Friday Five: 2/12 Edition
Happy Friday! Here’s our recap of the week’s top information security headlines.
1. PIN-stealing IRS attack affects 100,000 taxpayers by Paul Ducklin
With the U.S. tax filing deadline just two months away, it’s officially tax season – prime time for tax fraudsters and cybercriminals. Recent years have seen huge spikes in tax fraud during this season, such as last year’s campaign in which attackers used information from previous breaches to steal additional information on 100,000 taxpayers from a web-based IRS system and then file fraudulent returns on a wide scale. Despite tax season having just begun, it seems the same type of attacks are taking place again. On Tuesday, the IRS made an announcement that an automated malware attack was discovered using previously stolen taxpayer data in attempts to steal E-file PINs required for authentication when filing online. For more on the latest tax fraud campaign, read this article.
We all recall the Sony Pictures hack of late 2014; it remains one of the most publicized and talked about data breaches of all time. While it may have seemed that the attackers – who were believed to be acting on behalf of the North Korean government – went dark after the incident, recent research seems to indicate otherwise. This week, researchers from Kaspersky and AlienVault Labs published reports claiming to have traced the hackers to a string of similar attacks that have taken place over the past year. Read the article by Kim Zetter for more.
The week started off with the announcement that Russia’s FSB had arrested leader members of the cybercrime gang behind the Dyre banking Trojan. The takedown took place last November, but details are still sparse as the investigation remains underway. While the arrests may help to hamper further efforts by the gang, much of the damage has already been done. According to IBM, the cybercriminals used Dyre to steal “tens of millions of dollars from businesses and banks” and accounted for “a quarter of all financial cybercrime in 2015.” For more on the FSB’s Dyre takedown, read the article.
There has been much discussion – largely criticism – of Internet of Things security in recent months; from concerns over webcam snooping to data leaks from connected devices like FitBit and Nest and more. However, this week brought some encouraging news on the IoT security front: the GSM Association – an association of mobile technology organizations dedicated to developing standards for GSM phone systems – published a set of security guidelines for makers of IoT technology. With standardized guidelines, the GSMA hopes to establish a set of requirements that IoT makers can be held to when producing and selling new technology. For more on this new development in IoT security, read the article.
In a throwback to Barnaby Jack’s 2010 Black Hat USA demo in which Barnaby was able to hack two ATMs to spit out cash using a technique he dubbed “Jackpotting,” this week brought news that a new piece of malware was found to be doing the same in the wild. The malware is a banking crimeware package called Metel, and according to reports it incorporates “sophisticated techniques” that are typically employed by state-sponsored attackers running APT campaigns. For more details on how Metel works as well as some of the damage it has caused, read the article.