Cyber Crime
Anthem Hackers Tried To Breach System As Early As December: SAN FRANCISCO (AP) — The hackers who stole millions of health insurance records from Anthem Inc. commandeered the credentials of five different employees while seeking to penetrate the company’s computer network — and they may have been inside the system since December. Huffington Post, February 8, 2015
Anthem hack exposes data on 80 million; experts warn of identity theft: Health insurance giant Anthem Inc. said hackers had breached its computer system and that the personal information of tens of millions of customers and employees was possibly at risk. LA Times, February 5, 2015
Data Breach at Health Insurer Anthem Could Impact Millions: Anthem Inc., the nation’s second largest health insurer, disclosed Wednesday that hackers had broken into its servers and stolen Social Security numbers and other personal data from all of its business lines. Given the company’s size, this breach could end up impacting tens of millions of Americans. KrebsOnSecurity, February 4, 2015
Banks: Card Thieves Hit White Lodging Again: For the second time in a year, multiple financial institutions are complaining of fraud on customer credit and debit cards that were all recently used at a string of Marriott properties run by hotel franchise firm White Lodging Services Corporation. White Lodging says it is investigating, but that so far it has found no signs of a new breach. KrebsOnSecurity, February 3, 2015
Target Hackers Hit Third Parking Service: Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Book2park.com is the third online parking service since December 2014 to fall victim to this cybercriminal group. KrebsOnSecurity, February 2, 2015
Financial Cyber Security
Hackers and Cybercrime: Financial Firms Increasingly Targeted For Fraud: The email Keith McMurtry received in early June read, “This is a strictly confidential operation,” and it was signed by his boss, Chuck Elsea, CEO of the Scoular Co., a commodities-trading firm based in Omaha, Nebraska. So, McMurtry took the mysterious missive seriously, even though the address was unfamiliar. International Business Times, February 6, 2015
Identity Theft
Citing Tax Fraud Spike, TurboTax Suspends State E-Filings: TurboTax owner Intuit Inc. said Thursday that it is temporarily suspending the transmission of state e-filed tax returns in response to a surge in complaints from consumers who logged into their TurboTax accounts only to find crooks had already claimed a refund in their name. KrebsOnSecurity, February 6, 2015
Anthem Hacking Points to Security Vulnerability of Health Care Industry: The cyberattack on Anthem, one of the nation’s largest health insurers, points to the vulnerability of health care companies, which security specialists say are behind other industries in protecting sensitive personal information. The New York Times, February 6, 2015
Protect Yourself After Anthem Data Breach: Citadel VP David Lam talks to NBC Southern California – A massive data breach for California’s largest health insurance provider — Anthem. Mekahlo Medina reports for NBC4. NBC LA, February 5, 2015
Why hackers are targeting the medical sector: A hack at Anthem, the second-largest health insurer in the country, exposed personal information about millions of employees and customers. But the attack is just the latest evidence that cybercriminals are increasingly targeting the medical sector where they can collect health information that can be sold for a premium on the black market. Washington Post, February 5, 2015
Cyber Warning
Yet Another Flash Patch Fixes Zero-Day Flaw: For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks. KrebsOnSecurity, February 5, 2015
Hacked Hotel Phones Fueled Bank Phishing Scams: A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south. Such attacks are not new, but this one is a timely reminder that phishers increasingly are using lures blasted out via SMS as more banks turn to text messaging to communicate with customers about account activity. KrebsOnSecurity, February 4, 2015
Serious bug in fully patched Internet Explorer puts user credentials at risk: A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users’ browsing sessions. Microsoft officials said they’re working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1. ars technica, February 3, 2015
Hackers Abuse Another Adobe Zero-Day To Attack Thousands Of Web Users: Adobe is scurrying to patch the third Flash zero-day of the year, with criminal hackers already using a previously unknown and unpatched vulnerability to launch attacks against thousands of web denizens, security researchers warned today. Those attacks hit visitors to popular video sharing site Dailymotion, with other sites thought to be affected as the infections were launched via advertisements that will likely be resident on many other web pages. Forbes, February 2, 2015
Cyber Security Management
Amy Pascal To Step Down As Sony Co-Chair Following ‘The Interview’ Cyberattack: Amy Pascal announced Thursday she will step down as co-chairman of Sony Pictures Entertainment following the November cyberattack on the studio in which hackers leaked thousands of email messages, including a number of embarrassing ones that Pascal had sent. Forbes, February 5, 2015
Investment firms become cybercrime focus, highlights insurance need: Over half of US brokerage and investment firms have been targeted by scams designed to trick them into releasing client funds, regulators say. ZDNet, February 4, 2015
Brokerage Firms Worry About Breaches by Hackers, Not Terrorists: The online attack on Sony Pictures Entertainment in the fall that federal authorities linked to the North Korean government raised alarm bells about the hacking threat posed by foreign governments. But brokerage firms based in the United States remain most concerned about an attack carried out by a loose band of hackers or employees with a grudge. The New York Times, February 3, 2015
Obama’s Budget Can’t Fix Corporate Cybersecurity: President Barack Obama’s fiscal 2016 budget proposal calls for $14 billion in spending on federal efforts to bolster cybersecurity and encourages legislation to ease data sharing between the government and the private sector in order to quickly detect and respond to online attacks. US News and World Report, February 3, 2015
Cyber Security Management – Cyber Defense
As Flash 0day exploits reach new level of meanness, what are users to do?: Less than five weeks into the new year, 2015 is already shaping up as one of the most perilous years for users of Adobe Flash, with active exploits against three separate zero-day vulnerabilities, one of which still wasn’t fully patched as this post went live. ars technica, February 4, 2015
Securing the Village – ISSA-LA
Cybersecurity Expert David Kennedy of TrustedSec to Speak at ISSA-LA Seventh Annual Information Security Summit on Cybercrime Solutions – June 4: David Kennedy, founder and CEO of TrustedSec, LLC, will be the opening keynote speaker at the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) Seventh Annual Information Security Summit on Thursday, June 4, 2015 at the Los Angeles Convention Center. The theme of the one-day Summit, The Growing Cyber Threat: Protect Your Business, highlights the impact cybercrime has on all organizations: business, nonprofits, government agencies, schools, healthcare and others. The Summit advances ISSA-LA’s core belief that ‘It takes the village to secure the village’SM. Security Orb, Febraury 6, 2015
National Cyber Security
Defense nominee: US ‘not where it should be’ on cybersecurity: The Defense Department’s network security “is not where it should be,” said Ashton Carter, the nominee for Defense secretary, during his Wednesday nomination hearing. The Hill, February 4, 2015
WESTERN SPY AGENCIES SECRETLY RELY ON HACKERS FOR INTEL AND EXPERTISE: The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. The Intercept, February 4, 2014
Cyber Misc
Hackers Use Old Lure on Web to Help Syrian Government: WASHINGTON — To the young Syrian rebel fighter, the Skype message in early December 2013 appeared to come from a woman in Lebanon, named Iman Almasri, interested in his cause. Her picture, in a small icon alongside her name, showed a fair-skinned 20-something in a black head covering, wearing sunglasses. The New York Times, February 1, 2015
Cyber Sunshine
Silk Road: S.F. man convicted of running underground drug website: NEW YORK — A San Francisco man was swiftly convicted Wednesday of creating and operating an underground website that prosecutors said enabled drug dealers around the world to reach customers they would never find on the street. San Jose Mercury News, February 4, 2015
For alleged Russian hacker, a visit to Amsterdam is a costly trip: At noon on June 28, 2012, Vladimir Drinkman, targeted as one of America’s most wanted cybercriminals, and his wife hustled into a cab pulling away from their Amsterdam hotel. They had just been tipped off that the police were on to them, but an unmarked police car blocked their getaway. The Russian was handcuffed and arrested on charges of helping to mastermind what has been called the largest criminal hacking scheme ever prosecuted in the United States. The Washington Post, January 30, 2015