Issue 60 - Week of April 11th

1.       FDIC suffers data breach: Federal Deposit Insurance Corporation (FDIC) provides deposit insurance to depositors in US banks, it suffered a major data breach- exposing  the records of 44,000 customers. A former employee - who had legitimate access to the data - downloaded the data to a personal device and left the corporation with the data. An FDIC spokeswoman confirmed that the former employee has signed an affidavit specifying no breached information was used in any form. This growing threat from Insiders is a big worry for all CIOs whose companies handle sensitive data.

2.       Hybrid GozNym malware targets customers of 24 financial institutions: A group of cybercriminals have combined two powerful malware programs (Gozi ISFB Malware + Nymaim malware), to create a new online banking Trojan (GozNym) that has already stolen millions of dollars from customers of 24 U.S. and Canadian banks. Nymaim is a dropper file that uses a DLL of Gozi- which is capable of injecting malicious code into Web browsing sessions. Together they are used to steal credentials and perform online banking fraud.

3.       Cybercriminals now target tier-2 systems: With Tier 1 systems like retail banking becoming more secure, the Cybercriminals targeting Australia are shifting their focus to other targets where money is held and security is poor, such as payroll, invoicing, and superannuation systems. The criminals log in to these systems using stolen credentials, check the date of the next pay run, and log out. They log back in just before the pay run, change employees' bank details to their own or to accounts that they control and let the payroll run proceed.

4.       Are you using Apple iPad? if yes- upgrade to iOS 9.3.1 immediately: iOS versions pervious to this are vulnerable to 1/1/1970 bug attack. If the iPad is in untrusted Wi-Fi network with a spoofed NTP server that sets the date as 1/1/1970, then the iPad's software becomes unstable and causes overheating and permanently damages the device. Fortunately this cannot happen to iPhone, as the phone depends on GSM network for its date and time.

5.       Are you using QuickTime for Windows? if yes- uninstall it now: Two reasons why you should do it - (i) Apple has abandoned QuickTime for Windows and it will not deliver security updates. (ii) There are two known critical vulnerabilities that could allow an attacker to take control of a system running QuickTime.

6.       Apple v/s FBI: After getting a third party to hack the shooter's iPhone – Sources have confirmed that nothing useful was found on it. In the drug dealer iPhone case, Apple resists FBI’s call to unlock the iPhone. Apple told a federal court last week that it should not be asked to help the FBI unlock the iPhone used by the drug dealer and that the case would lead to "an avalanche" of similar demands if prosecutors prevailed.

7.       FBI Director puts tape over his webcam: The director admitted that he has put a piece of tape over his personal laptop's webcam. On one hand he says 'absolute privacy hampers the law enforcement' but on the contrary, he is doing exactly the same with his personal webcam. However, tape on webcam cannot stop hackers or government spying agencies from recording your voice. FBI in the past has used malware to hack into cameras to spy on targets.

8.       Petya ransomware cracked: In issue 58, we spoke about this new ransomware that encrypts the whole hard drive. A researcher discovered a weakness in the nasty malware's design. To crack the malware - victims need to run a tool that extracts specific data from the infected hard drive and upload it to the researchers password generator tool - which will generate the decryption key for free. This is a great solution to decrypt the infected files, but most likely, the Petya authors have already heard about this tool and are modifying their code to disable the solution. So, there is no guarantee the tool will continue to work indefinitely. Regular backups and good web security solution are the best bets against ransomware.

9.       Cox investigates as employee data appears for sale on the dark web: Names, email addresses, phone numbers, and other information relating to some 40,000 Cox Communications employees is currently advertised on a marketplace specializing in stolen data and computer exploits. Cox is aware of this matter and have engaged a third-party forensic team to conduct a comprehensive investigation and are actively working with law enforcement.

10.   Online banking and plastic card-related fraud in India increases: The incidence of ATM, credit, debit card and net banking-related fraud has gone up by more than 35 percent between 2012-13 and 2015-16 in India, according to Reserve Bank of India. 11,997 cases have been booked in the first nine months of 2015-16. In Mumbai alone the credit card fraud rises 151% and it makes up 55% of cyber-crimes this year.