Posted February 25, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
- A leading Russian cybersecurity firm estimates the Anunak – a.k.a. Carbanak – gang has now stolen up to $1 billion from banks all over the world, in part by using “jackpotting” malware that infects ATMs. The majority of the targets were in Russia, but many were also in Japan, the United States and Europe.
- Domain name servers (DNS) are being used to exfiltrate information, by taking DNS requests to tunnel stolen data. The malwares identified were FeederBot, Morto, and FrameworkPOS were spotted using DNS.
Legal and Regulations
- This month, bipartisan legislation was introduced in the California Senate that would require law enforcement to get a search warrant before accessing a person’s digital information. The proposed California Electronic Communications Privacy Act (S.B. 178) is broadly written to protect “any information about an electronic communication or the use of an electronic communication service”, including contents, location, metadata and other personally identifiable information. This bill has strong support from tech giants Google and Facebook, as well as the Electronic Frontier Foundation and the ACLU of California, among others.
- The US State Department confirmed its non-confidential e-mail system suffered a security breach over the past three months, and is still unable to drive the hackers out of the network.
- Adults aren’t the only ones who can have their identity stolen. Tens of millions of American children had their Social Security numbers, date of birth, and health care ID numbers stolen in the recent data breach at health insurance giant, Anthem Inc.
- Internet entrepreneur Kim Dotcom has launched the public beta of an end-to-end encrypted video and audio chat service called “Megachat,” which supposedly gives better protection than alternatives such as Skype and Google Hangouts. Dotcom’s supposed “MegaNet” would be immune to global mass surveillance conducted by governments or corporations and would not be based on IP addresses.
- Google is fighting attempts by the Justice Department to get permission for the FBI to search and seize digital data in what the search engine giant said would make it possible for the “hacking of any facility” in the world. The Advisory Committee on Criminal Rules that is considering the proposal received a sharply worded letter from Google that warns the new FBI powers would raise “monumental and highly complex constitutional, legal and geopolitical concerns that should be left to Congress to decide.” The proposed changes would allow the FBI to remotely search computers from anywhere in the world, “giving the US government unfettered global access to vast amounts of private information,” The Guardian wrote.
Cyveillance clients get access to the entire Weekly Trends Report, covering all of the above topics and much more. Contact us to find out how we can help your organization.