This past week was characterized by discussions attempting to resolve nation-state cyber-espionage. While discussions were taking place, recent revelations on IP theft dominated the news. 

More in the news, Sony settles on a class action suit following the 2014 hack, and an attack campagin targeting users of the eCommerce platform website, Magento. Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now. 

 Cyber Espionage

After China’s President Jinping and U.S. President Obama met regarding a cyber agreement that focused in on banning espionage between the two countries with discussions of lifting the U.S. Sanctions on China.  CrowdStrike's recent timeline on the Chinese affiliated intrusions into commercial companies reports that there was an attempted espionage intrusion from China on a U.S. company the day after the Presidents met.  One of CrowdStrike's founders, Dmitiri Alperovich, has been reporting on Chinese cyberespionage since 2011 and claims that they have not seen any change in behavior.

http://www.cbsnews.com/news/crowdstrike-china-violating-cyberagreement-us-cyberespionage-intellectual-property/  

Why is this signficant?

  1. In the past two years we’ve witnessed multiple, to different extents, discussions between the two nations. While attacks continue, there is no published schedule of when the cyber agreement will go into affect, nor a published timeline for the agreement cease and desist/lightening up on the U.S. sanctions on China.
  2. "The hacking group known as Deep Panda, which has been linked to the Chinese military, is believed by many researchers to have carried out the attack on insurer Anthem Health earlier this year."
  3. One would suspect that the numbers of industries impacted and still at risk of cyberespionage are much greater than this article discloses; An article published last week,  reflects back on 2014 case of three Chinese companies that the U.S. accused of stealing commercial secrets from U.S. All three companies are owned by the Chinese government, producing aluminum, steel and nuclear power. The names of the US companies involved were published to warn other companies to hone in on their cyber security measures, to prevent more trade secrets and patents from being stolen.
  4. When it comes to attacks performed by cyber-nations, funding is not an issue. The nation will invest as much as possible in order to carry out their attacks in the most stealthy – and successful – way. This carries in itself a chain of widespread sophisticated attacks since the nation-states lower the bar for financially-motivated cyber-criminals adopting similar techniques and measures.

Breaches

Sony settled a class action suit for $8 million following its server breach in 2014 which exposed Hollywood secrets, salaries and gossip on some of Hollywood's top stars. The plaintiffs in the case are claiming that their personal information is on the black-market for sale, and there have been attempts from identity thieves to use their credit cards.

http://www.bloomberg.com/news/articles/2015-10-20/sony-to-pay-as-much-as-8-million-to-settle-data-breach-claims

Why is this signficant?

  1. A year since the Sony hack, and the financial follow-up woes of the breach continue with the $8 million in claims. Based on past mega breaches (the Sony PlayStation hack in 2011, for one), it might take a year or two more until the dust of this breach settles, with Sony continuing to carry the financial burden. On yet a different note, interesting to see the settlement breakdown: Sony is set to pay the employees $4.5 million and $3.5 million is set for the lawyers for the case.
  2. This is a settlement in a class action suit. Class action suits against breaches are problematic since the plaintiffs must prove direct loss resulting from a breach. For example, identity theft going back to compromised organization. However, Sony is not taking the risk here (whether it’s a lengthy legal process, reputation or eventually losing the lawsuit) and decided to work towards the settlement.

Malware

Security researchers from Malwarebytes detected a malware distribution campaign affecting e-commerce platform, Magento, that redirects users to a Neutrino Exploit Kit which then releases the Andromeda/Gamarue malware (infoStealer) into the victim's systems.  The campaign started slow and kicked up on a massive scale over the weekend, calling in security researchers from Sucuri to determine the origin and scope of the attack.

http://news.softpedia.com/news/magento-websites-exploited-in-massive-malware-distribution-campaign-494805.shtml

Why is this signficant?

  1. Researchers are still looking for the root of the vulnerability. For now it seems that it is a zero day in the Magento platform or in a third-party. With Magento boasting 240K ecommerce customers a vulnerability within the platform has that virality potential.

** Customers of enSilo are protected from Andromeda**