News briefs: Adobe’s big breach, NISTS’ new framework, and more

» As the extent of its massive breach unraveled, Adobe eventually confirmed that 38 million customers were impacted by a sophisticated attack on its network. In October, the company wrongly estimated that only three million customers had their credit card data accessed in the intrusion, where product source code was also stolen. The culprits behind several other breaches are suspected in the attack.

» A U.K. man was indicted for his involvement in the alleged hack of U.S. Army and other government-run databases. According to federal prosecutors, Lauri Love, 28, along with unnamed co-conspirators, allegedly exploited vulnerabilities in Adobe ColdFusion and carried out SQL injection attacks to access the databases over the past year. Arrested in late October in his home in England, Love was charged in federal courts in New Jersey and Virginia for computer crimes. Using the ColdFusion and SQL injection attack methods, the group is accused of stealing data from a long list of U.S. Army systems and other agencies and organizations.

» The National Institute of Standards and Technology (NIST) introduced a preliminary cyber security framework to help companies thwart critical infrastructure attacks. The framework provided guidance in support of President Obama's “Improving Critical Infrastructure Cybersecurity” executive order issued in February, and was designed to complement an enterprise's existing security management program – not replace it. The 47-page document aims to build off of existing standards, guidelines and best practices and provides a roadmap for organizations to describe their current security posture, describe their target cyber security state, identity and prioritize opportunities for risk management improvement, assess their progression toward their target posture, and foster communications among internal and external stakeholders.

» Researchers discovered malware, dubbed Ploutus, that enables hackers to steal money directly from ATM machines. The malware was first publicized in September by Russian security firm Safensoft, and another company, Trustwave, followed with additional findings on how the Spanish-language malware first infected money machines in Mexico. In late October, security firm Symantec discovered an updated English-language version of Ploutus. Researchers revealed that the malware is transferred into the ATM through the CD-ROM drive, then attackers send a 16-digit command code using the ATM keypad. Next, a dispatcher sends a 33-digit instruction to Ploutus through the command line, and then a timer is scheduled to dispense funds.

» “Paunch,” the author of the infamous BlackHole crimeware kit, was apprehended by Russian police. Troels Oerting, the head of the European Cybercrime Center, confirmed news of the arrest in early October. And almost just as quickly, criminals began switching out exploits in BlackHole to package them in other easy-to-use toolkits. By late October, researchers at Dell SecureWorks Counter Threat Unit (CTU) had already observed how a group of saboteurs using the world's largest spam botnet, Cutwail, had opted to distribute their malware via the Magnitude exploit kit, instead of through BlackHole.