Posted February 23, 2016
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“A federal judge has dismissed several claims but allowed others to go forward in a multidistrict litigation against health insurer Anthem Inc over a data breach last year that compromised about 79 million customers’ personal information.
In an order issued Sunday, U.S. District Judge Lucy Koh of the Northern District of California addressed only nine claims out of hundreds in the case. Koh had ordered the parties to choose the small sample of claims last October for the initial round of motions to dismiss, in order to promote resolution.”
“The hacktivist group Anonymous announced its plan to attack leading financial services companies on Monday, February 8, 2016, starting at 6AM UTC with the goal of taking down their websites and services. To accomplish this, they will equip attackers with dedicated VPN and LOIC tools to launch simultaneous Denial of Service (DoS) attacks and encourage protesters to accompany the operation by protesting in front of the Bank of England and New York Stock Exchange.”
Legal and Regulations
“The Cybersecurity Information Sharing Act of 2015 (CISA) provides limited liability protection and information disclosure protections for private-to-private and private-to-government cybersecurity information sharing. On February 16, 2016, two key U.S. agencies released a set of documents describing how CISA’s provisions are expected to work in practice. The materials released by the Department of Homeland Security (DHS) and the Department of Justice (DOJ) include:
- Guidance for non-Federal (mostly, private-sector) entities on the sharing of cyber threat indicators and defensive measures;
- Guidance for Federal entities on the sharing of cyber threat indicators and defensive measures;
- Interim procedures related to the receipt of such information by the federal government; and
- Privacy and civil liberties interim guidelines.”
“The surge in fraudulent e-commerce transactions which was predicted in the wake of U.S. EMV compliance may already be happening.
According to the new Online Fraud Index from payment platform provider Pymnts.com and security technology vendor Forster, fraud attacks on U.S. online retailers rose 163% during the first three quarters of 2015. Interestingly, this large increase in online fraud preceded the Oct. 1, 2015 EMV mandate, although many retailers had already begun or even completed EMV compliance efforts during that time.”
– Retailing Today
“A U.S. magistrate ordered Apple Inc. on Tuesday to help the Obama administration hack into an encrypted iPhone belonging to one of the shooters in the December attack in San Bernardino, California, in a first-of-its-kind ruling that pits digital privacy against national security interests.
The ruling by Magistrate Judge Sheri Pym, a former federal prosecutor, requires Apple to supply highly specialized software the FBI can load onto Syed Farook’s work iPhone to bypass a self-destruct feature, which erases the phone’s data after too many unsuccessful attempts to unlock it. The FBI wants to be able to try different combinations in rapid sequence until it finds the right one.”
“British police said Friday they had arrested a teenager on hacking charges, as media reports said the youth was suspected of cracking the personal accounts of top US intelligence officials.
The news followed a series of bold hacking attacks for which credit was claimed by someone with the screen name “Cracka” who targeted top officials at the CIA, FBI, Homeland Security, the White House and other federal agencies.”