Top 7 Cybersecurity Stories This Week 11-11-2016
Tesco Bank has reported that about 40,000 accounts saw suspicious transactions over the weekend and half of those had money taken. The bank is currently blocking customers from making online payments using their debit card, although they are still able to transfer between accounts. A security consultant said that this could be an unprecedented breach at a British bank. At this point, little detail has been released on the nature of the attack, but it involves tens of thousands of victims within a 24-hour period in what appears to be an automated process. Read more.
Hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks, masquerading as retail chains like Dollar Tree, Foot Locker, Dillard’s, Nordstrom, Zappos, Polyvore, Jimmy Choo and more. While some of these apps appear to be relatively harmless, there are serious risks to using a fake app, including disclosing financial and personally identifiable information and exposing your device to malware. Many of the fake apps have red flags signaling that they are not real such as nonsensical menus written in butchered English, no reviews and no history of previous versions. Read more.
Election news is top of mind this morning as voting heats up. Steve Ragan of CSO is publishing continuous coverage of today’s election as it relates to security, stating that “the fear of security incidents, including network compromise or denial-of-service, are stackedup alongside concerns over voter suppression and rigged counts, which has voters, pundits and election officials on edge.” So far this morning there have been reports of power outages at polling places and broken scanners, contributing to long lines at the polls. Read more.
Residents of two apartment buildings in Lappeenranta, Finland, were left in the cold this weekend due to a DDoS attack. CEO of Valtia, the company that manages the apartment buildings, confirmed that the central heating and hot water systems in both buildings had been attacked. In an attempt to fight the attack off, the systems rebooted and then became stuck in and endless loop. Read more.
TechCrunch wrote that “the short-term prospects for the tech economy and Silicon Valley are grim,” citing that while manufacturing jobs may benefit from a Trump presidency, the technology firms in Silicon Valley may have a tougher time due to restrictions on global trade, immigration and renewable energy. Finally, TechCrunch asserts that the Trump plan to address the issue of cybersecurity, “is incredibly and perhaps dangerously vague.” Read more.
Madison County, Indiana, suffered a widespread ransomware attack that shut down virtually all county services last week, and over the weekend they decided to pay the ransom. The commissioner did not reveal the amount of the ransom but did suggest it was a small amount, stating that the county was following the instructions of its insurance carrier. According to Ars Technica, the ransomware did not affect emergency services or voting systems but did impact courts and county offices across the county. Read more.
A new social engineering campaign is sending out emails purporting to come from LinkedIn in an attempt to trick recipients into giving up personal information. The phony message claims there is a security issue with the user’s LinkedIn account and request the target provide personally identifiable information (PII) as, “a precautionary measure.” One tipoff for the scam is that the sender’s email address will not match with legitimate LinkedIn email address, as well as the fact that users are asked to upload PII to a Dropbox account. Read more.