ICYMI: UK data breaches, Carbanak and Royal Navy threats
This week's ICYMI looks at the top stories on SC this week, including new reports on UK data breaches and the Carabanak cyber-crime gang.
Are anti-malware solutions good enough?
Over a billion records were compromised last year as data breaches became a regular occurrence, especially in the UK, according to a new report.
The latest Breach Level Index from Gemalto's SafeNet revealed that the number of compromised data records increased by a staggering 78 percent to just over one billion in 2014, with data breaches also on the up, rising 49 percent year-on-year to 1,541 incidents.
The report is particularly bad reading for UK businesses and their IT security departments, as it concluded that the country was the worst in Europe, and the second worst in the world, when it came to the sheer number of breaches last year.
Citing high-profile examples such as Mumsnet, Moonpig and Axa Healthcare, Gemalto revealed that there were 117 breaches in the UK last year, compared to just 9 in France and 8 in Germany. To put this figure in context, there were 190 breaches in Europe as a whole, meaning the UK's portion accounted for over 60 percent.
Comments received from SC readers did point out that an alternative explanation could be a higher level of breaches in the UK actually being reported.
The multi-faceted Carbanak cyber-raid on global financial institutions appears to be the biggest ever bank robbery by a single cyber-crime group.
If the losses claimed for the Carbanak online robbery are anything like the billion US dollars (£650 million) being cited, then despite the fact that it covers around 100 financial institutions, and took place over two years – and may still be ongoing, it would still rank as the largest known loss to a single cyber-crime gang.
Looking at the report figures – and the attribution of the attack – Bob Tarzey analyst and director at Quocirca Ltd told SCMagazineUK.com: “Whilst there is no reason to doubt Carbanak's existence, the figures for financial losses all seem to be estimates coming from Kaspersky. These range from £155 million to £650 million. If true, it would seem that that banks themselves have kept this quiet, presumably because it is not that much once spread across the affected organisations; although of course, the sums would be a lot to any gang.”
The Royal Navy is under an increasing danger of cyber-attack and the government should ramp up training to deal with the threat.
That's according to a report from researchers at the University of Lancaster who found that maritime systems were especially susceptible to computer attacks and that ageing systems and a lack of training were particular barriers.
Security consultant Brian Honan said that all navies, indeed all shipping companies, were vulnerable to these threats. “What the report highlights is that many ships use Windows XP or Windows Server 2003 – one of which Microsoft has stopped supporting, and one Microsoft is about to stop supporting. And because ships are at sea a lot, it's not always easy to replace antiquated systems. It's a problem faced by private companies too,” he said, adding that the Lancaster report mirrors one produced in the autumn of last year by ENISA that also pointed out the security problems faced by shipping.
According to the Lancaster report, Cyber Operations in the Maritime Environment, shipping is a tempting target for cyber-criminals as 95 percent of goods are conveyed by sea.
At least one in twenty devices used by the customers of major European banks is riddled with malware, according to new claims from one security company.
Software security company and consultancy Minded Security came to this conclusion after using its new AMT Banking Malware Detector solution to collect information on infected customers, with many of these being European banks.
In findings that were released on Thursday, the UK-based firm revealed that this malware consisted of unwanted adware (three percent), spyware (1.5 percent) and banking malware (0.5 percent), with the latter most often used to steal data and take over accounts.
Equation Group, the most advanced threat actor yet seen according to Kaspersky, may be the NSA.
There is strong speculation that the Equation Group – which infected the hard drive firmware of Seagate, Maxtor, Toshiba and others, and hit political and commercial targets in over 30 countries in the last 15 to 20 years - is America's NSA.
Kaspersky has released an explosive new report that reveals the activities of the “the most advanced threat actor ever seen". It stops short of revealing the group's true identity, but there is strong speculation that it is American intelligence agency the NSA.
Kaspersky calls Equation “one of the most sophisticated cyber-attack groups in the world” and reveals: “One aspect of the group's attack technologies that exceeds anything we have ever seen before is the ability to infect hard drive firmware.”
Equation successfully planted its malware inside the firmware of every major disk manufacturer in the world, including Seagate, Maxtor, Western Digital, Samsung, Toshiba and others.
The group used several other attack tools, including full-featured backdoors, Trojans, computer worms and zero-day bugs, to attack victims in over 30 countries.
Its main targets were in Iran, Russia, Pakistan, Afghanistan, India, China, Syria and Mali, but Equation also hit victims in the UK, US, France, Germany, Belgium and Switzerland.