Cutting through the Weekly Mobile Security Noise: Evaluating Threats
Recent headlines reinforce the reality that mobile threats against personal and corporate devices are continuing to evolve. According to a recent study from BT, mobile breaches affected 68% of global organizations in the last 12 months. This week we’ve been monitoring conversations around hackers draining personal bank accounts via the Starbucks mobile app, the latest news surrounding the USA Freedom Act and key components of threat intelligence.
On Wednesday Starbucks acknowledged that attackers have been breaking into individual customer rewards accounts, stealing money from people’s credit cards as well as their bank and PayPal accounts. According to Infosecurity Magazine, hackers were able to take advantage of Starbuck’s easy access auto-reload function and users weak passwords, which allowed them to steal hundreds of dollars, without even knowing which account they were stealing from. The outcome of this attack is pretty serious. Starbucks reportedly said it processed $2 billion dollars in mobile payment transaction about one in six transactions at Starbucks are conducted with the Starbucks app. Experts say the best way users can avoid this type of attack is to create a strong password — and erase any payment methods attached to their Starbucks account.
On Wednesday the House of Representatives passed the USA Freedom Act, which aims to end the government’s bulk data collection and five-year retention of personal phone records. The bill now faces the Senate, where a similar version of legislation was denied last year. The White House showed support for the USA Freedom Act on Tuesday night, saying in a statement that the bill “strikes an appropriate balance between significant reform and preservation of important national security tools,” according to an article in the U.S. News & World Report. The Freedom Act would reauthorize the Patriot Act while limiting the NSA’s ability to collect data.
Security’s latest buzzword, “threat intelligence” can easily be misunderstood and misinterpreted. Gartner Inc. defines the term as, “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” An article in CIO explained how threat intelligence has become a key aspect of the industry’s shift from traditional event driven security to intelligence-led security. It’s important for organizations and individuals to understand threat intelligence’s key capabilities that security intelligence needs to deliver.