Issue 66 - Week of May 23rd

1.       $12.7 Million gone in just 3 Hours: In just three hours, over 100 criminals managed to steal US$12.7 Million from around 1,400 ATMs placed in small convenience stores across Japan. The heist was carried out using cloned credit cards that contained bank account details obtained from Standard Bank in South Africa. This incident shows a sophisticated move by a group of criminals who stole the critical card data, but rather than using it immediately, it kept the data safe and used effectively when least suspected.

2.       Philippines bank hit by SWIFT hacking group allegedly linked to North Korea: SWIFT Bank Hackers have attacked another bank in the Philippines using the same modus operandi as that in the $81 Million Bangladesh Bank heist. Security researchers have found evidence that malware used by the hacking group shares code similarities with the malware used to hack Sony Pictures - which is attributed to the North Korean hacking group known as Lazarus. Head of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) promised to improve payment system security with new programs and tighten the guidelines for auditors and regulators.

3.       Ecuador Bank hacked — $12 Million stolen in an attack on SWIFT system: As with the Bangladesh case, hackers managed to get the bank’s codes for using Swift before committing the crime. The victim- Banco del Austro, filed a lawsuit in New York federal court this year, accusing Wells Fargo & Co. of failing to  notice red flags. In all the SWIFT related hacks - it turns out that the security of SWIFT itself was not breached, but cyber criminals used advanced malware to steal credentials of bank’s employees to commit the crime before covering their tracks.

4.       LinkedIn data breach - the company responds: Four years after being breached and data being posted online recently - the company decided to respond last week. The company send out an email to all affected users and it basically accepted that there was breach and the company has invalidated all passwords that were set prior to the breach. Sample in the image below. Experts strongly recommend that users change their passwords on a regular basis, not to share passwords across multiple sites and not to use official email address on such sites.

5.       Reddit forces password reset of 100,000 users: Reddit is enforcing the reset of 100,000 user accounts in the wake of a stream of hacked accounts such as the LinkedIn data breach which led to the release of data belonging to millions of users. Reddit itself has not been compromised. Rather, password dumps, weak password choice and reusing the same account credentials for different sites are contributing to the problem.

6.       Google to kill passwords by 2017: The top 3 passwords emerging out of the massive LinkedIn breach are: "123456","LinkedIn" and "password". It is hilarious that people still choose terrible passwords to protect their online accounts. Google is working on a new password-less authentication method called Trust API, in which Google intends to use biometrics data – like typing patterns, current location, voice, facial recognition and more – to derive a 'Trust Score'. This Trust Score is then used to authenticate you without any need to enter a password or PIN.

7.       Locky Ransomware hits Maharashtra Mantralaya: Locky Ransomware, which has created havoc in the world, has locked 150 computers in Revenue and Public Works Department of Mantralaya in Maharashtra - the administrative headquarters of the state government. The infected machines have been isolated and sent for forensic analysis. Officials suspect the malware made it into the network thru a SPAM email. Locky is a sophisticated malware - it uses AES to encrypt and domain generation algorithm (DGA) to evade. A good web security solution along with good security practices helps in blocking such ransomware.

8.       Be careful if you are using a wireless keyboard: Last year, a white hat hacker developed a cheap device - called KeySweeper- that looked and functioned just like a generic USB mobile charger, but covertly logged and reported back all keystrokes from Microsoft wireless keyboards. The nasty device would work even after it is unplugged because of its built-in rechargeable battery. The primary method of defense is either to restrict the use of wireless keyboards, or to use keyboards that use the Advanced Encryption Standard (AES) encryption technology.

9.       Widely-used patient care app found to include hidden 'backdoor' access: An clinical application suite designed to help clinical teams manage patients ahead of surgical operations includes a hidden username and password, which could be used to access and modify patient records. The hard-coded credentials in Medhost's Perioperative Information Management System (PIMS) have not been publicly disclosed, but if known could allow an attacker to "backdoor" the app to read or change sensitive information on patients. A newer version of the software is now available that removes the credentials.

10.   USB-Charging can Expose Smartphones To Infection: When charging phones from unknown points or public booths - a handshake takes place between the phone and PC and a lot of data is revealed to the computer -- including device name, manufacturer, type, serial number, and electronic chip ID. This info can be used by interested parties or cybercriminals for collecting data on a user and to transfer malware.