Comment by Riaz Haq on December 2, 2014 at 1:45pm

SAN FRANCISCO — For more than a year, a group of cybercriminals has been pilfering email correspondence from more than 100 organizations — most of them publicly traded health care or pharmaceutical companies — apparently in pursuit of information significant enough to affect global financial markets.

The group’s activities, detailed in a report released Monday morning by FireEye, a Silicon Valley security company, shed light on a new breed of criminals intent on using their hacking skills to gain a market edge in the pharmaceutical industry, where news of clinical trials, regulatory decisions or safety or legal issues can significantly affect a company’s stock price.

Starting in mid-2013, FireEye began responding to the group’s intrusions at publicly traded companies — two-thirds of them, it said, in the health care and pharmaceutical sector — as well as advisory firms, such as investment banking offices or companies that provide legal or compliance services.

Continue reading the main story
RELATED COVERAGE

The headquarters of JPMorgan Chase in New York.Hackers’ Attack Cracked 10 Companies in Major AssaultOCT. 3, 2014
Hackers targeted the phone system at Bob Foreman’s architecture firm in Georgia, making $166,000 in calls in a weekend.Phone Hackers Dial and Redial to Steal BillionsOCT. 19, 2014
The attackers, whom FireEye named “Fin4” because they are one of several groups that hack for financial gain, appear to be native English speakers, based in North America or Western Europe, who are well versed in the Wall Street vernacular. Their email lures are precisely tailored toward each victim, written in flawless English and carefully worded to sound as if they were sent by someone with an extensive background in investment banking and with knowledge of the terms those in the industry employ.

---------
FireEye said it had notified the victims, as well as the Federal Bureau of Investigation, but did not know whether other organizations like the Securities and Exchange Commission were investigating.

Representatives of the F.B.I. and S.E.C. declined to comment on the case.

FireEye has aggressively marketed its security research and breach detection products since it went public last year.

Its Fin4 research was published the day after David G. Dewalt, FireEye’s chief executive, appeared in a “60 Minutes” report, lamenting the fact that companies do not detect their breaches sooner.

The company’s stock price — which surged to $100 a share last March — has since dropped to $30 a share in part because of a report that indicated one of FireEye’s intrusion detection products did not perform as well as others in a lab test.

On Monday, the same day FireEye released its Fin4 report, lawyers filed a class-action suit in the United States District Court for the Northern District of California on behalf of FireEye shareholders.


http://www.nytimes.com/2014/12/02/technology/hackers-target-biotech...

Comment by Riaz Haq on December 2, 2014 at 1:48pm

CBS 60 Minutes on Fireeye:

Target declined our request for an on-camera interview, but the breach of its security a year ago is a case study in how hackers operate. It started when criminals stole the username and password from one of Target's vendors -- a Pennsylvania heating and air conditioning company. The credentials got them into Target's network without attracting attention. Once inside they easily spread to thousands of checkout terminals in nearly every store. The hackers then installed malicious software, or malware, to record card swipes.

Dave DeWalt: The company invested a lot of money in security. It wasn't like they weren't trying to stop the bad guys. It's just the bad guys were really good, number one. Number two, they're very persistent.

A security system Target recently bought from Dave DeWalt's company, did detect the intrusion, and triggered alarms. But Target's older security systems were still in place, generating millions of alerts similar to these. Most were for minor technical glitches and the warnings from FireEye were lost in the noise.

Bill Whitaker: So alarms were going off?

Dave DeWalt: Alarms were going off. And when you get millions of alerts a day and there's one or two alerts that are the ones blinking red, "There's a problem. There's a problem." You can miss it and it's very hard to find the needle in the haystack. So Target's problem ultimately became, "I couldn't find the needle. I couldn't see the one alert that was bright red."

Last December 18, a week before Christmas, a cybersecurity blogger named Brian Krebs first reported the story publicly.

Brian Krebs: The breach lasted for a little more than three weeks. But they actually managed to hit Target at the busiest time of year for them.

http://www.cbsnews.com/news/swiping-your-credit-card-and-hacking-an...

Comment by Riaz Haq on September 14, 2015 at 4:18pm

#Pakistan Security Firms Ransomware. Intelligence Start-Up i-Sight Goes Behind Enemy Lines to Get Ahead of Hackers http://nyti.ms/1KkAiOI

On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room here and dialed into a group call with 100 counterparts in Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain, Taiwan and Ukraine.

As they worked their way around the room, the analysts briefed one another on the latest developments in the “dark web.”

A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as $500. Several American utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of “ransomware,” which encrypts PCs until victims pay a ransom.

The analysts, employees of iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients, in case someone, somewhere, was listening on the open line.

Within 30 minutes, they were all back at their keyboards, monitoring underground chatter and markets, analyzing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.

For the last eight years, iSight has been quietly assembling what may be the largest private team of experts in a nascent business called threat intelligence. Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though that statistic is impossible to verify given the secretive nature of these operations.

ISight analysts spend their days digging around the underground web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.

The company’s focus is what John P. Watters, iSight’s chief executive, calls “left of boom,” which is military jargon for the moment before an explosive device detonates. Mr. Watters, a tall, 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.

Comment