The hacking collective Anonymous made headlines by threatening to target Republican front runners Donald Trump and Ted Cruz. A large DDoS attack took down Swedish newspapers. Other trending events include more hospitals being hit with ransomware, a breach at USA Cycling, and a dangerous attack against a water treatment plant. On the advisory front new studies highlighted software vulnerabilities and employee passwords, Locky ransomware continues to be discussed by researchers, Microsoft if fighting back against malicious macros, and a new scam is impersonating ISPs. Legal stories include more warnings from the FTC, lawsuits against 21st Century Oncology and Costco, and arrests related to intellectual property theft and the Syrian Electronic Army. Plus, sports fans have terrible passwords.
Trending cybercrime events this week include breaches at anti-DDoS firm Staminus and UK communications regulator Ofcom. Bangladesh Bank recently had more than $80 million stolen. Anonymous is taking aim at Donald Trump. On the advisory front a malvertising campaign affected a variety of popular websites. In addition, there were more developments in ransomware and iOS malware as well as phishing campaigns targeting companies with keyloggers. The encryption battle continues with reports that the Justice Department is privately debating how to handle WhatsApp encryption. The FTC is beginning a study looking into how PCI assessments are conducted. A settlement over St. Joseph Health's 2012 data breach has come to a close. Among the many arrests this week was the man who hacked into more than 100 Apple and Google accounts and stole, among other things, nude celebrity photographs. Finally, one hacker has gotten so desperate he decided to dox himself.
A point-of-sale breach at Rosen Hotels & Resorts adds to the trend of criminals targeting hotels to steal payment card information. Hackers breached a database at 21st Century Oncology. A variety of companies continue to have W-2 information compromised via both cybercriminals and human error. Android and iOS saw significant advisories this week around KeRanger, the first fully functional ransomware to target Apple devices, and Triada, which researchers have described as one of the most dangerous Android Trojans. More than 17 banks and credit card companies are named in a class action antitrust complaint that claims "hundreds of thousands" of merchants are being held liable for fraudulent EMV card purchases despite investments they have made to remove that liability. Home Depot has agreed to a $28 million dollar settlement. And the Consumer Financial Protection Bureau has taken its first ever data security action. Finally, one researcher found that running a DDoS service may not be that lucrative.
The University of California Berkeley announced a data breach affecting 80,000 individuals. A Snapchat employee got duped by a phishing email. Hacktivists targeted Time Warner and a Miami police officer. An evolving point-of-sale malware, an IRS warning to payroll and HR professionals, and a vulnerability that can potentially decrypt Internet traffic are among the week's top trending cybercrime advisories. On the legal side, Apple won a victory in an unrelated but similar case to the one involving the San Bernadino shooter's phone, a multi-year tablet and smartphone privacy class action was finally settled, and the man behind a $55 million ATM theft ring pleaded guilty. Also, it's not just businesses facing a cyber skills shortage; cybercriminals are having a hard time too.