The Briefing on Cybersecurity

The latest news, trends and data from the cybersecurity industry

In Data:

Cybersecurity News in Numbers

240,000

The number of US Department of Homeland Security (DHS) employees whose data has been exposed in a breach by a former colleague. The former department employee was found to be in possession for Social Security numbers, dates of birth and employment-related data for 247,167 current and former DHS workers as part of an ongoing criminal investigation.

55 million

The amount in rubles hackers attempted to steal from Russian state bank Globex in December. Using the SWIFT international payments messaging system, cybercriminals attempted to steal equivalent to $940,000, but were thwarted, with customer funds remaining unaffected, according to Globex President Valery Ovsyannikov.

$100,000

The amount it has emerged ride-sharing company Uber paid to hackers that stole data on 57 million drivers and riders in October 2016. Uber paid the money as part of its bug bounty service, which is typically used to reward white hat hackers for discovering security flaws in its software, in return for the deletion of the data. 

$64m

The value of bitcoin stolen from Slovenian cryptocurrency mining marketplace NiceHash, in a hack at the start of December. NiceHash has said that it believes the attack was likely made from a non-EU IP address. The attack is the latest in a string of bitcoin hacks over the last few years, with one of the most high-profile occurring in 2014 leading to the collapse of the target, then the world’s largest bitcoin market Mt Gox. 

********

123 million:

The number of American households detailed on a cloud-based data repository left unsecured online, according to research published in December. The database did not contain names, but did include home addresses and contact information, mortgage and financial details and highly specific purchasing behavior. The data, which was originally created by Experian, was owned by Alteryx. 

Take Action:

Threats You Need to Respond To Now

Check Your Chips

If your company or home contains computers or other electronics with chips from Intel, AMD or ARM – the vast majority of devices – you will need to check for and run any available updates, after a security flaw was identified that could allow hackers to bypass security systems to access passwords. 

Review Your Passwords

With the new year upon us, now is an excellent time to review your passwords, and update any that are used frequently or have not been changed in some time. Focus on using passwords that are strong but easy to remember, such as a combination of easy to remember words or the first letter of every word in a phrase. 

Be Wary of Bluescreens

A scam product that mimics a bluescreen before claiming your computer is missing .dll files and prompting you to spend $25 to purchase the fictional software Windows Defender Essentials is finding its way onto computers via cracked software installers. Known as Troubleshooter, the malware can be removed by following instructions on Malwarebytes.

Cybersecurity Defence:

This Month's Cyber Warfare News

Watershed Attack on Middle Eastern Plant

A watershed attack on a plant in an unnamed Middle Eastern country has been blamed on hackers working on behalf of an as-yet-unknown nation state. The attack targeted industrial safety technology Triconex, which is developed by Schneider Electric, and is the first reported safety system breach at an industrial plant, supporting warnings that hackers are increasingly turning their attention to such infrastructure.

Source: Reuters

North Korea Denies US WannaCry Claims

The North Korean Foreign Ministry has denied that the country is behind the WannaCry ransomware attack that caused widespread chaos in the summer of 2017. The denial was in response to a statement made by the US earlier in the week that blamed the North Korean state, citing evidence provided by both US and foreign intelligence agencies.

Source: EFE

US Government Bans Kaspersky Labs

The US Government has banned the use of Russia-based security firm Kaspersky Labs’ products in federal agencies, amid concerns that the firm has links to state-sponsored spying programs. However, Kaspersky has asked the ban to be overturned, arguing that there is no concrete evidence of a link, and that the ban is damaging their US business.

Source: CNET

Vietnam Unveils 10,000 Strong Cyber Unit

Vietnam has announced that is deploying a vast cyber warfare unit to combat what the government describes as “wrongful views” that are proliferating online. The unit, Force 47, has 10,000 employees and is focusing on online content that is critical of the Vietnamese government, including YouTube videos and posts on social networking sites such as Facebook.

Source: Bloomberg

Share this article