Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Introducing the Defensive Framework for Spear Phishing (PhishLabs)
Spear phishing is the preferred attack method for advanced threat actors. Well-crafted spear phishing attacks easily slip past layers of defenses and target the only vulnerability that cannot be patched – people. The vast majority of headline data breaches in recent years have all begun with spear phishing attacks. If your organization has intellectual property, customer data, or critical systems that are valuable, your employees are being targeted with spear phishing emails.
- Inside Target Corp., Days After 2013 Breach (Krebs on Security)
In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses. The results of that confidential investigation — until now never publicly revealed — confirm what pundits have long suspected: Once inside Target’s network, there was nothing to stop attackers from gaining direct and complete access to every single cash register in every Target store.
- IBM tackles 'shadow IT' with a new cloud security tool for enterprises (CSO)
If there's one thing that can strike terror into a CIO's heart, it's the security implications of the cloud; if there's another, it's the "bring your own" technology trend. Combine the two, and you've got the motivation behind IBM's new Cloud Security Enforcer.
- The OPM breach deepens: 5.6 million federal employees' fingerprints stolen (ZDNet)
It took weeks before the Office of Personnel Management (OPM) admitted that almost 22-million federal employee personnel and security records had been cracked in two separate attacks. Months later, the OPM and Department of Defense (DoD) confessed that "Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million."
- Global Security Spend Set to Top $75bn in 2015 (Info Security)
Global spending on information security is set to grow by close to 5% this year to top $75bn, according to the latest figures from analyst Gartner.
- Chinese leader denies hacks, opens door for cybersecurity accord (CNET)
Security researchers say they have uncovered clandestine attacks across three continents on the routers that direct traffic around the Internet, potentially allowing suspected cyberspies to harvest vast amounts of data while going undetected.
- Malware Warning: Banks, Customers, ATMs Under Fire (Bank Info Security )
The new warnings center on three types of unrelated malicious code. For starters, malware has been spotted in the wild that is being used to drain cash from ATMs in Mexico, although security researchers warn that it could go global. The Shifu banking Trojan, meanwhile, has moved beyond Japan and is now being used to target customers of four U.K. banks. Finally, the notorious Neutrino crimeware has gotten an upgrade, allowing it to scrape POS device memory and steal payment-card data.