10Fold – Security Never Sleeps – 69

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  Spear-phishing has increasingly become a tailored attacked vs the traditional method of a the mass attacks. The White House won’t support the anti-encryption bill, but has yet to publically state their position. Karamba Security is now starting to develop malware protection for the computers in cars, which could help the car better prepare for malware attacks. Lastly, a blog written by security research Brian Krebs points out how much money has been lost due to CEO email scams.

Crypto ransomware targets called by name in spear-phishing blast – Publication: Ars Technica – Reporter name: Dan Goodin

For the past decade, spear phishing—the dark art of sending personalized e-mails designed to trick a specific person into divulging login credentials or clicking on malicious links—has largely been limited to espionage campaigns carried out by state-sponsored groups. Since the beginning of the year, that truism has begun to unravel. According to researchers at security firm Proofpoint, a single threat actor, dubbed TA530, has been targeting executives and other high-level employees in an attempt to trick them into installing an assortment of malware—including the CryptoWall ransomware program that encrypts valuable data and demands a hefty fee to undo the damage.


Obama won’t support anti-encryption bill, report says – Publication: CNet – Reporter name: Katie Collins

The White House won’t publicly support proposed legislation that would allow judges to compel tech companies to help law enforcement crack open otherwise secret data and communications, Reuters reported Thursday. It’s an about-face for the White House. Obama said last month that he had come around to the view that the government must find a way to access locked devices. Even though the White House has reviewed the legislation’s text and provided feedback, it is not expected to comment publicly on it. The legislation could be introduced in Congress as early as this week.


Your car’s computers might soon get malware protection – Publication: PC World – Reporter name: Lucian Constantin

Modern cars contain tens of specialized computers that control everything from infotainment functions to steering and brakes. The pressing need to protect these computers from hackers will likely open up a new market for car-related software security products. Karamba Security, a start-up based in Ann Arbor, Michigan, is one of the companies that has stepped up to answer this demand. The company’s anti-malware technology, unveiled Thursday, is designed to protect externally accessible electronic control units (ECUs) found in connected cars.


FBI: $2.3 Billion Lost to CEO Email Scams – Publication: Krebs on Security – Reporter name: Brian Krebs

The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates these scams have cost organizations more than $2.3 billion in losses over the past three years. In an alert posted to its site, the FBI said that since January 2015, the agency has seen a 270 percent increase in identified victims and exposed losses from CEO scams. The alert noted that law enforcement globally has received complaints from victims in every U.S. state, and in at least 79 countries.