Ransomware and Information Theft
Money is always the main motivation for cybercrime. We have seen how this can be done in a variety of ways: through Ransomware, by stealing information from businesses and users, and sometimes by specifically targeting banks.
Team Skeet, a website that distributes pornographic videos and belongs to the Paper Street Media network, recently suffered an attack where data belonging to 237,000 users was stolen including physical addresses; this sensitive information is being sold on the black market for an excessive price ($400 per credential, a total value adding up to almost $95 million dollars).
In another incident of information theft, contact information for 1,100,000 users was stolen from the website beautifulpeople.com, leaving users’ information exposed. Acer also fell victim to an attack on their ecommerce site where data was stolen from 34,500 of their users. The most serious point about this case is that their site was compromised for nearly a year without their knowledge.
All of these attacks have something in common: a large payment to recover stolen information without a guarantee that everything will be returned.
A Rise in Attacks against PoS Terminals and Financial Entities
Another widespread and popular theft tactic is through Point of Sale (PoS) terminals, such as PunkeyPOS. Pandalabs discovered this malware that infected more than 200 restaurants in the United States and stole information from credit cards used in those establishments.
What is the most succulent theft that we have spoken of thus far? The only thing that gives a more lucrative result is to directly rob the banks, something that happened to the Central Bank of Bangladesh, where hackers were able to successfully transfer 81 million dollars. Subsequently, two similar cases occurred: one against a bank in Vietnam and another against a bank in Ecuador.
Security Breaches in Mobile Devices and the IoT
It seems like Google has gone full throttle when it comes to patching all security holes in its operating systems, with monthly updates that fix all newly discovered vulnerabilities. Even so, the improvements made by the technology giant cannot prevent Android from becoming a dangerous ecosystem as attacks increase exponentially.
At the same time, PandaLabs predicts that businesses will gradually increase spending onthe IoTs. The consultant Gartner publicized an interesting report on security in the Internet of Things. In this document, they predicted that 25% of the attacks suffered by businesses will involve IoT devices by 2020. It is expected that in 2016, 6.4 billion of these devices will be connected to the net (30% more than 2015) and in 2018 they calculate that the number of these devices will be over 11.4 billion.
The Advancing Cyberwar
When we are discussing cyberwar in the majority of these occasions, we are talking about attacks that are probably sponsored by different countries, even though it is rare to find evidence that confirms who is responsible for the attack. However, the United States went on the offensive and acknowledged that they are launching cyberattacks against ISIS.
We learned of another cybersecurity incident in the month of June, when South Korea’s police department publicized an attack from North Korea. It seems that the attack began over a year ago, focused on 140,000 computers belonging to organizations and government agencies, as well as defense contractors. This attack was not discovered until this February. According to police, more than 42,000 documents were stolen in which 95% of them were defense-related, for example the plans and specifications of the American F15 fighter plane’s wings.
