Issue 43 - Week of Dec 14th

1.       J.P. Morgan, Bank of America, Citibank And Wells Fargo Spending $1.5 Billion To Battle Cyber Crime: There’s a showdown going down between a global network of cyber criminals and the world’s largest corporations, governments and cybersecurity companies. Insurance companies estimate the annual cost of cyber-attacks to be more than $500 billion. The BFSI sector has been the prime target of cyber criminals over the last five years, followed by IT/telecom, defense, and the oil and gas sector. JPMC expects its cybersecurity spending to be around $500 million in 2016 while Bank of America will spend $400 million, Citibank $300 million & Wells Fargo $250 million. That’s roughly $1.5 billion in cybersecurity spending by these 4 companies. The U.S. financial services US cybersecurity market is $9.5 billion, making it the largest non-government cybersecurity market in the world. Worldwide market size of financial services is estimated at $16 Billion.

2.       Chinese hacker Steals $170,000 by hacking airline website and offering ticket booking: A 19-year-old man in Dalian, China has been arrested by the police after he was caught hacking into an airline’s website, stealing booking information from 1.6 million ticket orders, and ripping off hundreds of travelers. Using the information, the teen went on to make hundreds of fraudulent transactions and pocketed $170k. It took the airline three weeks to notice the data breach. A police officer said the hack was a result of a loophole in the airline’s computer system and was not highly sophisticated.

3.       Xbox Live downed after threats; hacker group takes responsibility: Hackers from the Phantom Squad are said to have launched a distributed denial-of-service (DDoS) attack against the Microsoft gaming network. In a tweet, the hacker group said Xbox maker Microsoft, and rival Sony-owned gaming network PSN, doesn't "bother working on security" despite their "millions of dollars." Last year, the infamous Lizard Squad launched a series of network attacks against Xbox Live and Sony's PSN network. The attacks were so ferocious and long-lasting that new and existing gamers during the Christmas holidays were unable to login for hours or even days at a time, drawing ire from the international gaming community.

4.       The Ghosts of Technologies Past will Come Back to Haunt Us: Just like it takes continual effort to keep the Golden Gate Bridge or the Taj Mahal in its famous hue, maintenance of the broader IT infrastructure is an ongoing task and requires continual vigilance and effort. However, unlike a bridge or monument, IT Infrastructure continues to grow and expand in depth and criticality, requiring increasing resources just to maintain the status quo. In essence, with every passing day, IT managers have to work harder just to stay in the same place...and that’s a problem. As our infrastructure ages, the challenges posed by connected technology that has become obsolete will grow - for eg: erstwhile robust algorithms such as MD5 and SHA-1 have now become vulnerable to attack.

5.       Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases: There are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, and their number appears to be growing. Combined they expose 684.8 terabytes of data to potential theft. This is the result of a scan performed over the past few days. Millions of user accounts from various apps and services, including 13 million users of the controversial OS X optimization program MacKeeper stand exposed.

6.       Torrent websites infect 12 million users a month with malware: If you visit torrent search websites to pirate software, the risk isn't only through the law but also through malware. Almost a third of the 800 main torrent search websites online today regularly serve their visitors malware - most of them through malvertising. Malware is also found in torrented content. In one example, a pirated copy of the game Fallout 4 served malware to a gamer victim resulting in the theft of their bitcoin savings, worth approximately $2000. Exploits, Remote Access Trojans (RATs), adware, ransomware and botnets were all discovered, and all of which could lead to the theft of sensitive data or system surveillance.

7.       Russian hacking group sharpens its skills: APT 28 group targets political figures, telecom, aerospace companies and has developed new ways of attacking according to researchers. The primary targets of the group are in countries such as Ukraine, Spain, Russia, Romania, the US and Canada. They primarily use three attack vectors to infect targets: spear phishing e-mails with crafted Word and Excel documents attached, phishing websites hosted on typosquatted domains and malicious iFrames leading to Java and Flash zero-day exploits. The hacking group also takes advantage of several newly discovered zero-days exploits, relying on the fact that not everyone installs security updates immediately after they are published.

8.       Data Theft Prevention (DTP) Crosses the Chasm: Chances are, data about you was leaked or stolen in 2015. The variety of industries targeted by attackers in 2015 is unprecedented - 177 Million data records were stolen from 750 reported breaches. As Data has value to criminals, they began to spread their attacks to steal data much more widely than ever before. From retail pharmacy and broader healthcare and insurance industries; to university systems and financial service companies; and even to attacks against prominent security companies; data is money to attackers, and in 2015, they made a lot of money from stolen data. An assumption that, “we are already compromised” is beginning to pervade security professionals and the prediction is that DTP adoption will dramatically increase in more mainstream companies.

9.       NASSCOM task force considering corporate cyberattacks disclosure: The technology industry in India is working on a comprehensive cybersecurity plan, which includes asking companies to share information about online breaches and the methods employed to deal with them to help the larger community take better decisions about investing resources in cyber-attacks. Most of the corporates do not want to disclose that they got hacked but at-least a disclosure of actions that companies have taken to protect themselves, in terms of staffing, in terms of funding, in terms of action will help fix similar issues from recurring elsewhere. A similar decision was taken in 2012 but it never saw the light of the day. Last week, NASSCOM also discussed the need for India to become self-reliant in cybersecurity technologies and the need to have more trained professionals in the country engaged in cybersecurity.

10.   Comcast customers targeted in sophisticated malvertising scheme: Comcast ISP customers need to watch out for a new malvertising campaign specifically designed to install ransomware on their machines or hook them through fake tech support. The ad in question is for a review site called SatTvPro[.]com (now down), which appeared on comcast Xfinity's search page and quietly loads the Nuclear exploit kit. Daily Motion, Daily Mail and Yahoo are the other such recent victims. Some Comcast customers would see an additional phishing website designed to look like the Xfinity portal, warning their system may have been breached. The message reads: "Comcast's security plugin has detected some suspicious activity from your IP address. Some Spyware may have caused a security breach at your network location. Call Toll Free 1-866-319-7176 for technical assistance. In this tech support scam - if visitors end up calling the number - the scammers could persuade victims to hand over their account details.