Patrick Howell O’Neill – Page 29

U.S., Russia fighting to extradite suspected Russian cybercriminal who ran $4 billion bitcoin exchange

Posted on September 29, 2017 by Patrick Howell O'Neill

The case against the Russian cybercrime suspect Alexander Vinnik opened in a Greek courtroom on Friday with two world powers sparring over who will extradite the Russian citizen. Vinnik, 37, pleaded not guilty to charges from the United States that he ran the cryptocurrency exchange BTC-e and engaged in money laundering at the scale of $4 billion. His lawyer is fighting extradition to California where federal charges were filed against him. He was arrested on those charges while he vacationed in Greece over the summer. A decision on the U.S. request is set to be made by Oct. 4. Vinnik, a Russian national, also faces charges in Russia in a separate fraud case that will reach a Greek court next week. Vinnik’s lawyer said he won’t fight that extradition request, indicating a preference of Moscow over the United States. The U.S. Justice Department describes Vinnik as the man behind BTC-e, […]

The post U.S., Russia fighting to extradite suspected Russian cybercriminal who ran $4 billion bitcoin exchange appeared first on Cyberscoop.

Continue reading U.S., Russia fighting to extradite suspected Russian cybercriminal who ran $4 billion bitcoin exchange→

Cybersecurity is U.S. bank regulator’s top priority

Posted on September 29, 2017 by Patrick Howell O'Neill

Cybersecurity is the top priority for the office charged with regulating and supervising all banks in the U.S., according to the newly released bank supervision operating plan for 2018 from the Treasury Department’s Office of the Comptroller of the Currency. The declaration comes amid an environment where attackers are multiplying and the threat surface is rapidly expanding. Experts expect the reaction from banks to be greater focus and spending on cybersecurity. “Cyber threats are increasing in speed and sophistication,” Comptroller of the Currency Keith Noreika said earlier this year in an OCC Risk Perspective. “These threats target large quantities of personally identifiable information and proprietary intellectual property and facilitate misappropriation of funds at the retail and wholesale level. Phishing is a primary method for breaching data systems and is often the entry mechanism to perpetrate other malicious activity, such as installing ransomware, accessing confidential information, compromising internal systems to effect payments, or conducting espionage.” One area sure […]

The post Cybersecurity is U.S. bank regulator’s top priority appeared first on Cyberscoop.

Continue reading Cybersecurity is U.S. bank regulator’s top priority→

Whole Foods investigating breach tied to point-of-sale systems

Posted on September 28, 2017 by Patrick Howell O'Neill

Whole Foods Market, the American grocery giant recently purchased by Amazon, announced on Thursday it’s investigating the unauthorized access of payment card information via some of the company’s point-of-sale systems. In a statement posted on the Whole Foods website, systems “used at certain venues such as taprooms and full table-service restaurants located within some stores” were leveraged to access payment data. The impacted stores use different systems than Whole Foods’ primary point-of-sale system, the company said in a statement. Additionally, the company says Amazon systems do not connect to the affected Whole Foods systems, and transactions on Amazon.com have not been impacted. The preliminary statement was is short on specific information: The scope of breach, who was hit and who has been notified has not yet been announced. The company operates more than 460 stores throughout the U.S., Canada and the U.K. Whole Foods says its retained the services of a “leading cybersecurity […]

The post Whole Foods investigating breach tied to point-of-sale systems appeared first on Cyberscoop.

Continue reading Whole Foods investigating breach tied to point-of-sale systems→

Hackers find unpatched servers to secretly mine $17,000 in Monero per month

Posted on September 28, 2017 by Patrick Howell O'Neill

Secretly mining cryptocurrency by using the machines of unsuspecting victims is a malicious ploy that was invented almost as soon as cryptocurrency came into being. Just this week, two such schemes surfaced. An operation has been infecting Windows web servers with a silent Monero miner since at least May 2017 to net $63,000 worth of the currency, say researchers from cybersecurity firm ESET. Cryptocurrency mining, put simply, is when powerful computer processors solve immense math problems that take considerable time and energy. Solving the problems rewards miners with digital currency like bitcoin, Monero and so on. It costs money to power the computers that do the mining, so hackers who sneakily employ other people’s machines are avoiding expenses. The big electricity bill that results is suddenly another person’s problem. New research from ESET shows that hundreds of unpatched servers were infected with a known vulnerability — labeled CVE-2017-7296 — and used to mine Monero for […]

The post Hackers find unpatched servers to secretly mine $17,000 in Monero per month appeared first on Cyberscoop.

Continue reading Hackers find unpatched servers to secretly mine $17,000 in Monero per month→

Northrop Grumman awarded $14.5 million to build cybersecurity capabilities into surveillance planes

Posted on September 28, 2017 by Patrick Howell O'Neill

Northrop Grumman won a $14.5 million contract add-on on Wednesday to build “software support activity cybersecurity” along with an advanced radar processor to the company’s contract to build the E-2D Advanced Hawkeye aircraft for the U.S. Navy. The Hawkeye is a surveillance plane boasting image and video surveillance, drone control, missile detection and interception, advanced radar and communication. The latest version is an update to a Cold War-era airplane that first flew in 1960. In addition to other uses, the Hawkeye is meant to be an early warning detection, tracking and interception system for missile and aircraft threats. They’re prime targets for cyberattacks, as disabling or diminishing their capability could result in loss of life. Full production of the aircraft is expected to be complete by March 2019. The announcement comes as a footnote to a flurry of news from Northrop, including the company’s $7.8 billion purchase of weapons and space systems company […]

The post Northrop Grumman awarded $14.5 million to build cybersecurity capabilities into surveillance planes appeared first on Cyberscoop.

Continue reading Northrop Grumman awarded $14.5 million to build cybersecurity capabilities into surveillance planes→

Europol: Ransomware is far and away criminals’ favorite attack method

Posted on September 27, 2017 by Patrick Howell O'Neill

For police tracking the cybercrime horse race, it’s clear that ransomware is pulling away. While security incidents of all types continue at breakneck pace, a new report from the European Union’s law enforcement organization Europol pointed to ransomware as one of the easiest, most effective and common threats seen across the world. “Ransomware has eclipsed most other cyberthreats with global campaigns indiscriminately affecting victims across multiple industries in both the public and private sectors,” Europol’s researchers wrote in the newly published 2017 Internet Organised Crime Threat Assessment (IOCTA). “Some attacks have targeted and affected critical national infrastructures at levels that could endanger lives. These attacks have highlighted how connectivity, poor digital hygiene standards and security practices can allow such a threat to quickly spread and expand the attack vector.” The IOCTA, designed to provide guidance and recommendations to law enforcement and governments across the continent, tracked ransomware attacks in the last year and […]

The post Europol: Ransomware is far and away criminals’ favorite attack method appeared first on Cyberscoop.

Continue reading Europol: Ransomware is far and away criminals’ favorite attack method→

AI now detects the majority of new malware on Android

Posted on September 27, 2017 by Patrick Howell O'Neill

The way Google detects malware on Android is changing rapidly. Fifty-five percent percent of Google’s new malware detections on their mobile operating system in the last week came through machine learning. That’s an exponential increase over just six months ago when that figure sat at around five percent, according to Adrian Ludwig, an NSA veteran who now oversees Android security inside Google. Google Play Protect, Android’s automated application security software, is on more than 2 billion devices, in every country in the world. After three years of testing, Google started applying machine learning models to Google Play Protect only about a year ago in what’s described as a nascent and experimental period. The last six months have seen “an inflection point,” Ludwig told CyberScoop. “We’re now actually starting to see some of that return on investment.” Android employs a team of machine learning experts and security researchers to drive the technology forward and handle it […]

The post AI now detects the majority of new malware on Android appeared first on Cyberscoop.

Continue reading AI now detects the majority of new malware on Android→

The business models behind ATM malware empires

Posted on September 26, 2017 by Patrick Howell O'Neill

The criminal gangs behind the world’s most successful ATM malware attacks run their million-dollar empires like cutthroat business executives, according to newly published research from the European Union law enforcement agency Europol and the cybersecurity firm Trend Micro. In the last decade, organized crime groups originating mostly from two hotspots, Latin America and Eastern Europe, have waged an effective and evolving war against the cash-filled boxes that are the cornerstone of more than $10 billion in annual withdrawals, the researchers say. Some syndicates hold onto their malware for exclusive use, while others resell to smaller gangs willing to do the physical legwork. A single weekend’s spree can result in thousands or millions of dollars in stolen cash. Hackers execute physical and network-based attacks against ATMs to steal money from both banks and customers in campaigns that can take years to sniff out. Analyzing a decade’s worth of ATM hacking, the researchers focused on business models that […]

The post The business models behind ATM malware empires appeared first on Cyberscoop.

Continue reading The business models behind ATM malware empires→

New dime-sized YubiKey adds more mobility to authentication keys

Posted on September 25, 2017 by Patrick Howell O'Neill

YubiKeys are getting smaller as they grow more and more popular. The cybersecurity hardware that acts as a secure key to machines and accounts now comes in a dime-sized package. The YubiKey 4C Nano launched Monday for $60. Yubico, the company behind the powerful authentication keys, has had a big year. A “huge spike” in orders beginning late last year preceded a $30 million investment round in June and reports of over 100,000 customers including Google and Facebook. The 4C Nano is meant for mobility. It’s tiny, measuring in at 12mm x 10.1mm x 7mm, meant to meet demand for an even smaller tool than the keychain-sized keys Yubico has offered for a decade. It’s designed for use in USB-C ports on computers like the HP Spectre, Dell XPS 15, Apple Macbook Pro and newer Chromebooks. Experts praise tools like the YubiKey because they are the most secure form of multifactor authentication. In order to prevent […]

The post New dime-sized YubiKey adds more mobility to authentication keys appeared first on Cyberscoop.

Continue reading New dime-sized YubiKey adds more mobility to authentication keys→