This article is published by NetEase Cloud .
Yidun Business Risk Control Weekly Report weekly reports of noteworthy security technologies and events, including but not limited to content security, mobile security, business security and network security, to help enterprises be more vigilant and avoid these seemingly small but big ones that affect the healthy development of the business Security Risk.
1. The cybercrime economy is 12th largest in the world with an annual output of $1.5 trillion
Illicit funds generated, laundered, spent and reinvested by threat actors have exceeded $1.5 trillion, according to a new study on cybercrime profits.
At the RSA2018 conference held in San Francisco, USA, security experts pointed out that if cybercrime is compared to a country, the gross domestic product (GDP) created will surpass Russia and rank 12th in the world. According to a study on the economy linked to cybercrime, attackers can make more than $1.5 trillion in profits each year, which is roughly equivalent to the entire gross domestic product of Russia.
2. Facebook announces 8,000-word content moderation standard
Facebook, under regulatory pressure, has released an 8,000-word content moderation guideline about what 2.2 billion users can or cannot post on the Facebook site in the future.
This is the first time Facebook has published such detailed content moderation guidelines. Previously, Facebook had only disclosed brief content moderation criteria, citing "too complicated" and refusing to make further disclosures.
3. The world's largest DDos service website was smashed by Europol for providing malicious network attack services
According to CNET, Europol announced that it was shutting down http://Webstresser.org , a website that was clearly selling DDoS cyber attacks. According to Europol, the site has a total of more than 136,000 users and a total of 4 million cyberattacks were launched by April. A DDoS attack forces a target website or server to go offline by flooding the target website or server with requests.
The Dyn attack in 2016 successfully forced major websites such as Twitter, Spotify, and Reddit to temporarily shut down. Hackers would need a lot of equipment if they wanted to launch such an attack – usually hijacked IoT devices, but sites like http://Webstresser.org provide this directly for those willing to pay Serve. This means that criminals do not need technical experts to launch a cyber attack.
4. Private intelligence agency LocalBlox leaked 48 million personal data records
Private intelligence agency LocalBlox exposed 1.2 terabytes of content on AWS cloud storage, and 48 million personal data records were leaked. The leaked information includes name, address, birthday, work experience, consumption history, etc., mostly collected from multiple channels such as Facebook, LinkedIn, Twitter and even Zillow. This is another larger data breach following the Cambridge Analytica Facebook scandal.
5. Orangeworm group attacks global medical institutions, hacking X-ray and nuclear resonance machines
The hacker group Orangeworm recently launched an attack on medical institutions around the world, using the Kwampirs backdoor Trojan to control the computers of X-ray and magnetic resonance machines, researchers have found. It is understood that this hacker group has been active since 2015. 40% of the organizations attacked are medical institutions, and the remaining 60% are also related to the medical industry. This group is not a government-backed APT group and uses the same tactics and malicious programs in every attack and never updates. They used the back door to hack into the computer, gain remote control access, and then search for patient data. This has sounded the alarm for major medical institutions, and the staff must improve their safety awareness, update old equipment in a timely manner, and install anti-virus software.
6. Amazon echo was hacked into qietingqi
Researchers at cybersecurity firm Checkmarx have found a way to turn Amazon Echo smart speakers into eavesdropping devices. Instead of exploiting vulnerabilities in Echo devices or the Alexa service, they only used options available in the Alexa Software Development Kit (SDK), which is intended for Alexa app developers. The Checkmarx team said it used the Alexa SDK to create a calculator app that continued to listen to voices after the user answered, as a way of eavesdropping.
7. Hackers targeted Maotai's anti-counterfeiting electronic labels, and the number of counterfeit numbers reached hundreds of thousands
On April 26, the Higher People's Court of Guizhou Province issued a "Typical Cases of Judicial Protection of Intellectual Property Rights in Guizhou Courts (2017)". One of the "Li Bin and Xu Shouxi counterfeiting registered trademark cases": At the end of October 2015, two hackers named Lin Zhenye and Yupeng cracked the anti-counterfeiting traceability system of Kweichow Moutai Group and added their own fabricated counterfeit anti-counterfeiting data to Moutai Group's anti-counterfeiting data. In the traceability system, the counterfeit data is written into the blank electronic label, so that the counterfeit Maotai wine anti-counterfeiting electronic label forged by oneself can be verified by the anti-counterfeiting traceability system of Kweichow Moutai Group.
8. Middle East ride-hailing giant Careem suffered a cyber attack, 14 million passengers’ information was stolen
Dubai-based ride-hailing giant Careem Networks announced on Monday that it suffered a cyber attack in January that resulted in the theft of the information of 14 million passengers.
The data theft was due to the breach of a computer system used to store customer and driver account information today, January 14. It is reported that the data theft may affect Careem's IPO process.
If you are confused about security, you can click here to seek help from NetEase Cloud Yidun.
Learn about NetEase Cloud:
NetEase Cloud Official Website: https://www.163yun.com/
New User Gift Package: https://www.163yun.com/gift
NetEase Cloud Community: https://sq.163yun.com/