News briefs: LulzSec takedown, phisher sentenced

Share this article:

»Teenage hacker Ryan Cleary, snagged in a Scotland Yard/FBI investigation into online hacking group LulzSec, leaves Southwark Crown Court in England. The hacktivists folded up shop following a two-month-long spree that disrupted multiple industries. The group decided to call it quits following data heists against PBS, Sony, the Arizona Department of Public Safety and InfraGard of Atlanta, among others.

»A member of a global phishing ring was sentenced to 11 years in prison for his part in stealing $1 million from victims. Kenneth Lucas II, 27, of Los Angeles, who led the U.S. arm of the phishing operation, previously pleaded guilty to 49 counts of bank and wire fraud, aggravated identity theft, computer fraud and money laundering conspiracy. The takedown, codenamed “Operation Phish Phry,” remains one of the largest cybercrime busts in history. Lucas oversaw the recruitment of money mules, individuals who establish bank accounts that are used to receive and later transfer stolen funds overseas.

»A new botnet comprised of more than 4.5 million infected computers is “practically indestructible,” according to researchers at Kaspersky Lab. The botnet, dubbed TDL-4, relies on a powerful rootkit of the same name that can conceal itself, as well as other types of malware, on an infected system. TDL-4 is protected against disruption because of a unique algorithm that its operators have developed to encrypt communications between infected computers and command-and-control servers.

»The long-awaited update to the Federal Financial Institutions Examination Council guidelines around authentication was released. The guidance directs financial institutions conducting “high-risk transactions” to deploy a layered security approach to mitigate the threat. Options include implementing fraud detection and monitoring systems to flag suspicious transactions; dual customer authorization, meaning two employees have to sign off on a transaction before it can be completed; out-of-band verification, in which the bank directly asks the customer if they OK the transaction; and “positive pay,” a process by which customers send banks an approved list of payees.

»A new report released by Cisco confirms what may have become fairly obvious to security professionals over recent months: Cybercriminals are scrapping widespread malicious email campaigns for more targeted attacks. The white paper, “Email Attacks: This Time it's Personal,” reveals a dramatic drop in profits accrued by crooks who launch traditional attacks, such as delivering malware-laden or phishing emails. But the criminals haven't folded up shop. Instead, they have begun to find cost benefit in perpetrating stealthier, more crafted email attacks, known as spear phishing, which are aimed at specific individuals.

»Gannett Government Media – publisher of a number of government news websites – sustained a digital intrusion that exposed the personal information of subscribers, including U.S. military personnel. The media company said it discovered that attackers gained unauthorized access to files containing the personal information of some users. No financial data was compromised, however.
Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.