The week in security: Banks threatened as Bitcoin recovers, FBI buys MS data

Banks are used to being targeted by malware authors, so the reports that Hesperbot malware was targeting Australian banks was no surprise. Yet not even the military is immune from the human factor, it appears, after a US Army commander's attempt to demonstrate people's susceptibility for phishing emails went horribly wrong as the mail was instantly forwarded thousands of times across the US government.

Also in US government news, US officials reported that the controversial site is mostly secure, and said that the NSA's surveillance activities are targeted efforts rather than bulk collection projects.

Ditto the FBI, apparently, which according to hacker group the Syrian Electronic Army is buying access to information on the software company's customers. Little wonder many are pointing out the hypocrisy of the world's biggest software companies beating on the drum of consumer privacy protection – particularly as technologies like Google Glass bring new meaning to the phrase 'personal information'.

A US beauty retailer said it had suffered a data breach after a project to update its point-of-sale terminals. Little wonder that business leaders believe better education for responding to cyber attacks would go a long way.

Those attacks are exactly the type of activity that, state privacy commissioners are arguing, will make organisations "more transparent" about the way they manage personal information. They may also increase the opportunities for security consultants, based on a survey finding that most organisations seek external help after security breaches.

In many cases, security concerns are pushing companies towards high-security cloud-storage applications like SpiderOak, which is seeing a surge of interest in encryption tools it offers to let companies store completely unencryptable data in its cloud service. Google, too, is boosting security by tightening the security of its Gmail service. And, while it's targeting games and apps developers, encryption company Wickr is selling a very similar story as online trust continues to suffer.

There were moves to improve security, too: for example, a virus author known as Diabl0 was arrested in Bangkok after Swiss authorities requested he be extradited to face a bevy of charges.

Speaking of legal problems: Bitcoin software providers are working to proactively improve its security features even as Mt Gox appeared to have found $US116m ($A128m) worth of lost Bitcoin and a Linux worm diversifies to mine Bitcoin and other cryptocurrencies.

Those wanting to improve corporate information security need to consider new methods for detecting and dealing with insider threats, while figures suggest a change of browser might not hurt either: Firefox was handily pwned the most in the recent Pwn2Own hackfast, although some warn against reading too much into the results. After all, things are getting hacked all the time – including game company Electronic Arts, which suffered a hack as part of a phishing scheme to steal Apple IDs and credit card numbers. Even Chrome is being manipulated as Turkish Internet users add a simple browser app to circumvent the Turkish government's newly imposed ban on Twitter.

Windows XP, too, is under fire as the world heads towards the April 8 deadline for withdrawal of official support for the platform by Microsoft. XP users are already attacked six times more frequently than Windows 7 users, according to one reading. It's enough to make you revisit your security if you have XP-based systems that you can't replace, or just don't intend to.

Windows isn't the only operating system under fire: researchers discovered a Unix-based server botnet that is using malware to spread spam and steer 500,000 Web users per day towards malicious online content. Another piece of malware was found to have used screen-grabbing techniques to steal 5400 patient records. A fake Tor Browser app has been in Apple's iOS App Store for months but the company won't remove it, according to reports.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AppleElectronic Arts AustraliaFBIGoogleLinuxMicrosoftNSAUS Army

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts