Tag Archives: stx

Cyberheist Dumps Seagate Technology, Snapchat Deep In Phishing Hole

A sprawling tax-fraud scheme duped Seagate Technology ( STX ) and Snapchat into dispensing thousands of W-2 forms, highlighting a major fissure in the cybersecurity industry, a Proofpoint ( PFPT ) representative said Thursday. The breach exposed nearly 10,000 former and current Seagate employees, according to a statement from the data storage firm. The breach was discovered March 1 on the heels of a similar attack on photo-sharing app Snapchat. Seagate stock fell 3.5% Tuesday as the news made headlines and fell a fraction Wednesday before rising 2.2% Thursday. Seagate confirmed the breach in an email to IBD. “The information was sent by an employee who believed the phishing email was a legitimate internal company request,” Seagate said. Released information includes Social Security numbers, birthdates and addresses of anyone employed by Seagate in 2015. Phishing Attacks On The Rise Phishing attacks on businesses are becoming more prevalent, Ryan Kalember, Proofpoint senior vice president of cybersecurity strategy, told IBD. He refers to it as “impostor fraud.” The W-2 attack is just the most recent iteration, he said. Snapchat admitted to a similar attack on Feb. 28 in a blog post titled “An Apology to Our Employees.” The scammer impersonated CEO Evan Spiegel , successfully asking for payroll information. Internal systems and user information remained secure. Both Seagate and Snapchat reported the attacks to the FBI, which recorded more than $215 million lost in phishing attacks between October 2013 and December 2014, according to a report in January. Both firms also offered two years of credit monitoring for the victims. “When something like this happens, all you can do is own up to your mistake, take care of the people affected and learn from what went wrong,” Snapchat wrote. Tax fraud phishing is seasonal, Kalember noted. Wire transfer requests are also popular — and thrifty — modes of generating a lot of money. Networking firm  Ubiquiti Networks ( UBNT ) found that out the hard way last August after a phisher tricked it into wiring $46.7 million overseas. Spear-Phishing Targets Companies And scammers are becoming more sophisticated, says Slawek Ligier,  Barracuda Networks ’ ( CUDA ) vice president of product development. “Spear-phishing” and “whaling” involve targeting someone with either money or access. Tricky email tactics — changing the “N” in Barracuda Networks to “M” or spoofing a CEO’s email address — tend to reap the most success, Ligier told IBD. From there, scammers indulge in a series of social engineering measures. “They don’t want to waste their time on people who won’t fall for it,” he said. “But the scammer will really invest a lot of time and effort to slowly reel their victim in.” Stickier yet, there are legitimate reasons to spoof a CEO’s email, Kalember says. A company will allow a third-party to spoof an email — make it appear as if the email is coming from that CEO — for marketing purposes. A spoof can use any display name that the spoofer chooses. Traditional email protection services can’t deal with spoofs, Kalember says. “Defenses are looking for malware, and they are not equipped for this,” he said. “There is no malware. There is no payload. And the tricky part is, there’s also legitimate business emails from people who need their W-2s.” Scammers Rely On Social Engineering Agari CEO Patrick Peterson says his privately held company aims at this problem. Cisco Systems ( CSCO ) IronPort business veterans (Cisco bought IronPort in 2007) founded Agari, which uses proprietary technology to filter out phishing emails, Peterson told IBD. It differs from Proofpoint, which plans this quarter to flag phishing emails in the same vein as spam and “adult content.” “When (executives) see these stories about Seagate, I imagine they break out into a cold sweat, thinking they have no solution,” Peterson said. Spear-phishers differ from mass phishers. The latter sends a blast email hoping to dupe a few vulnerable people. The former involves more research and relies on social engineering to persuade a target of its legitimacy. “The best defense we have today — which is a pretty crappy one — is telling people to be careful,” he said. At the annual cybersecurity RSA Conference last week in San Francisco, Calif., executives were most concerned about phishing scams, he said. Malware detection has become so sophisticated that scammers have been forced to rely on the weak human link. So far, it’s working. Recent breaches of the Office of Personnel Management, Anthem ( ANTM ), Sony ( SNE ) Pictures Entertainment and Target ( TGT ) also began with a phishing email; they account for about 90% of all attacks, Peterson said. “This really serves as a wake-up call to the tech industry to dig deep and find solutions,” he said. “Unfortunately, my crystal ball says we’re going to see a lot more of these notices.”

Can Apple Supplier Broadcom Afford Another Shopping Spree?

Apple ( AAPL ) supplier Broadcom ( AVGO ) could follow its $37 billion Avago Technologies merger by shedding $1 billion in assets to launch another M&A charge, says MKM analyst Ian Ing. Ing reiterated his buy rating on Broadcom stock, but cut his price target to 160 from 163, citing wireless seasonality. Broadcom stock rose 1.7% Wednesday and was up a fraction in afternoon trading in the stock market today , near 131. The companies completed their merger on Feb. 1, taking the Broadcom name but keeping the Avago stock ticker. When announced last March, it kicked off a record-busting $100 billion in 2015 chip sector M&A deals. Analysts say the frenzy shows no sign of slowing as organic growth decelerates and costs rise. But the chip sector has been quiet on the M&A front this year. Broadcom will likely sell $500 million in assets to de-lever from its Q1-completed merger, Ing wrote in a research report. “For Broadcom, data center/networking product cycles have become more meaningful,” he wrote. “And the story increasingly revolves around a quick deleverage and return to semiconductor consolidation via accretive deals.” A number of small chipmakers — $2 billion and less market caps — are eyeing Broadcom’s design team and business units, Ing wrote. Although $1 billion would be a fast deleverage, half that is more likely. “We do not expect as significant monetization of Broadcom units as occurred with LSI,” Ing wrote. Avago acquired LSI in May 2014 for $6.6 billion, then sold LSI’s flash unit to  Seagate Technology ( STX )  for $450 million and LSI’s networking business to  Intel ( INTC ) for $650 million. Post-merger, Broadcom is less exposed to Apple, which is experiencing slowing iPhone sales. In January, a Credit Suisse analyst estimated 24% of the former Avago’s sales stemmed from Apple. The former Broadcom was 14% tied to Apple in 2014. Joined, Broadcom-Avago gets about 8%-9% of its sales from Apple, Ing estimated. Broadcom is slated to report fiscal Q1 earnings after the close March 3.

Could Micron Swipe Western Digital’s SanDisk Deal?

SanDisk (SNDK) is not “the pristine, irresistible asset it seemed several quarters ago,” according to Summit Research. But at least two analysts see additional bidders possibly attempting to one-up Western Digital (WDC)’s $19 billion offer for the flash memory chipmaker. There’s a “50-50 chance” Micron Technology (MU), Seagate Technology (STX), Samsung or SK Hynix could attempt to acquire SanDisk, Summit Research analyst Srini Sundararajan wrote