Group-1B reports that nominally ISIS-affiliated hackers hit some 600 Russian sites from a broad range of sectors last year. Some names Caliphate-sympathizing groups used were "Team System Dz," "Global Islamic Caliphate," and "FallaGa Team." Their attacks appear to be trending up. In the US, the ISIS-doxxed "kill list" of American service members seems more scare than serious operation, but properly remains of concern even to those dismissing it as gasconade.
Vawtrak financial malware emerges in a more virulent form, using encrypted favicons distributed via the Tor anonymizing network. Analysts consider this a form of steganography. Canadian banks are early targets.
A researcher claims to have found a backdoor in Dell System Detect. (Dell says if it's there, the company didn't install it deliberately.)
Proofs-of-concept demonstrate a side-channel attack that runs entirely in a browser and exploitation of a crypto algorithm known to be weak.
Cyber criminals revisit an old trick — malware-infected Microsoft Office macros — and spam out compromised documents. Caveat lector, and don't click.
FierceHealthIT looks back at the Anthem and Premera breaches and doesn't like what it sees. Others mull the difficulty of calculating losses in a breach, and consider the Target settlement's implications for executives.
Apropos this week's observations that hackers need no rational motive, here's Exhibit A: skids styling themselves "Vikingdom2015" hit the State of Maine again. They do it for the lulz, and say they don't care if they're caught. (One hopes an FBI visit will test their indifference.)
Nation-states move toward a cyber deterrence regime.