Cyveillance Weekly Trends Report – November 4, 2014

Welcome to the Cyveillance Weekly Trends Report

Since threat intelligence is constantly evolving, we publish this weekly report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below, and follow us on Twitter, and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

Top Incidents

Insurance/Healthcare

• California Attorney General Kamala D. Harris recently released the second annual report detailing the 167 data breaches reported to the Attorney General’s office in 2013 that impacted 18.5 million Californians, putting their personal information at risk. The report is accompanied by recommendations from the Attorney General for consumers, businesses, and lawmakers on how to protect against data breaches and prevent them in the future. More than half of the 2013 breaches (53 percent) were caused by computer intrusions, such as malware and hacking. The remaining breaches resulted from physical loss or theft of laptops or other devices containing unencrypted personal information (26 percent), unintentional errors (18 percent) and intentional misuse (four percent).

Financial Services

• Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, resulting in temporary disruptions to some services while cyber security teams worked to contain the intrusion.

Legal and Regulations

• On October 17, 2014, President Obama signed an Executive Order designed to improve the financial cyber security of consumer financial transactions. The Executive Order requires the federal government to take steps to implement greater security protections for governmental payments, including government-issued payment cards, and to protect sensitive data about individuals that is collected and made available online by implementing, for example, multiple factors of authentication. In addition, federal agencies are required to assist and co-ordinate efforts to combat identity theft in conjunction with the Federal Trade Commission (FTC) and its www.identitytheft.gov website.

Retail

• Merchant Customer Exchange (MCX) notified adopters of CurrentC, a mobile payment app currently hosted in a trial phase, of an intrusion that revealed the email addresses of those with accounts for the testing program. The company reported that it is investigating and believes the intrusion was a result of a third-party vulnerability.

Telecommunications

• German Telecom implemented national email routing for domestic consumers, meaning that emails between the company’s customers will not leave Germany on the way from sender to addressee. Both parties of the email exchange are required to be Telecom customers. Telecom CEO Höttges suggested earlier that transferred data should not leave Germany or Schengen countries after news related to the Snowden leaks about foreign government interference broke. However, his suggestion was met with some hesitation, as routing through third countries might at times provide cost advantages. German Telecom is offering its interested business clients that data will  not leave the European Union.

Entertainment

• A former CBS journalist claims to have had her computer hacked and files deleted directly from her hard drive. In her new book, Sharyl Attkisson describes the incident, which she alleges occurred in 2012 while she was covering the Benghazi scandal.

Defense

• A sophisticated cyber espionage campaign called Axiom has been targeting U.S and Western government agencies, as well as dissidents within and outside China. It has been primarily targeting intelligence that benefits Chinese domestic and international policies, including snooping on dissidents; industrial espionage and stealing intellectual property. Cyber experts claim to have traced the Axiom attacks to the 2009 cyber operation against Google in China and other U.S. companies known as “Operation Aurora.” Cyber security expert from Novetta described the group as “highly sophisticated and very prolific cyber espionage team.”

Law Enforcement

• The FBI is seeking new authority to hack into computers and spy on their users, the Guardian reports. The Justice Department is requesting that an obscure regulatory advisory board change the rules of searches and seizures. The two will meet November 5, 2014. Civil liberties groups claim the new rules would violate the first and fourth amendments and are questioning why the Justice Department is seeking the permission without public debate or congressional oversight.

Cyveillance clients get access to the entire Weekly Trends Report, covering all of the above topics and much more. Contact us to find out how we can help your organization.