Reuters reports that SWIFT, the international financial transfer network, has warned customers that the Bangladesh Bank cyber robbery wasn’t unique in exploiting SWIFT software vulnerabilities to mask fraudulent transactions. “Malicious insiders or external attackers” have submitted bogus messages to the SWIFT network on more than one occasion, according to Reuters’ account of a warning circulated privately to SWIFT customers. The criminals behind the fandation [sic] to which $81 million were funneled remain unknown.
Observers draw a lesson from the robbery—enterprises should be aware of, monitor, and control what goes on inside their perimeter, looking for lateral movement, privilege elevation, etc.
Blue Coat Labs reports an active ransomware campaign targeting older Android systems. (Threatpost compares it to the exploitation of older, Windows XP machines.) The attackers are locking Android devices with Dogspectus ransomware delivered with the Towelroot exploit kit. The demand (communicated in an entirely implausible attempt to sound like an official US security agency) is for $200 in iTunes gift cards. Towelroot delivers its payload via drive-by malicious advertising. The exploits themselves seem, researchers say, to be old Hacking Team tools.
In the US, senior military officers hint obliquely about their fear of foreign compromise of Defense supplier networks.
US Director of National Intelligence Clapper said yesterday that Snowden’s leaks accelerated the development and widespread dissemination of commercial encryption by about seven years. “From our standpoint,” says the DNI, “it’s not a good thing.”
In industry news, the SecureWorks IPO still shows no more than a dead cat bounce.