Cybercrime gang adds new tactics to credit card data-stealing campaign*:


  • The FIN8 cybercrime group was first identified in January 2016, and typically targets point-of-sale (POS) systems with malware attacks designed to steal credit card information, which is then sold on for profit on dark web underground forums.


  • FIN8 appeared to disappear for two years before re-emerging in June. The group seems to have started where it left off, continuing to evolve and adapt malicious tools to improve the success of its campaigns.


  • Hundreds of organizations are thought to have fallen victim to FIN8 campaigns since the group first emerged.


  • The latest evolution of FIN8’s attacks has been detailed by cybersecurity researchers at Gigamon. The security company has uncovered Badhatch — a previously-unreported form of malware used as part of the financial-hacking group’s latest campaign.


  • Researchers have managed to reverse-engineer the malware and uncover its capabilities; it looks to work alongside other backdoors used by FIN8.


  • Security researchers have noted that Badhatch shares similarities with PowerSniff, another malicious malware, but also contains a number of new capabilities.


  • These include the use of a different command and control communication protocol and an added ability to inject commands into processes, as well as the flexibility for more tooling to be added at a later date if required.




  • For FIN8 and other financially-driven criminals, simple malware attacks targeting point-of-sale systems remain a lucrative opportunity because in many cases, they’re running on legacy software which is difficult to patch — if it can be patched at all.


*Source: ZDNet, July 23, 2019



Will Facebook’s encrypted future win back trust?*:


  • With the amount of security and trust struggles Facebook has faced recently, some people might find it strange that Facebook is embracing encryption.


  • Some have speculated that this strategy shift is merely an apology. Others might even ask, “Why would a company that’s had so many public privacy struggles make this their next move?”


  • To answer this question, it all comes down to business. Facebook needs to attract users and win back their trust after seeing many people leave the social network.


  • According to a study from Edison Research, the platform has declined by 15 million users over the past two years.


  • The company is not alone in their privacy woes – there has been a general cultural shift in the way people view most large tech companies that connects to how many of them handle personal data.


  • Amid reports of declining trust and an ongoing investigation, Facebook has done well financially. Many of those gains have been a direct result of the success of Instagram and the platform’s Stories feature.


  • Not only is the company shifting focus to security, but they are also embracing interoperability between messaging platforms. Focusing on mobile messaging is a smart move for the company.


  • Nearly 2.5 billion people around the world will use mobile messaging apps by 2021. Not only do those users have a wide variety of apps to choose from, but they also are most likely share personal or sensitive information.


  • Risks aside, Facebook could see long term benefits from their new strategy. In order to truly win back the trust of users, the company needs to ensure that they implement end-to-end encryption without any hidden caveats, and they must allow users to opt-in to their interoperability while giving them complete control.


  • If the social network properly encrypts their messaging platform, clearly communicates what will happen with metadata and allows users to opt-in to certain features, they could potentially win back former users and regain trust.

*Source: securityinfowatch, July 23, 2019


Louisiana Declares Cybersecurity State of Emergency*


  • Louisiana is no stranger to declarations of emergency, but it never had one for a cybersecurity emergency — until this week.


  • A series of attacks on school districts around the state-led Governor John Bel Edwards to issue the declaration that brings new resources and statewide coordination to what had been a collection of local cybersecurity events.


  • By issuing the formal declaration, the governor allows statewide resources from the Louisiana National Guard, Louisiana State Police, Louisiana Office of Technology Services, and Louisiana State University, led by the state Office of Homeland Security and Emergency Preparedness, to be brought to bear on defense, analysis, and remediation efforts.


  • This is not the first time a state emergency declaration has been issued for cyberattacks; in 2016, Colorado Governor John Hickenlooper declared a state of emergency due to attacks on that state’s department of transportation.

*Source: darkreading, July 25, 2019


Over 23 million stolen credit cards are being traded on the Dark Web*


  • Over 23 million credit and debit cards were on offer in underground forums in the first half of 2019, researchers claim.


  • On Thursday, cybersecurity firm Sixgill released its Underground financial fraud report, documenting the trends and trades taking place in the Dark Web in relation to stolen financial data.


  • The research team said that out of the 23 million cards, nearly two out of every three originated in the United States, and while the US accounted for roughly two-thirds of stolen information, no other nation claimed more than 10 percent.


  • Following the US was the United Kingdom as a popular source of stolen data whereas in comparison only 316 credit cards on sale came from Russia.


  • In total, 57 percent of stolen financial records were related to Visa cards, followed by Mastercard at 29 percent. AMEX accounted for 12 percent.


  • You can pick up stolen credit card data for as little as $5. Dumps containing potentially thousands of numbers usable in the creation of clone cards for physical purchases are common, but the most valuable commodities are records also containing CVV numbers — the three-digit security code found on the back of payment cards.


  • Cybercriminals are also willing to shift their wares to other channels in response to market closures. The report says that Instant Relay Chat (IRC) and encrypted platforms, such as Telegram, are also providing a way for stolen data to be traded.

*Source: zdnet, July 25, 2019


Governor Cuomo Signs Legislation Protecting New Yorkers Against Data Security Breaches*


  • Governor Andrew M. Cuomo today signed legislation to protect New Yorkers against security breaches.


  • The Governor signed the Stop Hacks and Improve Electronic Data Security – or SHIELD – Act (S.5575B/A.5635), which imposes stronger obligations on businesses handling private data to provide proper notification to affected consumers when there is a security breach.


  • “As technology seeps into practically every aspect of our daily lives, it is increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure,” Governor Cuomo said.


  • In late July 2017, one of the three main credit reporting agencies, Equifax Inc., experienced a major data breach involving personal information, including social security numbers.


  • A growing number of states already require reasonable data security protections without imposing duplicate obligations on those already subject to other federal or New York State data security regulations and without imposing excessive costs on small business.

*Source: inc, July 19, 2019