The week in security: Banks threatened as Bitcoin recovers, FBI buys MS data

Banks are used to being targeted by malware authors, so the reports that Hesperbot malware was targeting Australian banks was no surprise. Yet not even the military is immune from the human factor, it appears, after a US Army commander's attempt to demonstrate people's susceptibility for phishing emails went horribly wrong as the mail was instantly forwarded thousands of times across the US government.

Also in US government news, US officials reported that the controversial site is mostly secure, and said that the NSA's surveillance activities are targeted efforts rather than bulk collection projects.

Ditto the FBI, apparently, which according to hacker group the Syrian Electronic Army is buying access to information on the software company's customers. Little wonder many are pointing out the hypocrisy of the world's biggest software companies beating on the drum of consumer privacy protection – particularly as technologies like Google Glass bring new meaning to the phrase 'personal information'.

A US beauty retailer said it had suffered a data breach after a project to update its point-of-sale terminals. Little wonder that business leaders believe better education for responding to cyber attacks would go a long way.

Those attacks are exactly the type of activity that, state privacy commissioners are arguing, will make organisations "more transparent" about the way they manage personal information. They may also increase the opportunities for security consultants, based on a survey finding that most organisations seek external help after security breaches.

In many cases, security concerns are pushing companies towards high-security cloud-storage applications like SpiderOak, which is seeing a surge of interest in encryption tools it offers to let companies store completely unencryptable data in its cloud service. Google, too, is boosting security by tightening the security of its Gmail service. And, while it's targeting games and apps developers, encryption company Wickr is selling a very similar story as online trust continues to suffer.

There were moves to improve security, too: for example, a virus author known as Diabl0 was arrested in Bangkok after Swiss authorities requested he be extradited to face a bevy of charges.

Speaking of legal problems: Bitcoin software providers are working to proactively improve its security features even as Mt Gox appeared to have found $US116m ($A128m) worth of lost Bitcoin and a Linux worm diversifies to mine Bitcoin and other cryptocurrencies.

Those wanting to improve corporate information security need to consider new methods for detecting and dealing with insider threats, while figures suggest a change of browser might not hurt either: Firefox was handily pwned the most in the recent Pwn2Own hackfast, although some warn against reading too much into the results. After all, things are getting hacked all the time – including game company Electronic Arts, which suffered a hack as part of a phishing scheme to steal Apple IDs and credit card numbers. Even Chrome is being manipulated as Turkish Internet users add a simple browser app to circumvent the Turkish government's newly imposed ban on Twitter.

Windows XP, too, is under fire as the world heads towards the April 8 deadline for withdrawal of official support for the platform by Microsoft. XP users are already attacked six times more frequently than Windows 7 users, according to one reading. It's enough to make you revisit your security if you have XP-based systems that you can't replace, or just don't intend to.

Windows isn't the only operating system under fire: researchers discovered a Unix-based server botnet that is using malware to spread spam and steer 500,000 Web users per day towards malicious online content. Another piece of malware was found to have used screen-grabbing techniques to steal 5400 patient records. A fake Tor Browser app has been in Apple's iOS App Store for months but the company won't remove it, according to reports.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about AppleElectronic Arts AustraliaFBIGoogleLinuxMicrosoftNSAUS Army

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts