stock_fluctuating_talktalk

This past week was characterized by the breach at TalkTalk, a British telco. Analysts are still estimating the financial damage while the stock is fluctuating. Then there are the banking Trojans that are taking new form, but are still rooting from the same stinky Trojan, and finally, the FBI lists out its initiatives in front of the House Judiciary Committee.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Breaches

TalkTalk, a British telco, is experiencing a third data breach this year.  CEO, Dido Harding received an email with a ransom demanding £80,000 (USD $122,000), which triggered the investigation of what Harding is calling a “sequential attack”.

http://www.theregister.co.uk/2015/10/27/talktalk_incident_management_review/

Why is this signficant?

  1. Reports are mixed on how the attack started; possibly started with a DDoS attack acting as a smoke-screen for a later SQL injection (SQLi) attack, then followed up with a social engineering ploy.
  2. There are reports that this is TalkTalk’s third attack this year, the first one in February 2015 and the second in August 2015.  This time around, reports released news that a fifteen year old boy in Ireland was captured relating to this breach.  While the industry is concerned about the growing threat of highly sophisticated attacks, we cannot forget also the basics of security such as defending against common Web attacks.
  3. The cost to the business? TalkTalk’s shares have been fluctuating since the news broke of the cyber attack, at first the shares plummeted shortly after the news was released, and went back up after the fifteen year old boy’s release  The costs of the TalkTalk cyber attack are estimated by analysts to be more than £50million to £70million in lost revenue and other analysts predict the cost to be hundred of millions.  Not to mention the legal fees - lawyers are stating that it could be a possible £1,000 payout for thousands of customers, as well as increasing fines once the UK ICO gets involved.

Threat and Security Landscape

1. G DATA Security Labs announced their malware report with significant findings for the first half of 2015.  Findings included the discovery of 12 new malware strains per minute, bringing up the increase to 64.8 % compared to the same period last year. 

https://www.gdata-software.com/g-data/newsroom/news/article/g-data-releases-malware-report-for-the-first-half-of-2015

Why is this signficant?

  1. The report states that there are over three million strands of malware in existence.  While signature-based AVs were effective in the “old days” where malwares appeared every once in a while, it’s clear that these signature-based solution cannot scale to such a large amount.
  2. Healthcare-related sites come in first as hosting malicious content. The study shows that 26.6% of healthcare sites are reported to be malicious, above technical sites at 11.6% and pornography sites at 9.6%. Healthcare has witnessed an influx of malvertising ads. In particular, "Money Rain”, a malvertisement campaign where “get quick rich” ads led to malware containing malware, was a popular attack campaign hitting the healthcare scene.
  3. Banking Trojans are reported to have been at an all-time high in the first half of 2015. Researchers have speculations that the banking Trojans may be rising for the first time since 2012. In particular, the researchers saw a spike in Gozi and Swatbanker.

** Customers of enSilo are protected from bankers**

 

2. In a recent statement before the House Judiciary Committee Washington, D.C., the F.B.I. Director, James B. Comey addressed several threats on the National Security forefront, including the cyber operations in place to lessen the gap between the changing forms of Internet communication and the tools to address to identify and protect against terrorist activity - what the F.B.I. terms as “Going Dark”.

https://www.fbi.gov/news/testimony/oversight-of-the-federal-bureau-of-investigation-7

Why is this signficant?

Highlighting several points:

  1. Comey addresses the ever changing attack methods including Cryptolocker, the ransomware that encrypted victim’s files and asked for ransom in order to decrypt the files.  The F.B.I. was actively working on the victims computers encrypting and decrypting when CryptoWall, a new version ransomware was released.  “ Our estimates are that there are more than 800,000 victims worldwide, with demands for ransom ranging anywhere from $200 to $5,000. We’re working with our partners overseas to bring down CryptoWall, just like we brought down its predecessor.”
  2. Counterintelligence has evolved to address the insider threat. The F.B.I. created the Hybrid Threat Center (HTC) to support Department of Commerce Entities List investigations. “The HTC is the first of its kind in the FBI; it has been well-received in the U.S. Intelligence Community, multiple FBI divisions, and the private sector.”
  3. Cyber-attacks are evolving to new levels, including cyber-espionage as highlighted in our blog from last week, http://blog.ensilo.com/cyber-security-in-120-secs-nation-state-cyber-espionage. The FBI is working with the National Cyber Investigative Joint Task Force (NCIJTF), “which serves as a coordination, integration, and information sharing center for 19 U.S. agencies and several key international allies for cyber threat investigations.” In parallel, the FBI is working with the private sector through initiatives such as the Domestic Security Alliance Council, InfraGard, and the National Cyber Forensics and Training Alliance.
  4. Health care fraud is increasing. “Health care spending currently makes up about 18 percent of our nation’s total economy. These large sums present an attractive target for criminals.” In fact, The Washington Post has dubbed 2015 the “Year of the Healthcare Hack”, as breaches of some of the largest U.S. healthcare insurers - Premera Blue Cross and Anthem –compromised the healthcare records of more than 90 million people.