Miscellaneous Notes

FBI to Companies: We Need Your Help on Cybercrime (WSJ.com, 9/15/14)
The Federal Bureau of Investigation is looking to work with companies in the fight against cybercrime, Director James
Comey told an audience of compliance professionals on Monday. Speaking at the Society of Corporate Compliance and
Ethics conference in Chicago, Mr. Comey noted the potential peril of the "Internet of things"-the concept of everyday
electronic devices such as appliances being connected to the Internet-as the same conveniences of having everything
connected to everything else also can be exploited by cyber criminals.To better combat the cyber threats coming from all corners of the globe, Mr. Comey said the FBI is trying to get better at predicting "where a threat is moving, where it is going next." To that end, the FBI and other federal agencies are working more closely to fight cybercrime, and they have created a center where they coordinate who will respond to a particular threat. But the government can't effectively fight the cyber threat without help from the private sector, and the FBI is looking to work with companies to share information about threats and to get companies to share intelligence
that may be coming from their employees, Mr. Comey said

NIST offers help in securing printers, copiers, scanners from cyber intrusions
Individuals and organizations shouldn't just worry about protecting their computers connected to the Internet from cyber threats and attacks. They also need to worry about the potential for printers, copiers and scanners being hacked. The National Institute of Standards and Technology recently released draft guidance pointing out the risks and vulnerabilities of so-called replication devices, which increasingly also include 3D printers and scanners.
Besides reminding people about potential cybersecurity problems, it offers advice on how such devices and information that's stored or transmitted can be better protected. Historically, people and organizations didn't have to worry about
threats to such devices because these machines were limited to basic copying, scanning and printing. Now, most are
connected to networks and they can be accessed and managed remotely.

Financial Trojans: Tools for Espionage
(Govinfosecurity, 9/23/14)
Financial cybercrime Trojans, originally used to steal credentials from online banking users, are increasingly being used for espionage purposes. For example, the Zeus Trojan variant known as Citadel has been seen in the wild targeting non-banking firms, including a petrochemical manufacturer, according to IBM's Trusteer security division. IBM's Trusteer, warns that it's discovered a Citadel variant that's been tweaked for espionage purposes, and which is being used to target a number of organizations, including an unnamed chemical manufacturer.
Adapting banking Trojans for espionage purposes isn't difficult, experts say. That's because many types of banking malware - including Zeus, Citadel, Shylock, SpyEye - are built to give attackers easy-to-use Web injection - or "man in the browser" - capabilities that allow the malware to hook into Windows processes. Many types of malware ship with Web injection capabilities pre-customized for a number of banks, while also allowing users to create their own customizations.