• Hackers Trick Email Systems Into Wiring Them Large Sums
    Wall Street Journal (07/29/15) Simon, Ruth

    In what is known as “corporate account takeover” or “business email fraud,” many cybercriminals use publicly available information and flawed email systems to trick businesses into transferring money into fraudulent bank accounts. Malicious computer software can allow criminals to collect passwords to email systems, and then to falsify wire-transfer instructions. Although companies of all sizes have been targeted by these scams, small businesses are especially vulnerable because they lack the budget for security and investigations. Some insurers now offer “social engineering fraud” coverage as an add-on to standard crime policies. The schemes cost companies more than $1 billion from October 2013 through June 2015, the FBI reports, based on complaints from businesses in 64 countries. A recent advisory says that the FBI’s Dallas office identified six Nigerians who had targeted about 25 local companies with emails that appeared to come from the companies’ high-level executives. A spokeswoman for Nacha, the industry-run group overseeing ACH transactions, says that businesses are strongly advised to “work together with their financial institutions to understand and use sound business practices to prevent and mitigate the risk of corporate account takeover.”

    Web Link

  • Minimizing Risks from Contractors and Temporary Employees
    Security Magazine (07/01/15) Zalud, Bill

    Companies rarely consider the negative security implications that come with working with contractors and subcontractors. This can be a very big mistake. There have been multiple high-impact examples of contractors revealing sensitive information, most famously Edward Snowden burning the NSA. There are a few ways for companies to make sure they are hiring only the best contractors. Make background checks a priority. Thomson Reuters has a tool called CLEAR, which provides public and proprietary records with real-time data, graphical connections between people, addresses, and numbers, integrated web searching, and customized reports. Another firm called HireRight provides criminal background checks, verifications, and drug and health screening. Companies should also check social media before contracting anyone. Ultimately, the goal should be to treat temps and contract workers the same way you would in-house employees. They all bring the same potential threats the table and only a thorough review can weed out the good options from the very bad ones.

    Web Link

  • More Than 70 Targeted in Global Takedown of Hacker Forum Darkode
    Wall Street Journal (07/15/15) Barrett, Devlin

    Police in 20 countries have charged, arrested, or searched dozens of alleged hackers belonging to a group known as Darkode. One of the alleged associates is an intern at FireEye Inc., a computer security firm that works closely with FBI, U.S. officials said. At least 70 alleged participants around the world were targeted for operating what police described as an online marketplace for malicious computer code. Darkode’s password-controlled website, where hackers bought and sold malware or hacking skills, was seized by authorities. Darkode is only one of an estimated 800 such websites, but U.S. Attorney David Hickton said it was “the most sophisticated English-speaking forum for criminal computer hackers.” At least 12 people have been arrested in the United States, with more likely, for charges that include conspiracy to commit computer fraud and conspiracy to send malicious computer code.

    Web Link | Return to Headlines

    Automobile Cyber Threats Sharing Group Expected to Operate by Year’s End
    Wall Street Journal (07/14/15) King, Rachael

    The automotive industry is seeking to combat the growing number of cyber threats facing their increasingly connected vehicles with the formation of a new automotive information sharing and analysis center (ISAC). “The launch of the auto ISAC will serve as a central hub for intelligence and analysis that will provide timely sharing of cyber threat information and potential vulnerabilities in motor vehicle electronics and their associated in-vehicle networks,” said Rob Strassburger, vice president of vehicle safety and harmonization at the Alliance of Automobile Manufacturers. The hope is that the new ISAC will help carmakers address cybersecurity issues in their vehicles before they lead to situations like the recent recall of 65,000 Range Rovers by Jaguar Land Rover due to a software bug affecting the vehicles’ keyless entry. The Obama Administration has pushed for the development of voluntary industry standards and groups like ISACs to address cybersecurity issues and several industries have followed that route, most notably the financial industry. The new automotive ISAC is expected to be operational late this year. It will start small, at first being open only to automakers and eventually opening up to include auto suppliers and other strategic partners like telecom and technology companies.

    Web Link | Return to Headlines

    NSA Chief Expects More Cyberattacks Like OPM Hack
    Wall Street Journal (07/15/15) Wall, Robert; Flynn, Alexis

    Navy Adm. Mike Rogers, director of the National Security Agency (NSA) and head of the U.S. military’s Cyber Command, warned that the United States could see more cyberattacks like one on the Office of Personnel Management.  The U.S. government reported last week that two cyberattacks on the agency compromised more than 21 million Social Security numbers, 1.1 million fingerprint records, and 19.7 million forms with personal data.  As a result, the government is reviewing cybersecurity policies, Rogers said.  He compared the hacking to last year’s attack on Sony Pictures Entertainment, which unleashed sensitive company information.  Rogers called on private companies and the government to work together to protect networks.  David Omand, former head of the U.K. Government Communications Headquarters, said that the average cost of a data breach for major U.S. companies could be around $20 million.

    Web Link

  • U.S. Panel Aims to Shield Planes From Cyberattack
    Wall Street Journal (06/29/15) Pasztor, Andy

    The FAA this month set up a high-level advisory committee discussion to examine the rising concern over potential industry vulnerability to computer hackers. The FAA initiative aims to identify the seven or eight most important risk areas and reach consensus on international design and testing standards to guard against possible cyberattacks. The committee includes representatives of plane makers, pilots, and parts suppliers from around the globe. On June 21, operations were disrupted at Warsaw Chopin Airport by what LOT Polish Airlines said was a cyberattack on flight-planning computers. Ten LOT flights were canceled and some 15 others were grounded for several hours, affecting roughly 1,400 passengers. Though airline officials said safety was never affected, LOT’s chief executive was quoted saying that such a cyberattack z’can happen to anyone, anytime.” The overall level of concern is reflected in Boeing Co.’s decision to pay outside experts dubbed “red hat testers”—essentially authorized hackers—to see if built-in protections for onboard software can be defeated. Mike Sinnett, vice president of product development for Boeing’s commercial-airplane unit, said certification of the flagship 787 Dreamliner required Boeing to purposely allow such teams inside the first layer of protection to demonstrate resilience.

    Web Link

« Previous Entries   

Recent Comments