Security News for the Week Ending February 14, 2020
Feds Say 4 Chinese Hackers Took Down Equifax
The Department of Justice indicted 4 members of the Chinese People Liberation Army, saying that they were responsible for detecting the fact that Equifax did not patch their some of their servers and thus were easily hackable. This, of course, means that the hack did not require much skill and may have even been a coincidence.
While it is highly unlikely that the 4 will ever see the inside of an American courtroom, it is part of this administration’s blame and shame game – a game that does not seem to be having much of an effect on cybercrime. Source: Dark Reading
Malwarebytes Says Mac Cyberattacks Doubled in 2019
For a long time, the story was that Macs were safer than PCs from computer malware and that is likely still true, but according to Malwarebytes anti-virus software, almost twice as many attacks were recorded against Mac endpoints compared to PCs.
They say that Macs are still quite safe and most of the attacks require the attacker to trick a user into downloading or opening a malicious file. One good note is that Mac ransomware seems to be way down on the list of malware. Source: SC Magazine
Feds Buy Cell Phone Location Data for Immigration Enforcement
The WSJ is reporting that Homeland security is buying commercial cell phone location data in order to detect migrants entering the country illegally and to detect undocumented workers. In 2019, ICE bought $1 million worth of location data services licenses. There is likely nothing illegal about the feds doing this, but it is a cat and mouse game. As people figure out how the feds are using this data, they will likely change their phone usage habits.
Note that this data is not from cell towers, but likely from apps that can collect your location (if you give them permission) as much as 1400 times EACH DAY (once a minute) – a pretty granular location capability. Source: The Hill
FBI Says Individual and Business Cybercrime Losses Over $3 Billion in 2019
The FBI’s Internet Crime Complaint Center or IC3 says that people reported 467,000 cyber incidents to them last year with losses of $3.5 billion.
They say that they receive, on average over the last five years, 1,200 complaints per day.
During 2018, the FBI established a Recovery Asset Team and in 2019, the first full year of operation, the team recovered $300 million. They say they have 79% success rate, but they don’t explain that bit of new math. I suspect that means that over the small number of cases they cherry pick, they are very successful.
Still, overall, that seems to be less than 10% of the REPORTED losses.
Also, it is important to understand that this data only draws from cybercrime reported to the IC3. No one knows if that is 10% of all cybercrime or 90%. Just based on anecdotal evidence, I think it is closer to the 10% number, and, if true, that means the $3.5 billion in losses is really closer to $35 billion. Source: Bleeping Computer
by