Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Feedly fights against DDoS attack (Feedly)
Faced with a DDoS extortion threat, Feedly decided not to pay up. It may be more painful in the short term, but it is the right decision in the long run. Attackers depend on victims not fighting back. If you can prove you're a hard target, you're less likely to be targeted in the future than victims that pay up. Some additional thoughts on handling DDoS extortion.
Soon after a report of payment card data stolen from P.F. Chang's being up for sale on an underground "dumps" shop, the restaurant chain announced they had indeed been breached. Unlike other breach victims, P.F. Chang's decided to move back in history by switching to manual card imprinting and dial-up card readers to protect diners. Not ideal, but better than using a compromised payment system.
- FCC to push network providers on cybersecurity (ComputerWorld)
According to FCC Chairman Wheeler, the agency will be pressuring ISPs to implement better measures to protect DNS, prevent IP hijacking (like BGP hijacking), and deal with botnet infrastructure in their networks.
- 14-Year Olds Hack ATM with Default Password (Darknet UK)
One lesson here is to always make sure changing default passwords is a part of provisioning and deployment operations. Another lesson is to frequently check high risk systems (like ATM machines!) to make sure this sort of obvious vulnerability is not overlooked.