Cyber Security Roundup for September 2016

The theft of over half a billion Yahoo user accounts by hackers has dominated the news headlines in the last couple of weeks. Since announcing the largest hack in history, Yahoo has come in for heavy criticism, given it took two years for Yahoo to notice the massive data theft, talk of lacklustre security behind the scenes at the company, and doubts over Yahoo’s claims the cyber attack was state-sponsored. Lawyers representing users, the US Senate and the UK ICO have all lined up to take pop-shots at Yahoo and are threatening action.  I posted known Yahoo hack information and advice, and Yahoo hack industry analysis

Interesting example of Hacktivism after a Russian group called "Fancy Bears" hacked and released the World Anti-Doping Agency medical records of prominent British and American Olympic athletes. The motivate appears to be a revenge protest aimed at causing embarrassment to medal winning Western athletes following the banning of several Russian athletes at the recent Rio Olympic games for banned sport enhancing drug use. The posted stolen records showed western athletes had taken a variety of banned drugs for legitimate reasons and conditions, which all were approved by the Anti-Doping Agency. Fascinating case for both athletics and data protection worlds, as even athletes in the public eye still have a right to privacy, especially when it concerns information about any medical conditions they have.

UK payment card fraud has risen by 53% over the last 12 months. The shock increase was blamed on scammers using more sophisticated attack methods. This spike in payment card fraud certainly would have been noted by the UK National Cyber Security Centre (NCSC), as it gears up to launching next month. The NCSC is part of the UK government’s £1.9 billion investment plan to beef up the UK’s cyber security capabilities over the next 5 years.

There is an interesting video webinar posted this month, which reviews the $81 million SWIFT Bank Hack by the company that investigated it. It concludes with the SWIFT Bank investigators firmly pointing the finger of blame at weak endpoint security at the bank. Elsewhere the Locky Ransomware continues to be evolved by hackers seeking to make their fortune out of the nefarious tool.

On Tuesday 27th September I spoke at the R3 Summit (Resilience, Response and Recovery) in London, and summarised my advised approach with cyber incident management in a blog post the following day - Cyber Security Incident Management, Response and Recovery Guidance

News

• Yahoo Hit in Worst Hack Ever, Over 500 Million Accounts Stolen
• World Anti-Doping Agency Medical records released by Russian Hackers
• Payment Fraud soars by 53% in a year as scammers get Sophisticated
• TalkTalk loses appeal against £1000 ICO Penalty
• UK moves to ‘Active Cyber-Defence’ as the NCSC Gears Up
• GCHQ to fund startups to fight Cyber-Crime
• Michelle Obama’s Passport leaked by Hacker
• Everyone should cover up their Laptop Webcams Right Now, says FBI director
• Microsoft release 7 Critical Patches for Windows, Edge, IE, Office, Flash Player &  Exchange
• Adobe patches flaw in ColdFusion that opens Apps up to Attack
• Cisco Advisory - Information Disclosure Vulnerability in Multiple Cisco Products

Awareness, Education and Intelligence

• Examining the SWIFT Bank Hack: An In-depth look at the $81 Million Cyber Attack
• Locky Developers Upgrade Ransomware's Ability to perform Offline Encryption

Reports

• CheckPoint Report: Malicious Websites visited every 5 Seconds by Enterprise Workers
• Web Foundry Report: UK Schools must invest in Online & Encrypt Sensitive Data
• AlienVault Research: 76% of security pros believe Threat Intelligence should be Shared