Looking at the cybersecurity goings-on last week, it’s safe to assume that hacking is taken to new heights. Cybersecurity is not just an issue of stealing personal information and defacing websites, it can cause very serious financial and political damage as well.
Perhaps the most alarming known cyber security nose-dive recently, Sky News reported a cyber fraud scheme that affected high-balance accounts from 60 banking institutions worldwide. The casualty amounted to an estimate of 75 million dollars. Investigators strongly believe that the crime was carried out with “an insider level of understanding,” therefore marking the biggest cyber bank robbery to date.
McAfeee and Guardian Analytics said that a good deal of source servers used for the attacks are from Russia. They are targeting corporate bank accounts, starting in Italy and then spreading throughout Europe.
As responsible people who stroll around the cyberspace, we have to be vigilant about the things that we read, and links and folders that we click. Now that the London Olympics 2012 is a hot topic right now, we have to put our guards up against spams masking themselves as deals that are too good to be true in exchange for personal information, prize notification that are actually malware, and the like.
Check out http://www.london2012.com/stay-safe-online/ on how to stay safe online.
Japan’s Finance Ministry, Supreme Court and political parties DPJ and LDP were the latest targets of Anonymous. They were taken offline for a while by the hacktivist collective in protest to the country’s new anti-piracy bill that will incarcerate copyright violators. Anonymous has always been against anti-piracy efforts that impede unregimented flow of information.
“We are aware of the Anonymous statement referring to the new copyright law, but we don’t know at this point if the cyber-attacks are linked to the group,” said Ministry official Takanari Horino.
At CRYPTO 2012 conference, a PDF written by Dan Goodwin of Ars Technica revealed fatal flaws in RSA products. One such flaw allows hackers to extract secret symmetric secret keys from RSA’s SecurID 800 in less than 13 minutes. SecurID 800 is supposed to secure companies’ physical and remote access to sign emails and validate authentication using formidable cryptographic keys.
The attack uses a programming protocol called PKCS#11 interface to leg up the cryptographic wrapper and allow access to the keys.
RSA responded to Ars Technica with the write-up “Don’t Believe Everything You Read…Your RSA SecurID Token is Not Cracked.” They said their token cannot be cracked directly but they admitted that the keys can somehow be accessed using the said method.
“While RSA would agree that the research paper demonstrates an improvement of the padding oracle attack, the attack is better characterized as against the PKCS #1 V1.5 standard rather than any particular device,” writes RS.
With an array of powerful in-house security and security-as-a-service offerings, Splunk leverage with big data to predict failures and distinguish a real threat from a false alarm. The water pump fail in Illinois for instance instigated panic over cyberterrorism. The FBI used Splunk to analyze the logs to know what actually happened there and it turned out that it was just a contractor logging in from Russia.
One of the many offerings by Splunk include a behavior analysis. Queries are answered with much better accuracy the more data it is fed. It allows users to search language, monitor real-time data streams, and mine logs and big data for patterns.
A new APT campaign using MacOS X backdoor variant was intercepted by Kaspersky Lab. It is targeting Uyghur activists. Contained in a zip file and attached in emails, it’s a new, undetected version of MaControl backdoor on both i386 and PowerPC Macs. It will install itself in the system when opened and immediately connects to its Command and Control server for instructions.
After the DNSChanger incident, Fortune 500 companies were given a 2-month safety net deadline to set up replacement DNS servers that resolved DNS queries from infected machines. However, 12 percent of the companies still have at least one infected machine. The extended safety net ends on July 9 so that means companies who fail to act by then will be unable to use the internet. Without a DNS server, sending emails and surfing the web will not be possible.