Anonymous DDoS’s Russia, Target’s IT learns not to ignore intrusion alerts the hard way, ESET discovers a Linux backdoor in the wild, Phisher’s cancer scare sets all time low and cybergang KVM gets convicted are this week’s #infosec top reads.
After a cyber attack took Russian government websites offline briefly, hacktivists among Anonymous came forward on Facebook to claimi they had masterminded the attack and crudely inferring that there's more to come. Is this and a trending sequence of events following Russia's forced takeover of Crimeathat an indication that the Russia-Ukraine conflict has gone cyber? Is this how future wars will be fought in cyberspace?
A more thorough check on the alerts reported from a malware detection tool deployed by Target’s IT could have prevented the breach that put millions of customers at risk of identity theft at the start of 2014. The highly sophisticated and highly expensive technology was deployed last year, but when the breach was first detected, IT teams in India and Minneapolis failed to take action.
There's no technology on this earth that is entirely immune to a breach in security, and despite opinions otherwise, Linux is no exception. Operation Windigo is a Linux-capable backdoor Trojan that has infected several hundred thousand computers worldwide. Claims that the sky is falling are, like claims that Linux OS was totally secure, silly.
An attack launched on March 13 distributed emails telling people that a blood sample suggests they might have cancer. Masquerading as a message from the National Institute for Health and Care Excellence, the phishing attack launches a Trojan once the understandably distressed recipients click the phony test results attached to the email.
Three men were tried and two were found guilty of cyber crime, making for a combined total of thirteen men who have all been convicted. Called 'KVM' for using a keyboard, video, mouse switch device to remotely access bank accounts, they stole millions from several different banks until they were caught in September of last year. Security experts noted that the convictions are a lesson in taking measures against, "the social engineering aspect of cyber attacks that many organizations ignore."