information – and the problem persists.

Thank you to Kaspersky Lab providing us with this information

Image courtesy of Secure List

‘Copyright Infringement’ Notice With Trojan Software Hits 30,000 Users

Cybercriminals are targeting users with an email that looks like a copyright warning from popular music and movie studios, but instead has an attached Trojan designed to infect users.

It might look like an email from music labels Sony or EMI – or movie studios Paramount and Dreamworks – but it’s not a legitimate email.  Instead, Internet users in Germany are being targeted by emails that demand payment within 48 hours.

The final line of the email reads: “For details see the attached document XXXXXXXXX.zip” – and features an attachment that compromises users and steals personal information.

Interestingly, the criminals use a rather unique social engineering technique, including contact information of legitimate law firms.  Typically phishing emails are completely made up and do not have real contact information, though this has led to one law firm, Sasse & Partner, to release a statement that it is not involved with these emails.

Attorney Christian Solmecke had this to say:

“It is very likely that the zip file contains a virus, designed to spy on credit card and account information.  The floodgates would then be opened to online banking fraud and identity theft.  For this reason, all users that have opened the ZIP file attachment should check their PC immediately with a virus scanner and install the security updates for their anti-virus software.”

Thank you to Torrent Freak for providing us with this information

Cybersecurity Insider Threats Dangerous and Difficult to Defend Against


Cybersecurity experts are finding it difficult to keep hackers out of their networks, but the risk of insider threats continues to cause headaches.  It’s a troubling epidemic because most system and network security systems are designed to keep outsiders from breaching current infrastructure.

To make matters worse, 75 percent of insider crimes are underreported and don’t typically lead to prosecution – a troubling fact that insider threats normally cost more to combat, according to a US State of Cybercrime study published earlier in the year.

There will be a major effort to try to limit insider threats, with better monitoring services to better track what is being accessed.

Here is what Ron Ross, National Institute of Standards and Technology information risk management leader in “Security Agenda”:

“We talk about the geeks inheriting the world.  You got the system admins sitting on top of a treasure trove of gigabytes of classified information and they really have a lot of power out there.  And, it’s going to be really important that we take extraordinary measures where those assets are very critical to make sure one person can’t bring down the entire organization.”

The risk of insider threats is more prominent for governments, financial institutions, and critical infrastructure, security researchers say.  Stolen information is highly valuable on the black market, with cybercriminals interested in selling and trading data.

Thank you to the Information Security Media Group for providing us with information

Image courtesy of Blogs Absolute

Avast Releases Free Tool to Remove Simplocker Ransomware From Hijacked Phones


Security company Avast has announced the release of the avast! Ransomware Removal, a new tool designed to help compromised Google Android users decrypt files on devices hijacked by Simplocker.

If you’re not familiar, Simplocker is a nasty ransomware, and even though it was coded in a way that allowed security experts to quickly figure it out, it is still infecting Android-powered smartphones and tablets.  The malware encrypts files on the phone’s SD card, locks the device, then makes the victims pay a ransom in exchange for control of their phone again.

Here is what Ondrej Vlcek, Avast Software COO, said in a press statement:

“Simplocker blocks access to files stored on mobile devices.  Without our free ransomware-removal tool, infected users have to pay £12.50 to regain access to their personal files.  Even though we are seeing exponential growth in ransomware on mobile devices, most of the threats to encrypt personal files are fakes.  Simplocker is the first ransomware that actually encrypts these files, so we developed a free tool for people to restore them.”

The Avast! Ransomware Removal is now available via Google Play.

A student from the University of Sussex created a Java key that can be used to unlock the ransomware from compromised devices.  It’s important to see this types of tools released, because it seems like the current version of Simplocker is just a trial run for cyber-criminals to improve their skills.

Thank you to Avast for providing us with this information

Image courtesy of Avast

‘Human Error’ to Blame For 95 Percent of Data Breaches in 2013


Organizations can implement next-generation cybersecurity technologies, but 95 percent of security issues in 2013 were caused by “human error,” according to the IBM Security Services 2014 Cyber Security Intelligence Index.

Companies are struggling to keep employee and customer data secure, and cybercriminals are exploiting these weaknesses.  A major retailer with millions of leaked credit and debit card information could face upwards to £59 million in direct costs that also includes government fines.

Using custom malware is a popular technique, but phishing attacks are an easy way for criminals to compromise data.  Here is what Nick Bradley, IBM Threat Research Group practice lead said in a recent interview with SC Magazine:

“Protecting yourself or a company from a phishing attack is obviously not an easy task.  If it were, phishing would not be as successful as it is.  User education is a powerful tool… teach your employees that they should not provide personal information to unfamiliar requesters.”

The United States and Germany suffered the highest total average cost following a data breach, while Brazil and India have the lowest total average cost.  In 2013 alone, more than 500 million records of personal information were stolen by criminals, with the information sold online.

In addition to companies, colleges and universities that suffer 40,000 or more record losses might lose up to £3.2 million in losses.

Thank you SC Magazine for providing us with this information

Irish Netflix Users Warned of Growing Phishing Security Issues


Netflix users in Ireland have been warned of a phishing scam that asks users to update their payment information or their accounts will be suspended.  There are around 175,000 Irish Netflix users, and it’s unknown how many customers received the phishing email.

If users click on the fraudulent link, they are taken to dummy page that requires financial information to be entered.

Here is what Ronan Murphy, IT security firm Smarttech.ie, said in a recent statement:

“Phishing scams like the Netflix one, pray on people’s tendency to trust the authenticity of message and the company logo.  Once the criminals carrying out the scam have collected enough information from the unsuspecting victims, they can use it for credit card fraud or identity theft.  As a general rule, one should always be wary of any unsolicited emails or messages looking for your personal information or credit card details, no matter how genuine they look.”

Murphy said users should immediately delete the email – and shouldn’t provide any financial details if they did click the link.  Netflix subscribers with any account questions should contact Netflix directly: 0843 506 9267 or https://www.facebook.com/NetflixUK

Phishing remains a serious threat to Internet users, with security specialists warning everyone to be careful on emails they open, links that are clicked, and to be careful not to provide any personal or payment information to suspicious websites.  If in doubt, contact the company or bank directly to resolve any problems.

Thank you Irish Times for providing us with this information

Image courtesy of Digital TV Europe