ThreatReport: Global cybercriminal activity

Share this article:
VANCOUVER, B.C. — The website of grocery store chain T&T Supermarket was hit with a cyberattack resulting in the exposure of 58,000 customer names, contact details, usernames and passwords.  Website visitors also might have been tricked into downloading malicious software onto their computers.

ABILENE, KAN. – Cybercriminals stole $63,000 from the bank account of the car dealership, Green Ford Sales, after infecting the Windows PC of the company's controller with the data-stealing trojan Zeus. The company's bank, First Bank Kansas, has recovered all but $22,000 of the stolen funds.

BALTIMORE — A former employee of the city's Substance Abuse Systems treatment and prevention authority, who infiltrated the organization's computer network after being fired, was sentenced in the city's first computer hacking case. Walter Powell, 52, pleaded guilty to invading his former employer's computer system.

CHICAGO — Retail chain Michaels was recently hit with a second lawsuit over a point-of-sale skimming attack that affected stores in at least 20 U.S. states. The latest class action suit, filed in U.S. District Court in Illinois, claims the craft chain failed to secure its payment terminals and took too long to notify customers of the breach.

SEAL BEACH, CALIF.— The names and Social Security numbers of 300,000 individuals who applied for California workers' compensation benefits were posted online. The data was inadvertendly exposed by Southern California Medical-Legal Consultants, a company that helps medical providers recover workers' compensation insurance funds.


JAPAN – Parliament passed a law that sets penalties for convicted malware creators and purveyors. A guilty ruling can send virus writers to prison for up to three years and fine them as much as $6,200, while malware spreaders can receive two years behind bars and fines of $3,700. The law also permits cops to confiscate email communications of suspects from ISPs.
 
GERMANY – Two men, 18 and 23, were sentenced for using trojans to hack into computers of record executives that contained unreleased songs and photos belonging to popular musicians, including Lady Gaga and Kesha. The younger of the two intruders earned 18 months in prison, while the other received an 18-month suspended sentence.
 
U.K. – A 26-year-old York man was charged with trying to hack the internal system of Facebook. He was arrested following an investigation launched by the FBI and Metropolitan Police. The suspect was released on bail, but faces extradition to the United States, where he could receive up to 10 years in prison. No Facebook data was compromised.
 
RUSSIA – Two hackers are believed responsible for stealing more than $500,000 from bank accounts in Turkey. Authorities believe the men tricked users into installing keylogger trojans on their computers, which enabled the crooks to gain access to their bank accounts to conduct 265 fraudulent transfers between 2005 and 2007.
 
TURKEY – The hackivist collective Anonymous took credit for infiltrating and defacing 74 government websites as a protest to web-filtering regulations set to take effect in August. In June, Turkish authorities charged 32 people with ties to Anonymous following DDoS attacks. Both incidents are related to the group's so-called “AntiSec” movement.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Research

Sign up to our newsletters

POLL

More in Research

2014 audit and compliance ebook

2014 audit and compliance ebook

We explore the landscape today with which security teams must contend and compile a number of best practices and strategies you can apply to protect your company.

2014 eBook on Encryption

2014 eBook on Encryption

The experts we spoke to for this new ebook agree that when deciding what data must be encrypted, it's a question of classifying it by level of importance.

PCI 2014: From compliance to security

PCI 2014: From compliance to security

The consensus from our panel of experts is that PCI DSS should be just one item on a far broader effort to integrate data security into enterprise risk management.