Data Breach Ripples: Week of August 07

Posted by Zach Walker on Aug 7, 2015 1:00:00 PM
Find me on:

DBR-Email-Header-4215

In this week's issue: the University of Connecticut's cyberintrusion attack originated in China, the FBI issued a warning on DDoS attacks, security researchers have hacked the Square reader,phishing attacks are up 74% in  Q2 of 2015, and we recap the fraud management panel from this week's Retail Reinvention summit featuring Rippleshot CEO, Canh Tran.

UConn School of Engineering Cyberintrusion originated in china

In March of 2015, members of the University of Connecticut’s School of Engineering discovered that an intrusion into its network servers, compromising the personal information of an unknown number of individuals. After a forensic investigation was conducted by both the University of Connecticut and Dell SecureWorks, the first known date of network penetration occurred on September 24, 2013, nearly a year-and-a-half-long breach.

In an official statement by the university, this security breach originated from attackers in China after targeting roughly 200 university research sponsors in the government and private sectors. 

FBI Issues DDos Attack Warning 

An alert issued by the Internet Crime Complaint Center (IC3)  is warning businesses and consumers that a new trend of e-mail extortion campaigns is beginning to increase. The IC3 is a partnership between the Federal Bureau of Investigations (FBI) and the National White Collar Crime Center (NW3C) to help receive Internet-related criminal activity in order to best assist law enforcement agencies here in the U.S. In the alert, targeted businesses receive an extortion e-mail threatening a Distributed Denial of Service (DDoS) attack on its website unless a ransom is paid, often in Bitcoin form.  

These DDOS attacks overwhelm businesses with large amounts of web traffic that prevent legitimate visitors from accessing the website. For e-commerce sites or other businesses with web-based services, these DDoS attacks mean lost money for those unwilling or unable to pay the ransom.

Hacks turn sqaure's reader into card-stealing machine

 Security researches have uncovered a number vulnerabilities with Square’s mobile payment card-reading device that allow both merchants and third parties actors to initiate fraudulent transactions on the reader, while also skimming payment card information of unaware customers. The researchers have discovered that it is possible to physically disable the encryption device used to protect customers financial information, essentially turning the mobile card-reader into a skimming device.

When reached for a comment on the hacking vulnerability, Square notes that tampered card-readers will not work with the official app and that it is not possible to store payment information to be used more than once within the app. However, it is possible for a criminal to create an app that has a similar look and feel to the Square app, while implementing the skimming code beneath the surface. 

Phishing attacks up 74% in q2 2015 

Domain Name Systems (DNS) based threats resulting in phishing attacks have seen a 74 percent increase in Q2 of this year. A new security threat index released by IID and Infoblox,  focusing on malicious activity across the globe that exploits the Domain Name System, a system that assigns names to personal computers, resources and services that connect to the Internet. This second-quarter increase in DNS threats is mostly due to a spike in social engineering plots like phishing attacks. Even with the vast majority of consumers being 

Rippleshot Content: Fraud management - The Role of privacy, data & security

The Rippleshot team had the pleasure of attending and sponsoring the PYMNTS.com Retail Reinvention summit here in Chicago this week.  Retailers, merchants, tech innovators and payment industry thought leaders convened in Chicago to discuss the future of retail and how innovative technology will help reinvent an entire industry. With new methods of payment being adopted in everyday life, data security and management is one of the many topics on people’s minds. On the first day of the summit, eight industry leaders were part of a panel discussion on the role of privacy and fraud management within an organization. We’ve recapped the panel discussion and highlighted some of the key takeaways from this week’s event.

 

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.

 

New Call-to-action  

Topics: Data Breach Ripples