CyberSecurity Pulse 2016-03-03

CyberSecurity Pulse 2016-03-03

Analyst Insight

Ransomware, the Extortion that Continues to Grow

Cybercrime is expanding their goals and aims higher and higher. In recent weeks we have witnessed how hospitals in the United States and Germany have been the main targets of cybercriminals. This type of establishments handles specially protected information about the health of their patients, which might make expectable that the launch of ransomware campaigns on them could earn high profits.

CyberSecurity Pulse 2016-02-25Already in early 2015, companies like McAfee observed an increase of their detections by 165% with regards to this threat. Its characteristics have evolved in complexity and it is becoming increasingly frequent to come across more secure communications, concealed launch techniques and a greater awareness of sandbox environments. In the same way, although the most reported infection vector are emails with malicious attachments, a growth is expected driven by an increased use of the cloud, POS and the Internet of Things.

In general, all kinds of cyberextortion, whether DDoS attacks, theft of confidential information, sexual extortion or ransomware, are considered by the Security Forces as a growing industry in which the high safety awareness in operations conducted by these groups is nearer to organised crime practices than it is to a mere computer-related offence.

» More information at ElevenPaths

Top Stories

Brazilian Police Arrested Facebook Vicepresident for Latin America

CyberSecurity Pulse 2016-02-25Law Enforcement Agencies worldwide are increasing their pressure on IT companies for accessing users’ data. While we are discussing the San Bernardino case (Apple Vs. FBI) other news are also shocking the industry. Diego Dzodan, Facebook Vice President, has been arrested in Brazil for refusing to share WhatsApp Data with the authorities in a drug trafficking investigation. Like Apple, also Facebook refused to provide access to WhatsApp data to law enforcement and, for this reason, the Brazilian federal police has arrested the Facebook Latin America Vice President. The company denied three requests by federal police, leading, firstly, to the imposition of a daily fine on the US company of 50,000 reais by a Brazilian court (about $12,500), afterwords to a daily penalty of one million reais (about $1.4 million) and, finally, to the arrest of the Facebook VP himself.

» More information at Security Affairs

European Commission Presents EU-US Privacy Shield

CyberSecurity Pulse 2016-02-25The United States and European Union have published the final text of their new Privacy Shield deal, which is supposed to ensure that Europeans enjoy adequate data protection rights when US companies import their personal data. The deal places major new obligations on those companies, which range from technological firms to many other kinds of multinationals. The newer part of this agreement is focused on increasing the limits of the US intelligence services which will have to adhere to oversight mechanisms when using Europeans’ data. Europeans will also get new ways to complain in the US about their data being misused as the US State Department will set up a new ombudsman to handle complaints about intelligence-related matters.

» More information at European Commission

Rest of the Week´s News

DROWN Attack: More Than 11 Million HTTPS Websites at Risk

A new vulnerability has been discovered in OpenSSL that affects more than 11 million websites and email services protected by an ancient protocol, Secure Sockets Layer (SSLv2). An attack exploiting this, dubbed DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), is estimated to be able to kill off at least one-third of all HTTPS servers. You can find out if your site is vulnerable using the DROWN attack test site.

» More information at DROWN Attack

DarkHotel Is Back Targeting Telcos in Asia Pacific

According to threat intelligence start-up ThreatBook, the DarkHotel APT group is targeting executives at telecommunications companies in China and North Korea. The list of targets includes CEOs, senior vice presidents, top R&D engineers, sales and marketing directors from the USA and Asia travelling for business in the APAC region. Generally, their spear phishing messages came with malicious documents attached, typically a crafted SWF file embedded as a downloadable link in a Word document.

» More information at Security Affairs

University of California and IRS Report Their Security Incidents

Officials at the University of California Berkeley said on last Friday that they were alerting 80,000 people, including current and former students, faculty and vendors of a cyberattack on a system that stores social security and bank account numbers. Likewise, according to the IRS, the US Internal Revenue Service, personal and tax data have been compromised of at least 724,000 citizens.

» More information at Krebs on Security and The New York Times

Further Reading

Raspberry Pi 3: MicroComputer with Built-in Wi-Fi and Bluetooth

» More information at The Hacker News

Judge Confirms Government Paid CMU Scientists to Hack Tor Users for FBI

» More information at The Hacker News