Backoff point-of-sale attacks, Disconnect app gets disconnected, SOX gets ignored, celeb cyber scandals, and advances in detecting SMS phishing are on this week’s Top 5 #InfoSec Reads.
Kaspersky Labs believes that the number of point-of-sale terminals in the United states that are infected with Backoff malware infection count could over a thousand. This estimate is based on their analysis of sinkholed C&C servers that Kaspersky estimates represents 5% of the command infrastructure. Backoff is one of several malware that have recently targeted point-of-sale terminals and these have raised awareness of how poorly secured measures and vulnerable these terminals are. Why does it feel like all the innovation appears to be on the lawless side of the fence?
Google took down an app that monitors other apps on Android phones and prevents them from collecting data. Google policies prohibit one app from interfering with another, and the founders of Disconnect believe Google mistook the app as an ad-blocker. Disconnect claims its app protects from invisible tracking and malware and notes that Apple allows the iPhone version in its store. Ad-block apps are generally used to avoid annoying spam, but ads are a driving force of cyber economics. They’re also one of the easiest malware-delivery-systems, as they can be tailored to guarantee clicks. Innovations that work against malware are too few to be suppressed. Fortunately for users, the Google Play store isn’t the only place (or way) to download Disconnect.
Despite its helpful guidelines in addressing insider threats, and despite its being federal law, most IT and security professionals are not compliant with the SOX act (Sarbanes-Oxley). If technology is the first defense against cyber-attack then government security regulations are the rulebooks. It’s no wonder companies like Target and other retailers were breached if they weren’t even meeting minimum security requirements from the regs, and it’s no wonder that 2014 has been baby-town frolic for anyone with a malware toolkit.
For the scant few who sequester themselves to information security news only, a few prominent female celebrities had risqué photos stolen and revealed to the public. This variety of cybercrime is visited on women of all ages regularly, but, no surprise, this case got the notice of the FBI. Jeremiah Grossman’s written a great set of security tips for celebs who weren’t victimized by “selfie-gate”
Was that difficult to read? Researchers from Symantec have written an academic paper to demonstrate that using lexical variants (variations of how humans spell, abbreviate, shorthand…) is a potentially useful way to seed out SMS spam from real text messages with low false positive rates. The academic paper is available at Cornell University Library.