ICYMI: GCHQ Password advice; Jihadi cabinet attack; Dridex hits UK; MS Irish data; ATM malware
In this week's In Case You Missed It (ICYMI): GCHQ advises on passwords; Jihadi cabinet attack 'avoidable'; CERT UK aids Dridex targets; Data jurisdiction dispute; Multi-vendor ATM malware
GCHQ sued by ISPs over state-sponsored hacking
GCHQ has told firms and individuals that many of the policies enforced around passwords by organisations seeking to bolster their cyber-security aren't that helpful.
It advised against changing passwords on a regular basis and admitted that its previous advice on measuring the strength of passwords won't make much difference to how well data and infrastructure are protected.
According to a report in the Daily Telegraph, British cabinet ministers' emails have been hacked by Jihadists in Syria, leaving cyber-security professionals wondering what really happened and speculating on how it could have been prevented. GCHQ has said that no security breaches occurred though the Telegraph said it has been told that emails were hacked and officials have been told to tighten security including changing passwords.
“If no security breaches occurred then how where emails compromised?” asked Cris Thomas, strategist at Tenable Network Security. Norman Shaw, founder and CEO at ExactTrak says the equivocation suggests : “...those involved are being a little economical with the truth to say the least and possibly trying to cover up a potential disaster,” adding, “...if data was accessed, it was a breach.”
CERT UK helped warn many intended victims targeted by the Dridex Trojan including UK government agencies and banks feature on a ‘hitlist' of 385 million email addresses used by the cyber-criminals.
Fujitsu first discovered the target list in March. Since then, it has been working behind-the-scenes with CERT UK to trace and shut down the server involved.
International legal wrangling continues over information housed in an Irish datacentre at the centre of a dispute involving Microsoft and the US prosecution service. American prosecutors have sought access to emails held on servers in Dublin as part of a drugs investigation by issuing a search warrant in the US itself; Microsoft says the legalities for such action should originate and take place on Irish soil.
A New York district judge ruled this year that Microsoft must hand over customer data to the US Government even though it's held overseas. America-based Microsoft has insisted that if this power were granted to the American law enforcement services, it could lead to a "global free-for-all" that eviscerates personal privacy, opening the door to other countries using their law enforcement powers to seize the emails of Americans held in the United States.
FireEye Labs said that it has discovered the first multi-vendor ATM malware specifically targeting cardholders. The malware –Backdoor.ATM.Suceful, or SUCEFUL – appears to have been created on 25 August, and was recently uploaded to VirusTotal from Russia, and could possibly still be in its development phase, a Friday post said.
In Diebold or NCR ATMs, SUCEFUL is potentially capable of reading all credit and debit card track data, reading data from the chip of the card, and suppressing ATM sensors to avoid detection, the post said, adding that control of the malware could also be possible via the ATM PIN pad. It is also capable of retention or ejection of the card on demand, which could be used to steal the physical card.