Wednesday 27 May 2015

IRS Admits 100,000 Records Fraudulently Downloaded

Tax authorities in the US have revealed that the personal tax records of up to 100,000 people have been stolen. 
The Internal Revenue Service (IRS), the Federal government's tax collecting authority, said yesterday that criminals used a system called “Get Transcript” to illegally download the tax details.
The transcripts can be used to claim fraudulent tax refunds.
The thieves had to negotiate an authentication system that included taxpayers' names, dates of birth, street addresses and Social Security (national ID) numbers. This kind of data about individuals is reportedly available for sale on the dark web.
IRS commissioner John Koskinen insisted that this was not the work of amateurs. “These actually are organised crime syndicates that not only we, but everybody in the financial industry, are dealing with,” he said.
Despite safeguards, the IRS believes that it paid out US$5.8 billion ( £4 billion) in fraudulent tax refunds in 2013. It blames organised crime in the US and abroad for around 80 percent of fraud.
What do you know about the dark web?

Friday 15 May 2015

Starbucks Denies Hack & Blames Customers

Hackers have successfully exploited a smartphone application used by the customers of  Starbucks. The "rewards card" app allows users to pay for coffee and food with pre-loaded "rewards cash," using saved customer credit or debit card data, as well as other saved identity information.

Without initially knowing specific card details or account numbers, hackers were able to access Starbucks customers' rewards cards via the compromised app. They could then trace the data backwards to gain access to users' personal data, and reuse their credentials for subsequent attacks, specifically using the "auto top-up" feature which automatically adds cash value to the card from a linked bank or credit card account. Hackers were able to repeatedly "top-up" hacked accounts using this flawed feature.Cited SC Magazine 
However don't worry Starbucks have got it all sorted - this won't happen again...Well as long as there customers start to 'protect their security' more. In a statement made by Starbucks;
"Starbucks takes the obligation to protect customers’ information seriously. News reports that the Starbucks mobile app has been hacked are false...Occasionally, Starbucks receives reports from customers of unauthorized activity on their on-line account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information." cited The Register 
Now that strikes me as shifting the blame to their customers, however it should be noted that if you are located out of the US then you haven't been affected...yet!
There is a fine line between corporate responsibility and the end user but as they say 'the customer is always right'. Maybe it is time for Starbucks (and others!) to start educating their customers on Security or taking a more robust approach to such matters. What are your thoughts? 

Monday 11 May 2015

How Security Aware Are You?

According to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time* (source: McAfee Phishing Quiz, Intel Security).
Phishing and spear phishing have become increasingly popular attack strategies.  Today’s cyber criminals use phishing tactics to evade traditional spam and malware filters in order to wreak havoc on corporate infrastructures.

This goes back to our blog a few weeks ago around creating security awareness and bridging the gap between Security and end users (including/especially board members) can be a key ingredient to growing the budget and essentially creating a common language that is understood and put into practice. 
Initiating a corporate IT security responsibility that is developed and continually built upon is a hard subject to tackle. At ZeroDayLab we are seeing more and more companies come to us for this kind of training and expertise as the increase in the use of social engineering as a key tactic for cybercriminals now puts staff at the centre of an effective IT security strategy.  Success now depends on a more holistic approach that doesn't uniquely centre on technology solutions.  Whilst they are a critical part of the strategy, hackers have become more personal in their approach, tailoring their targets to an organisation and its employees.  

Friday 8 May 2015

Warning: Rombertik Malware

Cisco-owned Talos Security Intelligence have discovered a new malware, named Rombertik. The malware lives on the victim's browser, in a way similar to a parasite, and exfiltrates login details and other sensitive piece of information to an external server. It also writes a byte of data to memory 960 million times so analysis tools get overwhelmed when reporting on it. 
The malware can intercept any text written in a browser including sensitive data and if discovered would render the computer unusable by trashing it and behaving like ‘wiper’ malware.
It is capable of duplicating itself and deploying in browsers such as Firefox, Internet Explorer and Chrome and seems a unique malware for it’s unique ability to avoid and resist capture.
How do you detect malware on your end-user devices?