10Fold – Security Never Sleeps – 37

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. A bug exposed an Uber driver’s tax information including her name and social security number to all drivers who logged onto their dashboard in what the company calls, a ‘bug.’

HSBC cyber attack brings Internet banking to its knees – Publication: Financial Times – Reporter name: Emma Dunkley

HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services. The bank said in a statement that it had “successfully defended against the attack, and customer transactions were not affected.” However by early afternoon on Friday its online banking services were still unavailable to some customers. Alex Kwiatkowski, a senior strategist at software group Misys, said the attack was “very concerning” and “shines a bright spotlight” upon HSBC’s systems weaknesses.


BlackEnergy malware deployed using malicious Word docs – Publication: SC Magazine – Reporter name: Robert Abel

Researchers at Kaspersky Lab spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine. Russian-speaking threat actors in the BlackEnergy APT group have been using malicious Excel and PowerPoint files to spread the group’s malware since last year but Kaspersky’s Global Research and Analysis Team Director Costin Raiu claimed this was the first time Word documents have been used. The BlackEnergy APT group has been actively targeting energy, government and media in Ukraine, and industrial controls systems supervisory control and data acquisition (ICS/SCADA) and energy companies worldwide.


 27% of all malware variants in history were created in 2015 – Publication: CSO Online – Reporter name: Maria Korolov

Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year. Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially unwanted programs such as adware at 10.71 percent and cases of spyware at 1.83 percent.


‘Bug’ Exposes Uber Driver’s Tax Information, Including Name and Social Security Number – Publication: Forbes – Reporter name: Kelly Phillips

It was an über bad day for one driver who had her personal tax information, including her Social Security number, exposed due to what the drive on demand company is calling a “bug.” When Uber drivers logged on to the Uber partner dashboard to check their own 1099 information for 2015, they instead received information relating to someone else: a Florida woman who also drives for the company. The form in question was a federal form 1099-K, Merchant Card and Third Party Network Payments. Technically, drivers for Uber are not employees which is why they fill out the 1099-MISC. The driver’s 1099-K information remained on the Uber dashboard for a short time and it’s not known how many other drivers might have viewed it during that time. When made aware of the error, the company removed the tax tab on the dashboard altogether while the mistake was corrected.