Top 7 Cybersecurity Stories This Week 10-21-2016
On Friday, NBC News reported that the CIA is preparing for a possible cyber attack against Russia in retaliation for alleged Russian interference in the U.S. presidential election. Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging "clandestine" cyber operation designed to harass and "embarrass" Russian president Vladimir Putin. Read more.
According to new findings from the Payment Card Industry Security Standards Council (PCI), businesses in the U.K. could face up to £122 billion in fines for cybersecurity breaches in 2018. The increase in fines would come as part of new EU legislation, which will set regulatory penalties for security breaches at 4 percent of global turnover, to a maximum of £18 million. Business Insider UK reported that in 2015, 90 percent of UK large organizations and 74 percent of small businesses reported a breach, according to PCI. Read more.
Researchers discovered a new strain of the Acecard Trojan malware that cons users into taking selfies while holding up government-issued IDs. The researchers say that the malware disguises itself as a video codec, Flash plug-in, or an app for Porn Tube. According to Tech Spot, once on the device, the malware shows a phishing overlay that pretends to be Google Play asking for a credit card number. This is followed by requests for name, date of birth, phone number, card expiration date, and CCV. Read more.
After the release of the source code, the Mirai malware has gone to infect twice as many devices. “The total number of IoT devices infected with the Mirai malware has reached 493,000, up from 213,000 bots before the source code was disclosed around Oct. 1, according to internet backbone provider Level 3 Communications,” reports CSO. Read more.
A man identified as a Russian hacker suspected of pursuing targets in the U.S. was arrested in Prague. The suspect, whose name was not released, was captured in a raid at a hotel in central Prague on October 5. Czech police worked in collaboration with the FBI after Interpol issued an arrest warrant for him. According to police spokespeople, the arrest was not announced immediately “for tactical reasons.” Read more.
If you've donated to Senate Republicans in the past six months, criminals have likely skimmed your credit card. Dutch security researcher William de Groot discovered that the storefront of the National Republican Senatorial Committee (NRSC) contained malware that siphoned off every credit card number that was entered since March. De Groot said attackers used vulnerabilities and weak passwords to inject the malware into the thousands of sites. Read more.
U.S. regulators unveiled an initial plan to bolster the ability of the country’s largest banks to withstand a major cyberattack, a move aimed at protecting the U.S. financial system in the event of a technology failure. The plan, released jointly by the Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency, would strengthen the way agencies oversee how large U.S. banks and foreign banks operating in the U.S. with $50 billion or more in assets manage and address threats to cybersecurity. Read more.