As always, we end our week with a short summary of security news happening in the cyber-world. This time, however, we cannot separate ourselves from the terrorizing events in the physcial world taking place in Paris. Our thoughts and hearts go out to the family and friends of victims, and we hope for a strong recovery to those injured.
On the cyber-world front, this week was characterized by the re-investigation of old breaches and new ransomware versions. In the meanwhile, the US gov is taking new measures to revamp their security in face of the ever-evolving landscape.
In 2009 & 2010 two separate e-money transaction companies Neteller and Moneybooker, now Skrill, experienced what was thought then to be insignificant breaches by both companies; now is being investigated further due to new evidence. A non-identified source came forward with information that was being leaked on the “deep web” sometime between 2011-2012.
Why is this signficant?
- Optimal, a company that owns both Skrill (Moneybooker) and Neteller confirmed the data breaches of 2009/10 and said both were reported to Financial Services Authority (now the Financial Conduct Authority) with Deloitte carrying out the investigation. Optimal says of Deloitte’s post-breach investigation revealed that the Neteller files exfiltrated were “single digit meg size” and determined the case was not “material”. Although, the databases that were handed over, included 4.5 million and 3.6 million sensitive personal records for Moneybookers/Neteller.
- This case is being reopened after an unidentified source came forward with the databases that were handed over to Troy Hunt, a security expert that runs haveibeenpwned.com and also to a Forbes reporter. Now that the case is reopened, the criminal investigation on who is responsible for the breach will be underway.
- Since the breaches were considered insignificant, customers from both companies were never notified of the breaches, neither of the companies suffered any financial losses. Although, once Optimal disclosed the breach last week, Optimal’s shares had an 11 per cent fall on the day of the disclosure.
The Register dubbed the new Cryptowall 4.0 version, the “world’s worse ransomware worse still” and mentioning that the perpetrators are still at large, assumingly stemming from one group behind Crytowall 3.0.
Why is this signficant?
- The version includes enhancements to its communication protocol to defeat security solutions, and not only encrypts the files – but also the filenames.
- Last month, the Cyber Threat Alliance publicly announced their discovery that the CryptoWall 3.0 creators were one group. This announcement could have rushed the creators for the release of a nearly impossible detected version, CryptoWall 4.0.
- Ransomware is far from dying. Since the beginning of November, the industry has witness new ransomware targeting Linux web server as well as Mac systems. Another ransomware, Chimera now targeting German users is further extorting victims by threatening them that the perpetrators will post the information online if the ransom is not paid.
** Customers of enSilo are protected by the latest CryptoWall 4.0 and Chimera**
US Government and Cyber-Security
Pentagon contractors are settling allegations and both companies are paying a total of $13 million in fines for neglecting to perform a security clearance for workers that worked on the Department of Defense (DOD) telecommunications project from 2008-2013.
Why is this signficant?
- In 2011 the Pentagon was informed of the apparent Russian workers that were hired without previous security clearance from U.S. Army contractor and whistleblower, John Kingsley. The whistleblower’s announcement opened the case and discovered that the written code was easy to manipulate resulting in numerous viruses uploaded to the Pentagon’s DISA [Defense Information Systems Agency] network. Kingsley claims that the Russian workers were hired out of greed, claiming the Russians were hired at a one-third the rate that American programmers worked.
- Cases such as these and the OPM breach are prompting the U.S. government to take additional precautions and implement a series of recruitment to enhance the cyber security aspect that influences the national security.
First, the U.S. government is enhancing cyber security with the recent recruitment of OPM’s Clifton Triplett, senior cyber and information technology adviser and now, the White House announced the recruitment of Greg Shannon, a senior member of the Institute of Electrical and Electronics Engineers (IEEE) and the chief scientist for the CERT division at Carnegie Mellon University's Software Engineering Institute. The Department of Homeland Security also published OPM’s approval plans to recruit up to 1,000 cyber security personnel. Also, "In March, the Defense Department was granted fast-track hiring authority of up to 3,000 personnel to build up military cyber teams."
- There is a current shortage of workers in the cyber security field. The gov needs to ensure that the new hires have indeed those necessary skills and will need to realize that getting those top-notch individuals, will require the right compensation and training plans to compensate any gap.