Apple’s App Store a monopoly?

The Washington Post reported a 7 year old case will be considered by the US Supreme Court as to whether “Apple has “monopolized” the market for iPhone apps because it has total control over the games, utilities and other offerings that appear in its App Store.”  The June 18, 2018 article entitled “The Supreme Court will wade into a fight over Apple’s tightly controlled App Store” included these comments:

The lawsuit could force Apple to rethink the way it manages its App Store, long considered one of the most highly curated platforms in the business.

For one thing, Apple generally takes a 30 percent cut of all third-party apps sold through its portal.

In the eyes of the plaintiffs, that fee ultimately hurts consumers, because developers pass those added costs on to iPhone and iPad users who purchase the paid apps.

This case could also impact Google’s Android store and impact millions of users around the world!

WOW! Cyber theft of $1.1 billion of cryptocurrencies in the past 6 months!

Bankinfosecurity.com reported that to “steal cryptocurrency, attackers continue to leverage malware, phishing attacks and fake advertising campaigns.”  The June 12, 2018 article entitled “Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months” included the comments from endpoint security firm Carbon Black “which analyzes cryptocurrency attacks that have been seen over the past six months”:

 

There are currently an estimated 12,000 dark web marketplaces selling approximately 34,000 offerings related to crypto theft,…which says the tools cost anywhere from $1 to $1,000, with an average cost of $224.

….also identified a sweet spot in malware pricing for cryptocurrency-related attacks at around $10.

 

So maybe cryptocurrencies are not all that safe from cyber criminals!

74 arrested for Spearphishing (cyber fraud aka Business Email Compromise - BEC) for theft of +$16m!

The US Department of Justice announced the arrest of 74 criminals, including 42 in the US, who made millions “targeting employees with access to company finances and businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” The June 11, 2018 Press Release entitled “74 Arrested in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes” included a description of these most popular Spearphishing schemes:

”Romance scams,” which lull victims to believe that their online paramour needs funds for an international business transaction, a U.S. visit or some other purpose;

“Employment opportunities scams,” which recruits prospective employees for work-from-home employment opportunities where employees are required to provide their PII as new “hires” and then are significantly overpaid by check whereby the employees wire the overpayment to the employers’ bank;

“Fraudulent online vehicle sales scams,” which convinces intended buyers to purchase prepaid gift cards in the amount of the agreed upon sale price and are instructed to share the prepaid card codes with the “sellers” who ignore future communications and do not deliver the goods;

“Rental scams” occur when renters forward a check in excess of the agreed upon deposit for the rental property to the victims and request the remainder be returned via wire or check and back out of the rental agreements and ask for a refund; and

“Lottery scams,” which involves persons randomly contacting email addresses advising them they have been selected as the winner of an international lottery.

Given the great success for Spearphising criminals it is unlikely to they will ever leave this space!

Wow, 30 day notice of cyber breach in new Colorado law trumps HIPAA!

Darkreading.com reported “Under the new law, if an individual’s personal information is part of a breach, he must be notified within 30 days after discovery — no exceptions.” The June 7, 2018 article entitled “New Colorado Breach Notification Rules Signed Into Law” included these comments about the new law signed by Gov. John Hickenlooper last week:

The new notification requirement will have a special impact on organizations that must notify individuals of a HIPAA breach because it takes precedence over the federal 60-day notification window.

Notification requirements include telling affected individuals which data was released and the estimated data of the breach.

Of course the biggest problem with the the new Colorado law is how little we know within 30 days of a cyber breach!

Ransomware is #1 for Cyberinsurance claims!

HealthITSecurity.com reported that more “…than one-quarter of cyber insurance claims received by AIG last year were the result of ransomware attacks, the largest percentage of any cyberattack type, according to the insurance giant’s 2017 cyber insurance claim statistics.”  The June 4, 2018 report entitled “Ransomware Attacks Topped List of Cyber Insurance Claims” included these concerns:

…a ransomware attack is the type of cyberattack that most worries healthcare IT professionals, according to a survey of HIMSS18 attendees by security firm Imperva.

Here are the top cyber insurance claims from the AIG Cyber Claims Study 2018:

26% Ransomware

12% Data breach from hackers

11% Other security failure/unauthorized access

9% Impersonation fraud

8% Other virus/malware infections

8% Other

7% Data breach due to employee negligence (i.e., sending wrong data)

6% Physical loss or theft of information assets

4% Legal/regulatory proceedings based on violations of data privacy regulations

4% System failure/outage

3% Other cyber extortions

2% Denial of Service Attacks

Here are the top cyber insurance claims by industry from AIG Cyber Claims Study 2018:

18% Professional Services

18% Financial Services

12% Retail/Wholesale

10% Business Services

10% Manufacturing

8% Communications Mediat & Technology

5% Hospitality & Leisure

5% Public Entity & Non-Profit

4% Transportation

8% Other Industries (Food & Beverage, Construction, Real Estate, Agriculture, Information Services)

It will be interesting to see cyberinsurance claims are made in the future!