Posted May 5, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
Top Cyber Security Incidents
- A letter was submitted to the Chinese Embassy in London by ten EU-based NGO’s asking China to take action in the global glyphosate debate. China plays a large role in the glyphosate market as the largest producer of the herbicide and also the largest consumer of GM soy beans which are grown with the use of glyphosate. While there is general support for GMO’s by the Chinese government, some restrictions have been put on GMO imports due to rising awareness of the public of food contamination.
- The official federal tally of major health data breaches shows that the healthcare sector continues to be a growing target for hackers, including those waging phishing attacks. As of April 29, the Department of Health and Human Service’s “wall of shame” website of breaches affecting 500 or more individuals shows 1,213 incidents affecting more than 133.2 million individuals since September 2009, when the HIPAA breach notification rule went into effect. One incident, the recent hacking attack against health insurer Anthem Inc., accounts for 78.8 million of those victims.
Legal and Regulations
- Facebook is defending a lawsuit filed last week in the US alleging that its face-recognition technology breaches a law prohibiting collection of biometric data without informed written consent. At the center of the challenge is the feature which scans faces of users’ photos and suggests tags as users have not consented to the collection and storage. Damages of USD 5,000 per violation are being sought for the “intentional and reckless” violation in the class action led by plaintiff Carlo Licato.
- An old point-of-sale (PoS) malware has been used by cybercriminals to target the customers of resorts, hotels, and casinos in North America and other parts of the world, Trend Micro has warned. The threat, known as RawPOS, has been around since 2008 and is considered one of the earliest pieces of malware designed for credit and debit card data theft. Last month, Visa issued a security alert to warn lodging merchants that malicious actors had been infecting global organizations with RawPOS at an alarming rate. One of the more recent incidents involving this piece of malware was the C&K Systems breach, which affected Goodwill Industries International.
- The FBI has obtained information which indicates that since at least mid-March, Internet traffic destined for websites that use web resources from a China-based web services provider have been manipulated to create cyber-attacks directed at US-based websites. Analysis by the U.S. government indicated that Internet traffic which originated outside China, was intercepted and modified to make unsuspecting users send repeated requests to US-based websites.
- Findings from a report by MeriTalk and Splunk on the state of cyber security in Federal, State, and local government agencies revealed that cyber threats exist on government networks for an average of 16 days without detection, and that 68 percent of respondents reported that their organizations are overwhelmed by the volume of security data they must analyze. Respondents also reported the benefits of big data in analytics and the challenges they face due to lack of skill or time, among other findings.
- The Justice Department plans to help police departments equip officers with body cameras, The Washington Post reports. The DOJ is launching a pilot program to determine the impact of the cameras, which come at a time when protesters nationwide are accusing police of unlawful force and racism. The plan is to spend nearly $20 million on cameras for dozens of departments