Recently there have been numerous reports of people losing their bitcoins to hackers and malware as bitcoin’s price continues to grow in value. It is safe to assume that organizations and individuals trying to steal people’s bitcoin reserves will persistently increase because the decentralized cryptocurrency becomes more valuable to thieves.
Also read: Rising Network Fees Are Causing Changes Within the Bitcoin Economy
‘Faster and More Lucrative Than Robbing a Suburban Bank’
At the time of writing one bitcoin is worth roughly $2900 as it has become a treasured digital asset. While bitcoin’s value has increased the number of people losing money to malware attacks and hackers cracking bitcoin accounts usually follows the price rise in unison. Just recently Cody Brown, founder of the virtual reality community Roomscale.org, lost $8000 worth of bitcoin held on Coinbase.
Brown’s attack vector was through Verizon where the hacker easily took over his cell phone number with a some “simple billing information.” After his phone was compromised the attacker swiped his Coinbase funds in less than fifteen minutes. Brown does detail that he did not use two-factor authentication with his email account, but feels that it shouldn’t be so easy to access Verizon information. He also believes that he may have been targeted after tweeting about bitcoin a week prior.
Source: As Bitcoin’s Price Rises Security Shouldn’t Be Taken for Granted – Bitcoin News
US TV manufacturer Vizio’s underhanded Big Data dealing may have just cost it $2.2 million but I think it is something we can unfortunately expect to see a lot more of.
The FTC this week announced that viewing data of individual households was monitored through a built-in spy device which used image recognition technology. Once every second, software in the Vizio TVs would read pixel data from a segment of the screen. This was sent home and compared against a database of film, television and advertising content to determine what was being watched.
The FTC has revealed that Vizio went further than this – matching data on what was being watched with IP addresses, and selling it, along with third party demographic data, to businesses and organizations with a need for audience measurement.
This week we heard that Vizio paid $2.2 million to settle the FTC complaint, agreed to stop collecting viewing data in this way, and to delete the data it had already collected from its servers. That might seem like a comparatively low figure, but this may be, as Vizio point out in their statement, because personally identifiable information wasn’t transmitted.
Source: Shocking: Smart TV Manufacturer Vizio Spies On Customers Using Advanced Big Data Analytics
Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts. While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.
Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. “It’s as bad as that,” said one source. “Worse, really.”
The announcement, which is expected to come this week, also possible larger implications on the $4.8 billion sale of Yahoo’s core business — which is at the core of this hack — to Verizon. The scale of the liability could be large and bring untold headaches to the new owners. Shareholders are likely to worry that it could lead to an adjustment in the price of the transaction.That deal is now moving to completion, but the companies cannot be integrated until it is approved by a number of regulatory agencies, as well as Yahoo shareholders. But representatives of Verizon and Yahoo have started meeting recently to review the Yahoo business, so that the acquisition will run smoothly once complete.
But there’s nothing smooth about this hack, said sources, which became known in August when an infamous cybercriminal named “Peace” said on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses.
Continue Reading: Yahoo is expected to confirm massive data breach, impacting hundreds of millions of users
Abbott Laboratories (ABT), a global manufacturer of healthcare product, announced the acquisition of St. Jude Medical (STJ) in April 2016. The $25 billion deal is now in peril after a recently-released cybersecurity report alleged that STJ’s pacemakers and defibrillators – part of a category that represents 50% of STJ’s revenues – were vulnerable to wireless cyberattack by hackers, jeopardizing the safety of thousands of device recipients.
The author of the security report, MedSec Holdings, fed their findings to Muddy Waters Research, an investment research firm that subsequently shorted STJ stock. This arrangement financially benefited Muddy Waters and Medsec when the damaging report was made public and the STJ’s stock price dropped more than 10%. As a result of the report, more shares of STJ were traded on the date of the cybersecurity report release than on the day the acquisition was announced in April. Muddy Waters and other short-sellers stand to profit even more if the deal falls through because of these cybersecurity lapse disclosures.
Public scrutiny around acquisitions has heightened for both companies involved in a deal. Senior leadership, including the Board of Directors, must ensure that cybersecurity due diligence is conducted as faithfully as any other diligence area. In a 2016 NYSE Governance survey, three-quarters of respondents said that a high profile data breach at an acquisition target would have serious implications on a pending acquisition. Moreover, more than half of the respondents said that a high profile cyber breach would diminish an acquisition target’s value. Cybersecurity risk can be viewed and managed as a risk amplifier of other categories like financial, operational and strategic risk. Though cybersecurity issues sometimes surface during the early diligence phase, it is more often the case that issues don’t become apparent until after the deal closes – during the integration phase – leading to integration delays, cost overruns, and, worse case, a breach.
Source: The Cyber Short: Cybersecurity Implications and Considerations for M&A
A hacker claiming to have breached an Amazon server has released more than 80,000 usernames and passwords belonging to Amazon users after the online retail giant failed to heed his warnings about vulnerabilities in its servers. The hacker, who goes by 0x2Taylor on Twitter, told the Daily Dot he had attempted to contact Amazon three days ago to bring to the company’s attention a significant security risk that he spotted in ones of its servers. Contained on the server were the usernames and passwords of over 80,000 Amazon Kindle users, along with a considerable amount of information linked to each account including: city, state, ZIP code, phone number, and the IP address from the user’s last login. ADVERTISEMENT Ox2Taylor said he tested a selection of passwords and confirmed they were valid.
Source: Apparent Amazon breach yields login credentials of over 80,000 Kindle users | The Daily Dot
Fast food chain Wendy’s announced in February that is was looking into a possible security breach. The franchise followed up in May confirming it found malware on its point-of-sale systems that was being used to nab credit card info. Stolen details were said to include including credit or debit card number, expiration date, cardholder verification value, and service code from less than 300 locations. Last month, the company provided and update that the investigation revealed the breach could be much worse due to a second cyberattack. Wendy’s gave another update on the situation this week, disclosing that over 1,000 locations had systems where the malware was installed. The company says that the malware has been disabled at all of the locations where it was discovered to be installed. Wendy’s explained that the breach likely originated from franchisees remote access credentials being compromised, giving the culprits the ability to install the software needed to swipe details from credit and debit card transactions. The investigation is still in progress, so more details could be on the way. “We will continue to work diligently with our investigative team to apply what we have learned from these incidents and further strengthen our data security measures,” said president and CEO Todd Penegor. For now, Wendy’s has posted a list of affected locations. If you made a purchase at one of those, the company is offering a year of fraud protection and identity restoration free of charge. Of course, it’s a good idea to take a glance at your recent statements even if your local restaurant isn’t on the list.
Source: Wendy’s says over 1,000 locations affected by credit card breach
Dive Brief: New data released by Kaspersky Lab last week found that the number of people who encountered ransomware during the last year increased by more than 500% over the previous year. Kaspersky researchers say the number of reported ransomware attacks jumped from 131,111 to 718,536 between April 2015 and March 2016. Meanwhile, the number of enterprise users attacked by ransomware jumped from about 7% of all ransomware victims to more than 13% a year later. Dive Insight: Ransomware continues to pose a significant threat to all types of institutions, both public and private. Earlier this month, the University of Calgary in Canada became the victim of a ransomware attack and paid about $16,000, or $20,000 CDN, to cyberattackers. In February, Hollywood Presbyterian Medical Center in Los Angeles paid the equivalent of $17,000 in bitcoins to a hacker to regain control of its computer systems.
Source: Kaspersky Lab: Ransomware attacks spike 500% in last 12 months | CIO Dive
Chinese hacking of corporate and government networks in the U.S. and other countries appears to be declining, according to computer-security experts at companies hired to investigate these breaches. ENLARGE The U.S. government has long accused Chinese hackers of widespread espionage into both corporate and government networks. PHOTO: REUTERS The drop-off is stark and may date back two years. Hackers operating out of China were linked to between 50 and 70 incidents that the cybersecurity company FireEye Inc. was investigating on a monthly basis in 2013 and the early part of 2014, said Laura Galante, the company’s director of global intelligence. Starting in October 2015, however, this tally dropped below 10 incidents and hasn’t recovered, she said. “We saw this decline start in 2014 and then another dip in 2015,” she said. FireEye rival CrowdStrike Inc. says that it, too, has noticed a drop in China-based hacking incidents. Chief Technology Officer and co-founder Dmitri Alperovitch said the decline occurred this year and may be caused by a sweeping reorganization of China’s military, announced earlier this year. “I would not necessarily assume that this is a long-term trend,” he said. RELATED FireEye Report: Redline Drawn: China Recalculates Its Use of Cyber Espionage President Xi Jinping’s Most Dangerous Venture Yet: Remaking China’s Military (Apr. 25) Mandiant’s APT1 Report: Exposing One of China’s Cyber Espionage Units Why One Cybersecurity Firm Says China Has Soured on Conventional Hacking (Apr. 22) Chinese Executive Pleads Guilty to Hacking U.S. Defense Contractors (Mar. 24) FireEye thinks the decline started earlier and resulted from multiple factors, including public scrutiny and pressure from the U.S. government. The U.S. government has long accused Chinese hackers of widespread espionage into both corporate and government networks. In 2013, security researchers at Mandiant, later acquired by FireEye, published a report detailing a widespread computer-espionage campaign, called “APT1,” that the company linked to the Chinese military. The U.S. government ramped up the pressure in 2014, when it indicted five Chinese military officers on charges of hacking into U.S. companies to steal trade secrets. None of those charged has appeared in the U.S. In March, Su Bin, a Chinese aviation executive, pleaded guilty to cyberespionage charges for attempting to steal data on Boeing Co.’s C-17 Globemaster III aircraft. Ahead of a visit to the U.S. by Chinese President Xi Jinping in September 2015, news leaked that President Barack Obama was considering sanctions against Chinese companies that benefited from hacking. China’s top security czar flew to Washington to hammer out an agreement, later announced by the two presidents, that China would stop supporting cyberespionage for commercial purposes.
Source: China-Based Hacking Incidents See Dip, Cybersecurity Experts Say – WSJ