Breach, Data Security, Incident Response, Malware, TDR

News briefs: The latest on the Target breach, a flaw in WinRAR and more

» Banks impacted by Target's late-2013 breach banded together to file a short-lived class-action against the retailer and Chicago-based security firm Trustwave. In late March, Trustmark National Bank and Green Bank claimed that security vulnerabilities went “either undetected or ignored by Trustwave” (alleged to have serviced the retailer), enabling hackers to pilfer 40 million payment cards, encrypted PIN data and other personal data from Target's systems, court documents said. Within a week of filing, however, both banks dismissed the claims against Trustwave and Target. Trustwave's CEO Robert McCullen responded to plaintiffs' complaints, saying that the firm didn't monitor Target's network nor process its cardholder data.

» A report by Businessweek revealed that Target may have been negligent as far as observing its security systems last year. Months before hackers stole 40 million payment cards, among heaps of other information, at the end of 2013, the retail giant installed a $1.6 million malware detection system from security company FireEye that later picked up on the attackers' suspicious activity – on multiple occasions. But reports suggest that the alerts went by unaddressed by Target.

» Researchers at Symantec uncovered an attack method by which criminals used SMS messages to get cash out of ATMs. According to the firm, crooks begin the scheme by loading ATM malware “Ploutus” into cash machines (via lock picking or boring holes in the ATM, which allow them access to its CD-ROM or USB drive). Hackers then can hook a specially configured mobile phone to the ATM using USB tethering and, in turn, send SMS command messages to the implanted device to extract cold, hard cash.

» University of Maryland President Wallace Loh testified before Senate members in late March, detailing occurrences that led up to a far-reaching breach made public in February. According to Loh, hackers masking their identity and whereabouts with the Tor network, infected a university website with a data-stealing trojan. After compromising the photo-sharing site, saboteurs were able to steal login credentials of IT managers at the university and eventually access a database containing the names, Social Security numbers and university identification number of 300,000 students, alumni and staff.

» A flaw in WinRAR, popular software for compressing and decompressing ZIP files, was exploited in a malware campaign targeting government and international organizations, as well as Fortune Global 500 companies. An Israeli researcher revealed that the spoofing vulnerability allows an individual to create a ZIP file that appears to contain one thing when compressed, but actually houses compressed malware. The campaign, uncovered in late March, was believed to have been leveraged as a means of cyber espionage against aerospace corporations, military subcontractors, embassies, and other entities maintaining sensitive information of interest to attackers.

» Analysts found that users infected with a Windows trojan may have also been targeted by another threat – ransomware called “Cribit.” According to Trend Micro researchers, the ransomware, which encrypts computer files and demands Bitcoin payment to decode data, primarily impacted users in the U.S. (40 percent), in some cases demanding $240 worth of Bitcoin from victims. A Windows trojan called “Fareit” was being used to spread the ransomware, Trend Micro found.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.