China Hack Updates
Although President Obama and Chinese President Xi Jinping were all smiles during their appearances in public this past week, behind closed doors, the mood was undoubtedly different. Tension amongst the two nations has been mounting in recent years, fueled in large part by cyber attacks. For several years, it has been widely known that China was responsible for large scale hacks of American government agencies and corporations. Despite accusations by the Obama Administration, both countries have remained suspiciously quiet about the attacks and China has yet to have to answer for their actions. However, the magnitude and maliciousness of China’s actions are coming to light and it appears that retribution, particularly in the form of sanctions, is on the horizon.
The Administration is accusing China of working with cyber criminals and private companies to steal corporate trade secrets and intellectual property, as well as sensitive government information. Furthermore it is believed that this misappropriated information is being used to actively identify and target US Intelligence officers and agents. As was made clear by the Snowden leaks, America is by no means innocent of cyber-espionage. However, American government officials are arguing that cyber-espionage is far different from “state-sponsored” theft of data that is used to target government employees and generate commercial profits.
Following the presidential meetings, Obama and Jinping announced that they have reached an agreement for implementing steps to end “state-sponsored” cyber theft amongst the two nations. Beyond alleviating Chinese-American tensions, if this agreement is effective, it could set a precedent for standards regarding international cyber security, spying and warfare. We can only hope that both sides remain genuine to the agreement, because with the current state of affairs, a 21st century version of the cold war is beginning to seem inevitable.
For more information, regarding relations with China, please follow the links below:
The Carbanak Trojan, a financial APT that was used by cybercriminals to steal over $1 billion from banks this past year, appears to have resurfaced and is targeting banks in the US and Europe. The new variant of the trojan attack utilizes a spearphishing e-mail that carries the Carbanak backdoor. Once the Trojan has infiltrated a bank’s system, malware enables hackers to obtain remote access to the bank’s network. Upon obtaining remote access, hackers are able to siphon money in a variety of ways. Key financial personnel at banks, as well as large international corporations should be wary of any suspicious e-mails.
According to a global study conducted by ISACA, cybersecurity experts are not convinced that mobile payments are secure when it comes to protecting your personal data. Of the 900 subjects surveyed, 47% said that mobile payments were not secure and 30% were unsure, leaving only 23% confident in mobile payments security. Furthermore, 87% of the respondents expect an increase in data breaches related to mobile payments over the next year. As increasing amounts of consumers adopt mobile payment applications, it is vital that steps are taken to mitigate the elevated risks that come with them.
Code signing certificates are quickly becoming a prevalent weapon used by cybercriminals to insert malware into programs undetected. Traditionally, certificates were meant to act as a digital signature, or the seal of approval, validating that specific code came from a trusted source and was not tampered with prior to delivery. For this reason files such as executables and scripts that are signed by certificates are often granted access privileges. It appears that cybercriminals have discovered that they can insert malware into code signing certificates and have capitalized on this opportunity. The theft of certificates has soared, and according to a report by Kapersky Lab, certificates signing malware have increased from 1,500 in 2008 to well over 6,000 currently.
This past month, Mozilla announced that some of its zero-day flaw information was compromised as far back as September 2013. Bugzilla, Mozilla’s bug tracking system, was breached by hackers who gained access to a privileged user’s account. In total, the hacker accessed 185 bugs, 53 of which were considered to be severe vulnerabilities. Although Mozilla claims that 43 of these were already patched, the hacker still had access to 10 that were not patched, meaning risk for Firefox users.
According to a study conducted by Raytheon|Websense, the healthcare sector is 340% more likely to fall victim to data theft than the baseline average across all industries. Furthermore, healthcare firms are targeted by a wider array of threats, from malware and phishing e-mails to cryptowall. Unlike the financial industry, where cybercriminals’ methods and patterns are more consistent, attack tactics in the healthcare industry change frequently. As healthcare organizations transition to the cloud, they must ensure that they have the necessary policies, controls and capabilities in place to monitor their vulnerabilities and protect their sensitive data. Their customers’ lives literally depend upon it.
Despite the looming fraud liability shift date of October 1st, the US payments industry is still far behind projected adoption rates for EMV technology. With the liability shift, merchants will be held responsible for fraud occurring from POS terminals that only accept magnetic strip cards. Major credit card brands believed that this deadline would induce a massive migration to EMV technology and the EMV Migration Forum published bold predictions about adoption rates. However, it appears that this has not been the case. Based on several reports conducted so far, it is estimated that only around 20% of payment cards as well as merchants are EMV compatible. Slow adoption is attributed to “high costs, a perceived lack of consumer demand and doubts about EMV’s ability to significantly reduce card fraud.”
The National Strategy for Trusted Identities in Cyberspace, or NSTIC, announced this September that it will be devoting $3.7 million to pilot programs focusing on developing privacy-enhancing technologies to reduce tax refund theft, protect medical information and secure online data storage.
Photo Credit: John Mcsporran