MENTIS

Week of September 23, 2016

MENTIS
news

Week of September 23, 2016

Chinese Hackers Take Control of a Tesla from 12 Miles Away*:

  • Hackers have taken remote control of a Tesla Model S from 12 miles away, interfering with the car’s brakes, door locks, dashboard computer screen, and other electronically controlled features in the car.
  • The team of Chinese security researchers from Keen Security Lab were able to target the car wirelessly and remotely in an attack that could cause havoc for any Tesla driver.
  • The hack targeted the car’s controller area network, or Can bus, which is the collection of connected computers found inside every modern vehicle.
  • The attack requires the car to be connected to a malicious Wi-Fi hotspot set up by the hacking team, and this can only be triggered when the car’s web browser is used.
  • The researchers acted responsibly in disclosing the vulnerabilities to Tesla, and the company delivered a software update.
  • Now that cars are increasingly high-tech and connected to the internet, cybersecurity has become as big an issue as more traditional safety features.

*Source: The Guardian, September 20, 2016

https://www.theguardian.com/technology/2016/sep/20/tesla-model-s-chinese-hack-remote-control-brakes


American Express Users: Beware this Scam*:

  • In recent days, an unusually well-crafted phishing attack has been launched against American Express cardholders.
  • In the new scam, targeted users receive an email message allegedly from American Express advising the recipient to protect him or herself from fraud and phishing by establishing an "American Express Personal Safe Key (PSK)" to improve the security of their accounts.
  • The email contains a link on the bottom to "Create a PSK" and users who click the link are directed to a phony American Express login page on a site at the legitimate-sounding http:// amexcloudcervice. com/login/
  • While the lack of HTTPS and spelling error should alert some people to the likelihood of something amiss, many people focus on the contents of the browser windows and do not pay attention to other security clues.
  • After providing login information to the phony American Express page, users are presented with real-looking pages for them to enter card numbers, card expiration dates, card four-digit CVV code, their Social Security numbers, birth dates, mothers' maiden names, mothers' birth date, date of birth, and email addresses.
  • Despite several errors that information-security professionals may find glaring, the current attack does seem well crafted and therefore, more likely than many to trick American Express customers, most of whom obviously do not deal with phishing attacks as part of their jobs.
  • Click on the below links to get the suggestions of how should you protect yourself.

*Source: INC, September 19, 2016

http://www.inc.com/joseph-steinberg/american-express-users-beware-this-scam.html


Data Stealing Malware Takes Aim at 18 UK Banks*:

  • A three-year-old banking Trojan, believed to be the work of experienced and organised Russian cybercriminals, has now turned its attention to UK banks.
  • The Qadars Trojan has been active since 2013. Using several different versions, the malware has targeted banks in different regions, beginning with France and the Netherlands during 2013 and 2014, then Australia, Canada, the United States, and the Netherlands during 2015 and 2016.
  • This time, the malware campaign is targeting 18 banks in the UK which haven't been named for security reasons as well as financial institutions in Germany, Poland, and once again, the Netherlands.
  • Qadars uses social engineering to help take control of systems and undertake full-scale theft of data.
  • The Trojan is also capable of monitoring all user activity on a device and hijacking text messaging on the victim's mobile phone.
  • While the number of incidents involving Qadars is small compared to other Trojans, the malware is extremely effective.
  • It's possible that those behind Qadars don't engage in large-scale attacks because they want to remain under the radar and able to carry out focused and less visible operations in order to continue to steal data for profit, rather than for bragging rights like some other hacking groups.

*Source: ZDNET, September 20, 2016

http://www.zdnet.com/article/data-stealing-qadars-trojan-malware-takes-aim-at-18-uk-banks/


Major Data Breaches and How Your IT Company Can Avoid Falling Victim*:

  • A few of the major data breaches that have occurred recently should show exactly what you should and what you should not be doing to protect your organization from being next on the list.
  • Anthem Health Care Cyber Attack: One of the most devastating attacks occurred in January of 2015, but actually started several weeks before it was caught.
  • The way to learn from this attack – one that cost over $100 million, with some estimates as high as $10 - $15 billion – is simply to verify your processes.
  • Cyber-attacks can happen to any business at any time and there truly is no way to guarantee that they will not happen, but internal controls could have caught the attack much earlier if they were at a stricter level of code and security.
  • Hillary Clinton Data Breach: Whether your organization is in the eyes of the public as much as a presidential campaign or not, you do need to consider additional levels of security instead of just using personal and private email for your communication needs.
  • EBay Hacks: An international attack was carried out, and almost 150 million customer accounts were accessed and possibly affected negatively.
  • The biggest problem is that those accounts could include personal information such as shipping info, credit cards, PayPal accounts, and even more sensitive data.
  • Some also question whether it is necessary for eBay to hold the data including addresses and other information for their customers and for the shipping requirements.
  • The truth is when you are attempting to run an operation and you do hold the sensitive information of your customers, suppliers, or stakeholders, then you have to be sure you are putting security as one of the top objectives of the overall operation.

*Source: iPad Insight, September 18, 2016

http://ipadinsight.com/ipad-security/3-examples-of-major-data-breaches-and-how-your-it-company-can-avoid-falling-victim/


Suspected Russian Cyber-Attack Targets German Parties, Media*:

  • German security officials say a cyber-attack believed to be directed by Russia targeted journalists and lawmakers in recent weeks.
  • The domestic intelligence agency BfV says the German Parliament, at least two political parties and an unidentified media company were targeted in a sophisticated email phishing attempt between Aug. 15 and Sept. 15.
  • A warning bulletin provided Friday to The Associated Press says the attacker used a fake email address purportedly belonging to an individual at the NATO military alliance, of which Germany is a member.
  • The BfV said its cyber defense unit determined that clicking an attachment in the email could result in the installation of malicious software.

*Source: AP News Archive, September 23, 2016

http://www.apnewsarchive.com/2016/German-security-officials-say-a-cyberattack-believed-to-be-directed-by-Russia-targeted-journalists-and-lawmakers-in-recent-weeks/id-0eaba125cc5145e282fbce4a36e6f7f8

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top