Posted June 16, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
- Experts sounded the alarm for utilities to watch their physical transmission systems after an intruder broke into a Pacific Gas and Electric Co. (PG&E) 115/12-kV step down transformer distribution substation and shut down its monitoring and control technology before dashing away from on-site security guards. This attack, which took place in late March, is one of many recent attacks that have been plaguing the power industry. Some security experts see these attacks as a new threat – combining physical and cyber security tactics to launch an attack.
- Mark Weatherford, the former deputy undersecretary for cybersecurity at the Department of Homeland Security, says the Office of Personnel Management neglected to take several basic steps that might have helped to prevent a breach that may have exposed the personally identifiable information of 4 million current and former government workers.
- Researchers discovered an infection campaign using a new variant of the banking Trojan Tinba (truncation of “tiny banker”) that targets European banking customers. The Malware: Software that is intended to damage or disable computers and computer systems., which was first discovered in 2012 and was the smallest banking Trojan in circulation by file size at the time, has been enhanced with several capabilities that significantly improve its effectiveness and resiliency. The Tinba infection campaign’s main targets are Poland, Italy, the Netherlands, and Germany. Tinba works by infecting computers, and when a user tries to log in to one of the targeted banks, the malware’s webinjects are deployed. Victims receive anything from fake messages and Web forms asking for personal information, to login credentials or requests to perform a funds transfer.
Legal and Regulations
- A U.S. federal appeals court has ruled that the National Security Agency’s (NSA) bulk collection of certain phone call metadata is unlawful. Metadata is the “transaction information” of a call, and generally concerns information such as the originating and terminating number and the duration of the call. The decision handed down in American Civil Liberties Union v. Clapper may now lay the framework for a change in how the U.S. government balances the data privacy rights of its citizens against the gathering of information on potential terrorist threats.
- The HawkEye keylogger has infected and/or stolen credentials associated with industries including accounting and financial services, cloud services, customs and logistics, foreign trade, government, retail and science and technology.
- After 4 million records may have been stolen and Asia-based hackers are the prime suspects, the government recognizes the usefulness of the DHS EINSTEIN defense system. At this time, the diagnostic of the EINSTEIN system is critical, considering the limitations to detect or protect against new threats. This particular problem is related to scalability and maintainability of legacy systems to the defense industry.
- Europol’s European Cybercrime Centre (EC3) announced on Wednesday the results of a joint international operation targeting a criminal group that used malware and social engineering to steal a large amount of money. According to the EC3, the fraudsters planted malware on the systems of medium and large European companies. The malware allowed them to obtain unauthorized access to corporate email accounts and monitor them for payment requests. When they came across such an email, the fraudsters asked the targeted company’s customer to send the payment to a bank account they controlled instead of the legitimate account. The money was then quickly cashed out through various methods, said the EC3.