IT Security Stories to Watch: New Details on Android, ‘Regin’ Malware
Thanksgiving is only a few days away, but IT security issues never take a holiday and continue to hit organizations across the globe. For example, Digital Trends recently reported the “NotCompatible” Android malware is wreaking havoc on organizations worldwide and has “hijacked more than 4 million Android devices to send spam emails, buy event tickets in bulk and crack WordPress accounts.”
We’ve got information in this malware plus news on the new “Regin” threat and updates on the USPS and Home Depot breaches in this week’s edition of IT Security Stories to Watch
How could NotCompatible affect managed service providers (MSPs) and their customers? Check out this week’s IT security stories to watch to find out:
1. New NotCompatible threat is emerging
Officials from San Francisco-based mobile security company Lookout last week said they believe NotCompatible has affected up to 4.5 million Americans since Jan. 2013.
The New York Times also noted NotCompatible.C, the most recent version of the Android malware, can cause victims to incur additional data charges on their smartphones and quickly drain their phones’ batteries.
“NotCompatible.C has set a new bar for mobile malware sophistication and operational complexity,” Lookout Staff Engineer Tim Strazzere wrote in a blog post. “The command infrastructure and communication perseveres and self-protects through redundancy and encryption, making it elusive and enduring. It’s an earthworm with its tail cut off that regenerates and thrives.”
2. Introducing the “Regin” cybersecurity threat
Symantec (SYMC) has released details about “Regin,” a tool that hackers can use to spy on businesses and government organizations.
PCWorld said Regin is “a back-door-type Trojan,” and its first incarnation was used to spy on a number of organizations from 2008 to 2011.
Today’s version of Regin, however, is “customizable with an extensive range of capabilities depending on the target,” according to Symantec.
“Regin is a highly complex threat which has been used in systematic data collection or intelligence gathering campaigns,” Symantec wrote in a blog post. “The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible. Its design makes it highly suited for persistent, long-term surveillance operations against targets.”
CNNMoney added that Regin is a “government-designed cybersecurity threat” that has already been discovered in at least 10 countries.
3. How is Congress responding to the USPS data breach?
The incident, which put roughly 500,000 USPS employees’ personally identifiable information at risk, has raised questions about the postal service’s IT security measures.
ABC News noted Congressman Stephen Lynch of Massachusetts recently said he believes transparency is key to prevent similar incidents from happening.
“I am very disappointed in the way you handled this … you have to be more forthcoming,” Lynch told USPS officials last week during a House Committee on Oversight & Government Reform hearing.
4. Home Depot boosts Q3 profits despite data breach
The Home Depot (HD) last week reported pretax net expenses of $28 million that were related to a data breach that it began investigating in September, but these costs did little to deter the multinational home improvement retailer from turning a profit in its most recent fiscal quarter.
Home Depot recorded sales of $20.5 billion in the third quarter of fiscal 2014, a 5.4 percent increase from the third quarter of fiscal 2013. The company’s net earnings totaled $1.5 billion during the quarter as well, up from $1.4 billion during the same time frame last year.
This home improvement retailer earlier this month provided an update on its payment data breach investigation and pointed out that it is working with law enforcement officials “to further enhance its security measures.”