Incident Response, TDR

News briefs: The latest on major DDoS and phishing attacks, and more

»An analyst has confirmed that several, unnamed financial institutions have suffered losses in the “millions” owing to distributed denial-of-service (DDoS) attacks. According to Avivah Litan, VP and distinguished analyst at research firm Gartner, three U.S. banks were hit by short-lived DDoS attacks in recent months after fraudsters targeted a wire payment switch, a central wire system at banks, to transfer funds.

»A phishing attack enabled hackers to modify the DNS records for several domains of media sites, including those run by The New York Times, Twitter and the Huffington Post U.K. Investigations revealed that the companies were not even the ones targeted by the attackers, who claimed to be the Syrian Electronic Army, a band of pro-Assad hacktivists responsible for a number of IT takedowns in recent months. In order to commandeer the major media sites, intruders compromised a reseller account that had access to the IT systems of Melbourne IT, an Australian registrar, and targeted an employee using an emailed spear phishing ruse.

»The PCI Security Standards Council gave merchants a first look at changes to its credit card data and payment application security guidelines that could be introduced later this year. In mid-August, the council released the “3.0 Change Highlights” document, a preview to the updated PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), which are set to be published Nov. 7. Expected changes in version 3.0 include a new requirement that merchants draw up a current diagram showing how cardholder data flows through organizations' systems, and added guidance on protecting point-of-sale (POS) terminals from attacks, as well as educational explanations of why the 12 core security requirements have been included in the standard. 

»Saboteurs have introduced a rare breed of banking trojan capable of infecting Linux users. The malware, called Hand of Thief, is being sold on Russian underground forums and will soon offer a “full-blown” suite of malicious features, making it comparable to other major, commercially available financial malware, RSA researchers discovered. Hand of Thief's price tag could reach $3,000 once criminals add a suite of web injections to its existing form grabber and backdoor infection vectors.

»Around 14,000 former and present employees at the U.S. Department of Energy (DOE) had their personally identifiable information (PII) accessed by an unauthorized party who gained access to the agency's network. The breach, which may have happened in late July, did not impact classified data, the DOE revealed. But, the incident could mean that sensitive data linkable to an individual  was exposed.

»In late August, the National Institute of Standards and Technology (NIST) released a preliminary draft framework in support of President Obama's executive order, “Improving Critical Infrastructure Cybersecurity.” Earlier in August, NIST also released revisions to two of its security-related manuals, the first amendments since NIST released them in 2005, reflecting evolving malware threats and the trend of organizations using automated patch management.

»Errata: Our apologies to Steve Lee, who we quoted in an insider threats story in August, for erroneously placing the office of his company, Steve Lee and Associates, in Texas, rather than Los Angeles.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.