Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently.
Here’s what you don’t want to miss from the week of September 7, 2015:
According to digital security firm Gemalto, its latest Breach Level Index revealed that a total of 888 data breaches have occurred in the first six months of 2015, compromising 246 million records worldwide. Compared to the first half of 2014, data breaches increased 10 percent, while the number of compromised records declined significantly – 41 percent. The company said the noteworthy downsize could likely be attributed to the fact that fewer large-scale breaches occurred in the retail industry, compared to the same time last year.
- Danish cybersecurity researchers have discovered new, more sophisticated variants of the evasive Carbanak banking malware – the campaign which led cybercriminals to successfully exfiltrate nearly $1 billion from dozens of banks and financial institutions worldwide. “From our analysis, it comes clear that Carbanak has returned and has been confirmed targeting large corporations in Europe and in the USA,” explained Peter Kruse, security specialist at Heimdal Security. Kruse warned that at least four new variants have been observed targeting key financial personnel via spear phishing attacks.
- Health insurer Excellus BlueCross BlueShield announced this week that it had recently learned of a “sophisticated” cyber attack on its systems initially dating back to December of 2013. The company stated the breach may have led to the exposure of the personal information of over 10 million plan members, including claims and financial account information. As of yet, the company assured no evidence points to the misuse of such data.
- In regards to online fraud, a new study from ThreatMetrix revealed that the UK was the most attacked nation in the world in Q2, with businesses being hit 50 percent more frequently than companies in the United States. Meanwhile, the second highest originators of cyber crime were also found to be based in the UK, after US-based criminals. According to the report, fraudulent attacks rose 20 percent in the second quarter of 2015.
- The eccentric anti-virus pioneer, millionaire and former fugitive, John McAfee, has officially announced his plans to join the 2016 presidential race. In his campaign announcement, McAfee introduced his newly formed Cyber Party.
“The goal of the Cyber Party is quite simple: we aim to speed up the rate the federal government adopts new technology, without sacrificing American freedom and privacy.” – cyberparty.org
The very confident candidate claimed his “vey huge fan base” will help make him a promising contender. “We are losing privacy at an alarming rate – we have none left,” McAffee told CNN. “We’re given up so much for the illusion of security and our government is dysfunctional.”
- Independent security journalist Brian Krebs reported authorities in Cyprus and Norway have arrested several key individuals believed to have been behind the development and deployment of highly sophisticated banking malware, including Citadel and Dridex. According to Krebs, the arrests involved a Russian national and Moldovan man, whom were traveling or residing outside their native countries and are now facing extradition to the US.
- A USA TODAY report unveiled that the systems of the US Department of Energy (DOE) were breached more than 150 times between 2010 and 2014. Federal records obtained by the publication showed that DOE components were targeted more than 1,100 times over a 48-month period – 159 of those were successful. Furthermore, in a third of these cases, attackers were able to gain administrative access to the compromised systems. “The USA’s federal records are the tip of the iceberg when it comes to attacks against the global energy sector,” ICS security consultant Jalal Bouhdada told SecurityWeek. “With a growing number of ICS vulnerabilities and exploits being uncovered, it is clear critical infrastructure is seen as a highly susceptible and lucrative target.