Cyber Alert – Q2 2015 – The threat landscape and other recent news

Tom Pritchard

A small selection of attacks reported in Q2.  Please see our weekly cyber alert on Datonomy for more.

  • The BBC reported that a coordinated effort between the EU Cybercrime Action Taskforce, the FBI and private security firms, Intel, Kapersky and Shadowserver was successful in taking down a very sophisticated piece of malware called “Beebone”. The malware reportedly controlled up to 100,000 computers a day and evaded detection for a long time by being able to change its own identity up to 19 times a day.  Now that the malware has been contained, Operation Beebone is focusing on identifying those behind the attacks.
  • Following the GitHub denial of service attacks (reportedly perpetrated by China), researchers at the University of Toronto, University of California, Berkeley, the International Computer Science Institute and Princeton University claimed that China designed a cyber offensive system called the “Great Cannon”. The Great Cannon can reportedly intercept foreign web traffic, import malicious code and redeliver it to specific IP addresses.  Such a method has been compared to the QUANTUM system reportedly deployed by both the NSA and GCHQ.  Read analysis from com here.
  • The Observer reported that the 12-hour blackout suffered in Instanbul in March 2015 was purportedly the work of an Iranian cyber attack. The attack, which shut down Turkey’s airports, hospitals, traffic controls and even water and sewage, was said to be political retaliation by Iran for Turkey’s public support of Saudi Arabia in its battle against the Iran-backed Houthis in Yemen.  Iran is now said to have one of the most advanced cyber armies in the world.
  • SC Magazine reported that the personal data of over one million CareFirst customers was exposed by a data breach in June 2014, yet the details only just became public. The US-based company, a subsidiary of BlueCross BlueShield, apparently discovered the breach having hired Mandiant to perform a routine assessment of its IT systems.  Reportedly, the names, dates of birth, and ID numbers of 1.1 million customers were compromised.
  • The BBC reported on a potentially huge security breach within all US government departments. The US Office of Personnel Management (OPM) confirmed that an attack they became aware of in April may have compromised the personal data of nearly four million government employees across all federal agencies.  The OPM publically stated that they believe the hackers are based in Beijing.  US officials remain concerned that security clearance information on government officials could have been targeted by the hackers, revealing many more security weaknesses.  China was unhappy with accusations that the threat came from them and publically stated that the US’s statements on the matter were “irresponsible and unscientific”.
  • The BBC also reported that the attack on the German Bundestag computers, which came to light in May 2015, is still managing to steal data from infected machines.  The federal office for computer security (the BSI) is apparently considering whether to just replace all 20,000 compromised computers or whether there is a way to effectively disinfect the computers.
  • Verizon released its Data Breach Investigations Report (DBIR). The company analysed 79,790 security events from 2014.  The report displayed a wide variety in the cost of a data breach, ranging from $57,600 to $27.5 million (when at least one million records are accessed during the breach).  Other interesting findings from the report include: smartphones are not the target of the great majority of attacks (only 0.03% of smartphones on the Verizon network were targeted per week), social engineering attacks (such as phishing emails) are still surprisingly effective despite increased awareness and 60% of organisations can be hacked within minutes.
  • In February 2015, a CERT-Belgium report highlighted a critical security vulnerability in Magento’s software, an open-source content management system used by e-commerce websites such as eBay. The vulnerability potentially compromised customers’ personal data and credit card information, however, Magento acted quickly and was able to release a software update the same day. For a visual demonstration of how the security breach could be exploited, see here.
  • And finally…In a story of digital comeuppance, Channel 4 News reported that the adult dating site AdultFriendFinder.com suffered an attack, causing the (very) personal data of 3.9 million of its 64 million members to be compromised. Users’ sexual preferences, their availability for an extramarital affair, in addition to their email addresses, dates of birth and post codes are being sold on the darkweb.
  • The International Business Times reported that hackers managed to infiltrate a video billboard in downtown Atlanta, Georgia and replace the advertisement with an image of a naked man. The hacker group, Assange Shuffle Collective, took credit for the hack which was apparently perpetrated due to the fact that it used an easy-to-guess password on its net-connected remote administration system.  There was little the billboard owner, Yesco, could do except pull the plug.

Leave a Reply

Your email address will not be published. Required fields are marked *