Tag Archives: cyber security news

Cybercrime May Be the World’s Third-Largest Economy by 2021


As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.

Putting things into perspective: Walmart, which racks up America’s greatest firm earnings, generated a mind-blowing $514 billion in revenue last year. Yet cybercrime earns 12 times that. Both sell a huge variety of products and services. In fact, in terms of earnings, cybercrime puts even Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart to shame. Their combined annual revenue totals “just” $1.28 trillion. 

Cybercrime is undergoing an industrialization wave and offers everything that a regular legal company does: product development, technical support, distribution, quality assurance, and even customer service. Cybercriminals rob and then sell new technologies or secret strategic plans that will give their buyers an edge over their competitors. Hackers steal military secrets, renewable energy innovations, and more. 




Top of The Cyber News

Hackers Use COVID-19 Tracking Map to Hide Spyware(March 18, 2020)
 Hackers have weaponized a legitimate COVID-19 tracking map to deliver spyware. Known as SpyMax, the malware can exfiltrate logs for texts and phone calls, and allows the attackers to activate microphones and cameras. The malware appears to be being used to spy on people in Libya.
Read more in:
– www.cyberscoop.com
: Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19-tracking map

Food Delivery Service in Germany Targeted with DDoS Attack(March 19, 2020)
 Hackers have launched a distributed denial-of-service (DDoS) attack against the website of a food delivery service in Germany. The hackers demanded a ransom of 2 bitcoins to stop the attack. Lieferando.de, the German branch of Takeaway.com, is back online; it is not clear if they paid the ransom.
Read more in:
– www.bleepingcomputer.com: Food Delivery Service in Germany Under DDoS Attack

Mandiant Ransomware Research Shows Window of Opportunity For Defenders(March 16 & 18, 2020)
 According to researchers from Mandiant, most ransomware does not deploy until at least three days after attackers have gained their initial foothold in a system. In some cases, the dwell time was much longer. Mandiant looked at “dozens of ransomware incident response investigations from 2017 to 2019.” The researchers also found that most ransomware infections occur at night or on weekends. The blog post notes that “there is often a window of time between the first malicious action and ransomware deployment. If network defenders can detect and remediate the initial compromise quickly, it is possible to avoid the significant damage and cost of a ransomware infection.”
Read more in:
– www.fireeye.com: They Come in the Night: Ransomware Deployment Trends

Social Media Turning to AI for Moderators(March 17 & 18, 2020)
 Earlier this week, Facebook users began noticing that their COVID-19-related posts were being taken down. They received notifications from Facebook which said the posts violated community standards. Facebook says the issue was due to a bug in its anti-spam filter. Facebook’s content moderators had been sent home; they cannot work from home due to privacy agreements. Twitter and YouTube have also said they are sending home their content monitors. Some researchers are concerned that with content moderators absent, much of the decision-making regarding permissible posts will be left to automated systems.

Read more in:
– www.wired.com: Coronavirus Disrupts Social Media’s First Line of Defense

Weekly updates: Top of The News

Coronavirus: More Companies Backing Out of RSA Conferences

AT&T Cybersecurity and Verizon have decided not to attend the RSA Conference in San Francisco this week, citing concerns about the coronavirus. IBM announced its decision not to attend RSA on February 15. The conference is taking place this week as scheduled. Sony and Facebook’s Oculus have pulled out of the Game Developer Conference scheduled for March 16-20 in San Francisco. Coronavirus worries have already caused the cancellation of the World Mobile Congress that was to have taken place in in Barcelona February 24-27. Black Hat Asia 2020 has been postponed to fall 2020, and Cisco has cancelled its Cisco Live! Conference that was scheduled to be held in Melbourne, Australia early next month.

Read more in:
– www.scmagazine.com: AT&T, Verizon join RSA exodus over Coronavirus fears

Car Thieves Disabling OnStar, Replacing Vehicle Computers(February 11, 2020)
 In “a recent string of stolen Chevrolet Silverado pickups,” thieves disabled the OnStar anti-theft technology almost immediately, reducing the likelihood of the vehicles’ recovery. Surveillance video has shown how fast the thieves operate – pop the lock, open the hood, change the computer, and disable OnStar tracking.
Read more in:
– gmauthority.com
: Chevrolet Silverado Thieves Disable OnStar Tracking

Median Dwell Time for Breaches is Falling Worldwide

According to the M-Trends 2020 Report, the global median “dwell time” – the time from initial intrusion to detection – fell from 78 days to 56 days in just one year. The report also found that while intrusions are being detected more quickly, they are more often discovered by third parties rather than internally.

Read more in:
– content.fireeye.com: M-Trends 2020 (PDF)
– www.zdnet.com: Cybersecurity: Hacking victims are uncovering cyberattacks faster – and GDPR is the reason why

U.S. Defense of Department DISA Breach Exposed PII of 200,000 People(February 20 & 24, 2020)
 The US Department of Defense’s (DoD’s) Defense Information Systems Agency (DISA) has acknowledged a network breach that compromised the personal information of at least 200,000 individuals. On February 11, 2020, DISA sent letters to the people whose data were compromised, telling them that the breach occurred between May and June 2019. DISA secures and manages White House communications.
Read more in:
– threatpost.com: Data Breach Occurs at Agency in Charge of Secure White House Communications

Wyden Pushing for Release of ShiftState Voatz Audit Results

US Senator Ron Wyden (D-Oregon) is asking a company that conducted an audit on the Voatz mobile voting app to disclose the results. While ShiftState’s audit gave Voatz “high marks,” researchers at MIT recently published a paper enumerating security concerns present in Voatz. Specifically, Wyden wants to know how many “ShiftState personnel that audited Voatz [have] experience in election security, cryptographic protocol design and analysis, side channel analysis, and blockchain security;” whether ShiftState detected the same flaws the MIT researchers found; and whether the company agrees or disagrees with the MIT findings and why.

Read more in:
– www.meritalk.com
: Sen. Wyden Questions ShiftState on Voatz Audit

CyberNews: Top headlines

Exposing North Korea’s Malicious Cyber Activity(February 14, 2020)
 The US Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense (DoD) have jointly disclosed a list of malware variants that are being used by hackers working on behalf of the North Korean government. Read more in:
– www.us-cert.gov: North Korean Malicious Cyber Activity

Iranian Hackers Infiltrating VPN Servers to Plant Backdoors

Researchers from ClearSky say that hackers working on behalf of Iran’s government have been exploiting vulnerabilities in VPN servers to install backdoors on networks at companies around the world. The hackers have targeted organizations in the IT, telecommunications, oil and gas, government, and security sectors.

Read more in:
– www.zdnet.com
: Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world

Coronavirus: IBM Says No to RSA, Facebook Cancels Marketing Meeting, Black Hat Asia Postponed.
 IBM said it will not attend the RSA Conference in San Francisco next week due to concerns about the coronavirus. RSA Conference executives say the event will go on as planned, from February 23-28. In related stories, Facebook has cancelled a marketing summit that was to have taken place in San Francisco in early March, and the organizers of Black Hat Asia have postponed a conference that was scheduled to be held in late March in Singapore.

Read more in:
– www.scmagazine.com: IBM pulls out of RSA over coronavirus fears
– www.theregister.co.uk: Roses are red, IBM is Big Blue. It’s out of RSA Conference after coronavirus review: IBMers will not attend infosec event over ‘health concerns’

Corp.com Domain For Sale, Raises Specter of Namespace Collision(February 8 & 14, 2020)
 The corp.com domain is for sale. Administrators running Active Directory in their networks are urged to check their network configuration to ensure that the domain is not being used internally; some versions of Windows have used corp and corp.com as the default path for internal sites. If a user tries to access an internal site from outside the organization’s network, they could run into namespace collision, “a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.” The danger of exposing sensitive information through namespace collision is not theoretical.

Read more in:
– krebsonsecurity.com
: Dangerous Domain Corp.com Goes Up for Sale

CyberNews:Top of The News

Malware Found on Indian Nuclear Plant Network

The Nuclear Power Corporation of India Ltd. (NPCIL) detected malware on its network earlier this year, but noted that the affected computer was part of the plant’s administrative network and isolated from the critical internal network.” NPCIL learned of the infection from the government’s cybersecurity agency in early September. Dtrack, the malware that was found on the computer, shares some code elements with malware used by a North Korean hacking group. (Please note that the WSJ story is behind a paywall.)

Read more in:
– www.zdnet.com
: Confirmed: North Korean malware found on Indian nuclear plant’s network

Utah Renewable Energy Provider Hit with Cyberattack in March

sPower, a Utah renewable energy company, was hit with a cyberattack in March of this year, causing it to lose communication connections with several of its solar and wind power generation sites for brief periods of time. The March 5 attack is believed to be the first recorded cyberincident that caused a disruption to the power industry. The attackers exploited a known vulnerability in a Cisco firewall to create a denial-of-service condition

Read more in:
– www.cyberscoop.com
: Utah renewables company was hit by rare cyberattack in March

Hackers Infect QNAP NAS Devices with Malware

Thousands of QNAP network-attached storage (NAS) devices have been infected with malware. The National Cyber Security Centre of Finland (NCSC-FI) detected the malware, known as QSnatch, last week. The malware’s capabilities include preventing firmware updates, preventing a malware removal app from running, and stealing usernames and passwords. Currently the only confirmed way to remove QSnatch from infected devices is to do a factory reset.

Read more in:
– www.zdnet.com
: Thousands of QNAP NAS devices have been infected with the QSnatch malware

Facebook Sues NSO Group Alleging It Used WhatsApp Accounts to Infect Phones with Spyware

Facebook has filed a lawsuit against NSO Group, alleging that the company created WhatsApp accounts and used them to make calls to their targets, infecting them with Pegasus spyware. The alleged targets include lawyers, journalists, human rights activists, and political dissidents. (Please note that the WSJ story is behind a paywall.)

Read more in:
– faq.whatsapp.com: Protecting our users from a video calling cyber attack
– qz.com: A WhatsApp hack used Israeli spyware to target Rwandan dissidents