Tag Archives: technology

Cyberheist Dumps Seagate Technology, Snapchat Deep In Phishing Hole

A sprawling tax-fraud scheme duped Seagate Technology ( STX ) and Snapchat into dispensing thousands of W-2 forms, highlighting a major fissure in the cybersecurity industry, a Proofpoint ( PFPT ) representative said Thursday. The breach exposed nearly 10,000 former and current Seagate employees, according to a statement from the data storage firm. The breach was discovered March 1 on the heels of a similar attack on photo-sharing app Snapchat. Seagate stock fell 3.5% Tuesday as the news made headlines and fell a fraction Wednesday before rising 2.2% Thursday. Seagate confirmed the breach in an email to IBD. “The information was sent by an employee who believed the phishing email was a legitimate internal company request,” Seagate said. Released information includes Social Security numbers, birthdates and addresses of anyone employed by Seagate in 2015. Phishing Attacks On The Rise Phishing attacks on businesses are becoming more prevalent, Ryan Kalember, Proofpoint senior vice president of cybersecurity strategy, told IBD. He refers to it as “impostor fraud.” The W-2 attack is just the most recent iteration, he said. Snapchat admitted to a similar attack on Feb. 28 in a blog post titled “An Apology to Our Employees.” The scammer impersonated CEO Evan Spiegel , successfully asking for payroll information. Internal systems and user information remained secure. Both Seagate and Snapchat reported the attacks to the FBI, which recorded more than $215 million lost in phishing attacks between October 2013 and December 2014, according to a report in January. Both firms also offered two years of credit monitoring for the victims. “When something like this happens, all you can do is own up to your mistake, take care of the people affected and learn from what went wrong,” Snapchat wrote. Tax fraud phishing is seasonal, Kalember noted. Wire transfer requests are also popular — and thrifty — modes of generating a lot of money. Networking firm  Ubiquiti Networks ( UBNT ) found that out the hard way last August after a phisher tricked it into wiring $46.7 million overseas. Spear-Phishing Targets Companies And scammers are becoming more sophisticated, says Slawek Ligier,  Barracuda Networks ’ ( CUDA ) vice president of product development. “Spear-phishing” and “whaling” involve targeting someone with either money or access. Tricky email tactics — changing the “N” in Barracuda Networks to “M” or spoofing a CEO’s email address — tend to reap the most success, Ligier told IBD. From there, scammers indulge in a series of social engineering measures. “They don’t want to waste their time on people who won’t fall for it,” he said. “But the scammer will really invest a lot of time and effort to slowly reel their victim in.” Stickier yet, there are legitimate reasons to spoof a CEO’s email, Kalember says. A company will allow a third-party to spoof an email — make it appear as if the email is coming from that CEO — for marketing purposes. A spoof can use any display name that the spoofer chooses. Traditional email protection services can’t deal with spoofs, Kalember says. “Defenses are looking for malware, and they are not equipped for this,” he said. “There is no malware. There is no payload. And the tricky part is, there’s also legitimate business emails from people who need their W-2s.” Scammers Rely On Social Engineering Agari CEO Patrick Peterson says his privately held company aims at this problem. Cisco Systems ( CSCO ) IronPort business veterans (Cisco bought IronPort in 2007) founded Agari, which uses proprietary technology to filter out phishing emails, Peterson told IBD. It differs from Proofpoint, which plans this quarter to flag phishing emails in the same vein as spam and “adult content.” “When (executives) see these stories about Seagate, I imagine they break out into a cold sweat, thinking they have no solution,” Peterson said. Spear-phishers differ from mass phishers. The latter sends a blast email hoping to dupe a few vulnerable people. The former involves more research and relies on social engineering to persuade a target of its legitimacy. “The best defense we have today — which is a pretty crappy one — is telling people to be careful,” he said. At the annual cybersecurity RSA Conference last week in San Francisco, Calif., executives were most concerned about phishing scams, he said. Malware detection has become so sophisticated that scammers have been forced to rely on the weak human link. So far, it’s working. Recent breaches of the Office of Personnel Management, Anthem ( ANTM ), Sony ( SNE ) Pictures Entertainment and Target ( TGT ) also began with a phishing email; they account for about 90% of all attacks, Peterson said. “This really serves as a wake-up call to the tech industry to dig deep and find solutions,” he said. “Unfortunately, my crystal ball says we’re going to see a lot more of these notices.”

Biogen’s Best-Selling Drug Loses Patent In EU, Says Cowen

A European court revoked a patent on Biogen ‘s ( BIIB ) multiple-sclerosis drug Tecfidera on Thursday, according to an analyst at Cowen & Co. Eric Schmidt wrote in a brief note Thursday afternoon that a European Union court had revoked European Patent EP2137537, which covered the 480-mg-per-day dose of Tecfidera, which first launched in 2013. The patent, which expires in 2028, is one of four that Biogen holds on Tecfidera in the EU, along with a 10-year period of market exclusivity due to its classification as a “new active substance.” “The U.S. patent equivalent of the ‘537 patent is the ‘514 patent, which is being challenged in an interference proceeding by Forward Pharma ( FWP ),” Schmidt wrote. “While we don’t know the rationale behind the revocation of the ‘537 patent, we assume it also has to do with Forward Pharma, which claims an earlier filing date for a similar invention.” Schmidt wrote that Biogen will probably appeal the decision, which would suspend the revocation for as long as four years as the court battle goes on. If the appeal fails, he estimates that over $1 billion in sales — about a quarter of the worldwide total — will be at risk. Tecfidera is currently Biogen’s top-selling drug, providing a third of revenue last year. The news came out shortly before the close, as Biogen stock followed the rest of the market by rising early but then erasing its gains. It close down 1.4% at 251.97. Forward Pharma closed down 0.8% at 13.17 but was up 6% in after-hours trading.