Highlights from the past seven days in information security include ESET’s annual Windows exploitation report, analysis of the Bayrob trojan and beating tax identity fraud.
It’s that time of the week again when we recap the biggest, most interesting and notable security stories from the past seven days. And yes, we’ve got a brand new logo to show off as well. We thought it was about time.
ESET published Windows exploitation 2015
ESET released its annual Windows exploitation report, which had a focus on what was new in 2015. This includes new security features in Microsoft Edge and Google Chrome, new features in Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and the exploits of the Hacking Team cybergroup. The latter was described as being one of the “most enlightening” security stories of 2015, with its specialization “in selling their offensive tools to various legally inappropriate countries” noted for being ethically and legally troubling.
ESET reports on the ‘intense’ activities of the Bayrob trojan
ESET’s Josep Albors detailed the nefarious activities of the Bayrob trojan, which was found by the security solution provider as being particularly active across the globe towards the end of 2015, especially in Germany and France. Mr. Albors said: “Like many other threats, Win32/Bayrob is distributed using a classic attack vector (for example, as a malicious attachment in an email). In several cases, the criminals behind this campaign were trying to attract their victims by posing as Amazon.”
Digging beneath the surface of tax identity fraud
Over the last decade there has been a notable change in the way people file their income tax returns in the US, with electronic solutions making it easier to perform this activity. However, as ESET’s Stephen Cobb pointed out, this has also allowed “tax identity theft to thrive”. In a comprehensive piece, the security expert advised on what consumers and businesses can do to protect themselves, which includes ordering your IRS transcript and asking your bank about an ACH debit block.
The debate over privacy and encryption in Switzerland
While it is a divisive and prominent issue in any country, the debate over privacy and encryption in Switzerland has been eye-catching. So much so, it could have wide-reaching consequences throughout the world, ESET’s Cameron Camp revealed. Thanks to a campaign by ProtonMail, a Swiss-based encrypted email provider, the European country is to now hold a referendum on its contentious surveillance law. This could be a game-changer.
How the ‘oversharing generation’ can be more secure
ESET’s Ondrej Kubovič took the opportunity of Data Privacy Day to highlight security issues associated with the so-called ‘selfie generation’. The fundamental problem is that this tech-savvy, connected demographic, don’t really understand the problem of oversharing, unaware are they of risks associated with this behavior. Mr. Kubovič recommended, among other things, applying a “higher level of self-censorship” and treating “every photo or video as a police investigator would”.
HSBC reveals that it was the victim of a cyberattack
HSBC in the UK revealed through social media that its online banking service was offline because it was dealing with a cyberattack. The bank explained that it had successfully defended its systems against a DDoS attack, which had not compromised any of its 17 million personal and business customers. It is still unknown who is responsible for the incident.