cvs_cyber_security

We're excited to kick-start our weekly roundup of security news from the past week. In these weekly summaries we'll highlight significant points. So you get the most from all the news in just 120 secs.

Ready, get set, go!

 

Malwares

  1. A new Android ransomware, Lockerpin.A, appears in the wild. With a click of a “continue” button, the malware obtains administrator privileges, and changes the lock screen PIN until the user pays or does a factory reset- losing all data from their phones. 
    http://arstechnica.com/security/2015/09/new-android-ransomware-locks-out-victims-by-changing-lock-screen-pin/

    Why is this signficant?

    Android ransomware has just become more nefarious. To quote, Ars Technica, “By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.”

  2. Researchers have found compromised Cisco routers which allow attackers to plant malicious firmware
    http://www.csoonline.com/article/2984040/vulnerabilities/cisco-routers-targeted-in-recent-attacks-fireeye-says.html

    Why is this signficant?

    1. The nature of routers make this threat all the more serious as the routers may enable easy access into the organization.
    2. Planting firmware enables this threat to maintain persistence by existing also after a re-boot.
    3. These kinds of compromises highlight the need for a hybrid security approach. It’s not enough to just ensure that the communicating device has a security module since a threat that bypasses that module defeats all. However, a hybrid solution prevents that point of failure by recognizing that something has gone awry.

Breaches

  1. CVS confirmed a data breach on their photo website. Once inside the company’s server, malware captured user information. The breach took place in mid-July, and their photo site has been offline since then.
    http://www.nbcnews.com/tech/security/cvs-alerts-photo-site-users-after-confirming-july-data-breach-n426126

    Why is this signficant?

    CVS’s photo website has been offline since mid-July. That's 2 months of not being able to fully operate due to a compromised environment. The loss of profit here is clear. Businesses need to start changing their mindset from defense to learning how to keep their data secure while under the assumption that their environment is compromised. 

  2. Update on those two hackers that hacked into the database of the top three newswire service’s press releases, prior to being published and selling the information to 32 traders in the stock market.  Now they have settled in court for $30 million, without denying any SEC claims.
    http://www.computerworld.com/article/2983807/cybercrime-hacking/traders-pay-30m-to-settle-newswire-hacking-case.html
    Why is this signficant?
    This case highlights the strong financial motivation behind cyber-attacks. Apparently, the duo generated $100 million in profits over five years using information from 150,000 press releases. 

Legislation

The Treasury Dept. is calling out insurance companies to play a key role when addressing cyber threats.

https://www.washingtonpost.com/world/national-security/insurance-requirements-can-drive-stronger-cybersecurity-treasury-official-says/2015/09/10/823c923c-57e3-11e5-8bb1-b488d231bba2_story.html

Why is this signficant?

  1. Cyber insurance is not a pill against attacks. Yet, they can provide an assessment and help companies manage their risk.
  2. The Payment Card Industry (PCI) Data Security Standard (DSS) was founded about 10 years ago by credit card processors who did not want to carry the loss of abused credit cards. PCI DSS is now considered a standard that many companies try to follow. Although PCI does not guarantee security, it indeed helped the security industry. Research has showed that companies that were compliant to PCI were also more secure. In fact, security teams have also used PCI DSS as a springboard to enhance their security posture. Could a standard created by insurers have the same effect?

  3. This is a call to not just punish when things go bad, but to provide an incentive when things go right (in the form of better rates). One of the greatest issues with cyber-security is to place a monetary figure on its worth. Such motivation can help security teams place a dollar amount to part of their strategy.