Identity theft is still hackers’ major goal

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Tech security firm Gemalto’s Breach Level Index shows identity theft accounting for 53 percent of data breaches in the first half of 2015. Overall, data breaches grew 10 percent in the period, with 888 breaches recorded, compromising 246 million records worldwide. While the number of compromised data records fell by 41 percent during the first six months, this was mostly due to fewer megabreaches in the retail industry. The largest breach in the first half of 2015—which scored a 10 in terms of severity on the Breach Level Index—was an identity theft attack on Anthem Insurance that exposed 78.8 million records, representing almost a third (32 percent) of the total data records stolen in the first six months of 2015. Source: Planet Biometrics

And all it took was a phone number

sh_phone_280Up to 200,000 users of WhatsApp’s Web-based service may have been hit in a cyber attack that let hackers compromise personal data using just their phone number. WhatsApp Web is a service that lets people access the messaging service via a browser on a smartphone or computer, rather than the app. Hackers were sending vCard’s to random phone numbers they had obtained, according to security firm Check Point. A vCard is an electronic contact card that you can send to another person. For example, if somebody wanted the number of someone in your phone’s contact book, you could send the vCard, and the other person would have all the details. The vCard sent by the hackers contained a malicious code that would distribute bots, ransomware and remote access tools on a person’s phone or PC. Source: CNBC

Insurer says more than 10 million records exposed

A health insurer in western New York and affiliates said their computers were targeted last month in a cyber attack that may have provided unauthorized access to more than 10 million personal records. Excellus BlueCross BlueShield and Lifetime Healthcare Companies said they’re offering affected individuals two years of free identity theft protection. Unauthorized computer access was discovered Aug. 5, with the initial attack occurring on Dec. 23, 2013. Information could include customers’ names, birth dates, Social Security numbers, mailing addresses, phone numbers, member identification numbers, financial account information and claims information. Other affiliates are Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare. Source: NBC News

Star light, star bright … oh, wait, it’s a satellite

sh_satellite_280A Russian-speaking spy gang known as Turla has hijacked the satellite IP addresses of legitimate users to use them to steal data from other infected machines in a way that hides their command server. Researchers at Kaspersky Lab have found evidence that the gang has been using the covert technique since at least 2007. Turla is a sophisticated cyber-espionage group, believed to be sponsored by the Russian government, that has for more than a decade targeted government agencies, embassies, and militaries in more than 40 countries, including Kazakhstan, China, Vietnam and the United States, but with a particular emphasis on countries in the former Eastern Bloc. The gang uses a number of techniques to infect systems and steal data, but for some of its most high-profile targets, the group appears to use a satellite-based communication technique to help hide the location of their command servers, Kaspersky researchers say. Source: Wired

This could be the start of something big

Quantum cryptology may be the hottest topic in security these days. Just what is it? According to Toshiba, it means a stable, unbreakable encryption method that uses photons (or light particles) transferred through a custom-made, fiber-optic cable that’s completely independent of the Internet. It’s hack-proof because any attempts to eavesdrop (intercept, copy, wiretap, etc.) such a transmission alters the quantum state—that is, scrambles the encoded data—and is immediately detectable.  Hirokazu Tsukimoto of Toshiba says quantum cryptographic communication uses quantum physics to ensure that genomic data encrypted with digital keys remains undisclosed. Bits are transmitted by individual photons, which cannot be manipulated without leaving remnants of the intrusion. “Toshiba has developed the world’s fastest quantum key distribution prototype based on a self-differencing circuit for single photon detection,” Tsukimoto says. “Field trials begin this month to evaluate the prototype for commercial use in five years.” Source: CIO

Food for thought

sh_food court_280Hackers infiltrated the Pentagon food court’s computer system, compromising the bank data of an unknown number of employees. Lt. Col. Tom Crosson, a Defense Department spokesman, said employees were notified that hackers may have stolen bank account information from people who paid for concessions at the Pentagon with a credit or debit card. “Within the past week, the Pentagon Force Protection Agency has received numerous reports of fraudulent use of credit cards belonging to Pentagon personnel. These individuals had fraudulent charges to their account soon after they had legitimate transactions at the Pentagon,” according to a copy of the notice to employees. Crosson was unable to say how many people have been affected or over what time period, saying the Pentagon Force Protection Agency is investigating. Source: Washington Examiner

Getting energetic in their efforts

Cyber attackers compromised the security of Department of Energy computer systems more than 150 times between 2010 and 2014. Incident reports submitted by federal officials and contractors since late 2010 to the DOE’s Joint Cybersecurity Coordination Center shows a barrage of attempts to breach the security of critical information systems with sensitive data about the nation’s power grid, nuclear weapons stockpile, and energy labs. DOE components reported 1,131 cyber attacks over a 48-month period ending in October 2014. Of those attempted intrusions, 159 were successful. Energy Department officials would not say if any sensitive data related to the operation and security of the nation’s power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks, or whether foreign governments are believed to have been involved. Source: USA TODAY

Hands across the pond

sh_allies_280U.S. and European officials finalized a long-awaited data-protection deal to provide a map for how personal information is protected when shared across the Atlantic by law-enforcement authorities. The agreement is the culmination of four years of negotiations about how police and judges should be able to share data during the course of criminal or terror investigations that cross borders. It is a step toward rebuilding trust between the U.S. and European allies following the Edward Snowden revelations of spying. Congress must pass a measure granting European citizens the right to sue in U.S. courts if the think American authorities have misued their personal data. Source: The National Journal

The business of America, and the rest of the world

A report from specialist insurer Allianz Global Corporate & Specialty on the latest trends in cyber risk finds such attacks cost the global economy approximately $445 billion a year, with the world’s largest 10 economies accounting for half this total, and the United States accounting for $108 billion. “As recently as 15 years ago, cyber attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalization and the commercialization of cyber crime there has been an explosion in both frequency and severity of cyber attacks,” says CEO Chris Fischer Hirs. “Cyber insurance is no replacement for robust IT security, but it creates a second line of defense to mitigate cyber incidents” Source: Business Wire