The Lizard Squad is back with DDoS attacks against gaming company Blizzard. The Janet education network was also hit with more DDoS attacks. More stolen W-2 and personal information was used to file fraudulent tax returns, this time affecting employees of Baltimore City and the Catholic Archdiocese of Denver. On the advisory front there were more WordPress warnings, scary new ransomware, and the end of support for QuickTime for Windows. Legal stories included a jury awarding electronic medical record company Epic Systems $940 million in damages, Microsoft suing the federal government, and breach-related class action lawsuits moving forward against several organizations. Plus, a judge told Ashley Madison users they cannot remain anonymous.
A hacking group leaked data from the Philippines’ Commission on Elections, which impacts 55 million registered voters. National Childbirth Trust announced a breach affecting 15,000 new and expecting parents. Several more W-2 related breaches made headlines. An FDIC employee accidentally walked out with 44,000 customers' information. CoinWallet announced plans to shut down its services following a cyber incident. On the advisory front, the details of the Badlock bug were finally revealed, there was a new evolution in Locky ransomware, more phishing attacks were discovered, malvertising hit Dutch websites, and Windows XP, which has not had support for two years, is still being widely used. The week also saw legal developments regarding Mossack Fonseca, Sony Pictures, Wendy's, and more. Finally, four radio stations found themselves broadcasting some strange content after being hacked.
This week saw a massive leak of 11.5 million documents from Panamanian law firm Mossack Fonseca, and that information is impacting politicians, business leaders and entertainers across the world. Among the week's other trending cybercrime events were Turkish Citizens having their personal information posted online, more hospitals being hit with ransomware, another likely breach at Trump Hotel Collection, and vBulletin Forums being hacked. On the advisory front new ransomware variants and WordPress attacks continue to make headlines along with a proof-of-concept Firefox extension vulnerability dubbed "extension reuse attack." Legal developments include pending draft legislation on encryption, an amendment to Tennessee's data breach notification law, and data breach lawsuit updates from Lamps Plus, Anthem and Intuit. Also, Microsoft discovered that teaching a bot to talk like a Millennial may not be such a good idea.
The hacking collective Anonymous made headlines by threatening to target Republican front runners Donald Trump and Ted Cruz. A large DDoS attack took down Swedish newspapers. Other trending events include more hospitals being hit with ransomware, a breach at USA Cycling, and a dangerous attack against a water treatment plant. On the advisory front new studies highlighted software vulnerabilities and employee passwords, Locky ransomware continues to be discussed by researchers, Microsoft if fighting back against malicious macros, and a new scam is impersonating ISPs. Legal stories include more warnings from the FTC, lawsuits against 21st Century Oncology and Costco, and arrests related to intellectual property theft and the Syrian Electronic Army. Plus, sports fans have terrible passwords.
Trending cybercrime events this week include breaches at anti-DDoS firm Staminus and UK communications regulator Ofcom. Bangladesh Bank recently had more than $80 million stolen. Anonymous is taking aim at Donald Trump. On the advisory front a malvertising campaign affected a variety of popular websites. In addition, there were more developments in ransomware and iOS malware as well as phishing campaigns targeting companies with keyloggers. The encryption battle continues with reports that the Justice Department is privately debating how to handle WhatsApp encryption. The FTC is beginning a study looking into how PCI assessments are conducted. A settlement over St. Joseph Health's 2012 data breach has come to a close. Among the many arrests this week was the man who hacked into more than 100 Apple and Google accounts and stole, among other things, nude celebrity photographs. Finally, one hacker has gotten so desperate he decided to dox himself.
A point-of-sale breach at Rosen Hotels & Resorts adds to the trend of criminals targeting hotels to steal payment card information. Hackers breached a database at 21st Century Oncology. A variety of companies continue to have W-2 information compromised via both cybercriminals and human error. Android and iOS saw significant advisories this week around KeRanger, the first fully functional ransomware to target Apple devices, and Triada, which researchers have described as one of the most dangerous Android Trojans. More than 17 banks and credit card companies are named in a class action antitrust complaint that claims "hundreds of thousands" of merchants are being held liable for fraudulent EMV card purchases despite investments they have made to remove that liability. Home Depot has agreed to a $28 million dollar settlement. And the Consumer Financial Protection Bureau has taken its first ever data security action. Finally, one researcher found that running a DDoS service may not be that lucrative.
The University of California Berkeley announced a data breach affecting 80,000 individuals. A Snapchat employee got duped by a phishing email. Hacktivists targeted Time Warner and a Miami police officer. An evolving point-of-sale malware, an IRS warning to payroll and HR professionals, and a vulnerability that can potentially decrypt Internet traffic are among the week's top trending cybercrime advisories. On the legal side, Apple won a victory in an unrelated but similar case to the one involving the San Bernadino shooter's phone, a multi-year tablet and smartphone privacy class action was finally settled, and the man behind a $55 million ATM theft ring pleaded guilty. Also, it's not just businesses facing a cyber skills shortage; cybercriminals are having a hard time too.
Linux Mint led the week as the top trending cybercrime target due to the hack of its website and a malicious version being distributed. Child monitoring company uKnowKids may have exposed children's information. Several hospital breaches compromised employee information. Android saw another week with malware-related advisories, including the leak of the GM Bot source code. New reports say eCommerce fraud is on the rise and that more than 700 million records were compromised in 2015. The FTC reached settlements with several companies and individuals. Scottrade is facing a class action lawsuit over its breach. The Lyft-Uber legal battle continues with Lyft now accusing Uber of a "witch hunt" to access trade secrets. Finally, one Anonymous hacker's trip to Cuba found him stranded, rescued and then arrested.
Healthcare attacks took center stage this week as one Hospital was disrupted by ransomware and another reported a data breach. Anonymous leaked information on targets in Tanzania and Turkey. The Netflix brand is being used to spread malware and perform phishing campaigns. There were several Android-related advisories along with FBI warnings and a new scam leveraging "Kohl's cash." The debate over encryption rages on as Apple opposes a court order to unlock a phone tied to the San Bernardino attacks that left 14 dead. Superfish was back in the news with a settlement tied to its adware. Several businesses are facing lawsuits related to the Fair and Accurate Credit Transactions Act. Another business is suing its insurer after that insurer refused to cover a business email compromise scam. Plus, a security flaw not only makes a smart home alarm system easy to hack, but the flaw is unable to be patched.
The U.S. government saw several breaches this week with leaks of Department of Homeland Security and FBI employees' information as well as cybercriminals stealing around 100,000 E-file PINs from the IRS. On the advisory front there were warnings of evolving exploit kits, new malware, and new ATM skimming techniques. President Obama announced a Cybersecurity National Action Plan. Breach-related lawsuits are happening quickly as both Wendy's and the University of Central Florida saw potential class action lawsuits filed over their respective breaches. And the FTC and FCC issued some warnings and clarifications on recent developments. Plus, there are Valentine's Day gifts to help spread the cybersecurity love.