Utility companies are reportedly being denied insurance coverage for cyberattacks because security defenses are seen as too weak, according to a recent report.
Cyber protection is inadequate and until it is improved industrywide, utility providers are going to be forced to pay high premiums - and security still hasn't improved - only dragging out the process further.
"I think what's behind it is the increase in threats and the fact that a lot of these systems were never previously connected to the outside world," Laila Khudari, insurance underwriter at the Kiln Group, in a statement to the BBC.
U.S. Attorney General Eric Holder believes Congress should make it mandatory for data-breach notification laws to better protect shoppers compromised by data breaches.
"As we've seen - especially in recent years- these crimes are becoming all too common," said U.S. Attorney General Eric Holder in a recent video. "And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cybercriminals to justice, it's time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches."
RSA 2014 - Spike Security will now help users prevent browser-based malware attacks, using its AirGap Enterprise software solution outside of the firewall before malware reaches the network.
The company will use physical isolation, connection isolation, session isolation, and malware isolation to help give users multiple layers of security.
"Enterprise organizations are facing a big problem: the productivity tool that could arguably be considered their most important application - the web browser - is also the primary threat vector for cyber attacks," said Branden Spikes, Spikes Security CEO, in a press statement.
Let's face it, whenever you're shopping and using your credit card, you'll have your smartphone on you, too. Well, now MasterCard is working with network company Syniverse in order to reduce fraud when using your credit cards overseas.
The companies are working on tying your credit card to your smartphone, so that the card is only capable of working when your smartphone is near. Hany Fam, president of global strategic alliances at MasterCard explains: "There have been many attempts to help prevent credit card fraud, but this is the first solution that works globally and without the need for new devices or infrastructure".
If you end up using this new system, you won't feel it in everyday use. Your smartphone will just need to be turned on and kept with you. Syniverse acts on the phone operator's side of things, interconnecting between different networks reaching more than 5 billion mobile devices globally. The company is capable of locating users' phones on their signal alone, without mobile data being enabled, or used.
RSA 2014 - EMC-owned RSA came under fire at the end of 2013 for alleged involvement of providing the NSA a security backdoor in exchange for a $10 million contract.
At a time when companies with even rumored ties to the NSA garner criticism, RSA wanted to clear the air - saying that the RSA, while working with the NSA along with other private industry companies, had its trust exploited by the US government.
"Has RSA done work with NSA... yes," said Art Coviello, RSA executive chairman, during his keynote speech on Tuesday morning. "We spoke to this issue, which is hard to do to provide any context for the state of the industry at the time, and the state of evolution of RSA's business."
RSA 2014 - During the 2014 RSA Conference in San Francisco, the non-profit Software Assurance Forum for Excellence in Code (SAFECode) released software security training courses to help drive interest in better cyber security training.
The free training courses are available via webcast and cover a variety of different topics, including SQL injection prevention to cross site request forgery. Each course is designed to help security experts develop their own internal training programs for use by product developers and others concerned about security.
The current course offerings: Product Penetration Testing 101, Cross Site Scripting (XSS) 101, and Secure Java Programming 101 - SAFECode will launch Secure Memory Handling in C 101, and Using Cryptography the Right Way.
RSA 2014 - EMC-owned security company RSA started its security conference in San Francisco by announcing the Managed Security Partner (MSP) program to boost managed security efforts.
The RSA MSP wants to make it easier to quickly detect, investigate, remediate, and manage security incidents and vulnerabilities. For participating partners, it opens the door to rapid adoption to a slew of different RSA products.
Almost nine out of 10 compromises took only a few hours or less, though 66 percent of cases weren't discovered quickly - and with increasingly sophisticated cyberthreats, it's even more critical to create modernized security solutions.
Cybercriminals enjoy using mobile malware to create vulnerabilities, with around 100,000 new malicious programs introduced in 2013 - more than double the 40,059 samples that went live in 2012.
Russia (40%), India (8%), Vietnam (4%), Ukraine (4%) and the United Kingdom (3%) led the list with users under attack the most, and the majority of mobile malware threats are aimed towards stealing money. Banks and mobile customers are under fire and need to be vigilant, ensuring some type of anti-malware solution is being used to better protect smartphones and tablets.
"Today, the majority of banking Trojan attacks target users in Russia and the CIS, said Victor Chebyshev, Kaspersky Lab Virus Analyst, in a press statement. "However, that is unlikely to last for long: given cybercriminals' keen interest in consumer bank accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014. We already know of Perkel, an Android Trojan that attacks clients of several European banks, as well as the Korean malicious program Wroba."
RSA 2014 - PC and server maker Hewlett-Packard and security solutions company Trend Micro have teamed up to introduce new software to defend against targeted attacks. The new effort combines Trend Micro's Deep Discovery with HP's TippingPoint, with the new solution aimed at effectively detecting, reporting, and blocking data breaches.
HP relies on software and vendor products to help keep its PCs, servers, and other products protected - and creating custom partnerships will allow for a great opportunity to keep products more secure.
"Cyber criminals are going well beyond traditional malware and conventional attack vectors, and enterprise need protection that keeps pace and adapts faster than the adversaries," said Rob Greer, HP TippingPoint Enterprise Security Products, in a statement. "Collaborating with pioneering security companies like Trend Micro supports our mission to deliver the most comprehensive solutions on the market to block and remediate advanced threats."
Security company CloudFlare announced it has acquired StopTheHacker, a small company specializing in anti-malware software, with the San Francisco company strengthening its own product portfolio.
Financial information about the deal wasn't disclosed.
Due to an increase in malware sophistication, interest in stopping the malicious code has become a bigger action item. For current StopTheHacker customers, CloudFlare promises things will remain normal as the company is absorbed:
To help companies trying to embrace the "bring your own device" craze, Dell has launched its SonicWall mobile security platform for managed and unmanaged tablets and smartphones.
Dell included SonicWall Mobile Connect 3.0 and SonicWall secure remote access (SRA) 7.5 with its latest software update, giving administrators new abilities to ensure their networks are as secure as possible.
"In today's mobile workplace, it is vitally important to enable remote and mobile employees to maintain their productivity without compromising network security," said Patrick Sweeney, Dell Security Products Director of Product Management, in a press statement. "The co-mingling of business and personal applications and data on mobile devise presents an even greater challenge to IT when it comes to providing users with mobile access to everything they need to do their jobs, but still protecting corporate data - in-flight, at rest on the device, and on the network - from the multitude of threats posed by mobile devices."
Hewlett-Packard wants to push the boundaries of cyber threat collaboration, hoping to bring organizations together in an effort to share threat intelligence.
In 2013 alone, companies across the world spent an estimated $46 billion to counter cyberthreats - but the number of attacks actually increased 20 percent - and HP hopes to reduce the number of attacks.
"Collaboration is fueling unprecedented innovation in the criminal marketplace, enabling the ecosystem of adversaries to stay ahead of our defenses," said Art Gilliland, HP Enterprise Security Products SVP, in a press statement. "Crow-sourced threat intelligence from our vast community of customers, partners and researchers is essential in this battle against cyercrime; we need to stop chasing silver bullet technologies and start sharing actionable intelligence through our solutions, expertise and best practices if we are going to compete and win."
Around 80 percent of the top 25 small office/home office (SOHO) wireless routers available on Amazon are susceptible to security vulnerabilities that put users at risk, according to research recently compiled by security and compliance company Tripwire.
The Tripwire Vulnerability and Exposure Research Team (VERT) also found that 34 percent of the top 50 best-selling routers have publicly documented exploits out in the wild.
"Unfortunately, users don't change the default administrator passwords or the default IPs in these devices and this behavior, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious web sites, browser plugins, and smartphone applications," said Craig Young, Tripwire security researcher, in a press statement.
During the RSA Conference 2014, Novetta Solutions and Teradata teamed up to develop the Novetta Cyber Analytics solution to help keep corporate networks more secure.
The new analytics platform will make it easier for security experts to accelerate interruption of attacks while also quickly identifying the who, what, where, when, and why regarding cyberattacks.
"Our customers want a cyber security analytics capability that minimizes the time between network intrusion, discovery and recovery," said John Buke, Teradata VP of industry marketing, in a press statement. "The new Novetta Cyber Analytics solution with Teradata's high-performance analytic data platform provides greater context and deeper perspective into data in motion on the network."
Cyber criminals are increasingly focused on exploiting vulnerabilities and installing malicious software for profit, with underground trading places providing tools to make cyberattacks easier. To make matters worse, there is an increasing number of criminals willing to modify malicious code - or rent their services - to groups willing to make payments.
Most organized hacking seems to be traced back to eastern Europe and China, but recently major exploits tend to indicate criminal groups in Spain and other parts of western Europe. However, some previous malicious code revealed code writers were intentionally trying to leave bread crumbs that would make authorities waste time searching elsewhere.
Hackers and cybercrime used to be a rather solitary effort, the ability to work as a team and share thoughts and ideas leads to more sophisticated attacks reaching the wild even faster.
Following former NSA contractor Edward Snowden's disclosure of widespread spying by the U.S. government, there has been a massive push to develop privacy-centric software and hardware. During the 2014 RSA Conference, which begins on Monday in San Francisco, data security and privacy solutions will be demonstrated at a frantic time in the industry.
In addition to the "Blackphone" being publicly unveiled, Google Android apps to better protect smartphones and tablets from sophisticated malware will also be shown off. Software security company AVG plans to release a "privacy fix" to identify what information companies can easily find about individual users.
The RSA Conference 2014 begins on Monday in San Francisco and has quite a bit of controversy and confusion heading into the event. In addition to increased security interest following former NSA contractor Edward Snowden's disclosures last year, the RSA brand is under fire for reportedly accepting payment to create a backdoor for NSA snooping.
RSA is expected to focus on mobile and cloud security, customer privacy, and better strategizing future security efforts. Large tech security conferences also tend to be a good location for corporations to look at technology created by smaller companies, with a flood of acquisitions expected in 2014.
Companies searching for new methods to keep networks safe and defend against cyberattacks are increasingly turning to strong authentication and one-time passwords, according to market research firm Frost & Sullivan.
Strong authentication is the technique used by banking and financial institutions, while one-time passwords are single-use passwords that better protect against phishing and other security breaches.
Smaller boutique security vendors have popped up to help fill the void in a booming security market. Since more companies and consumers are scrambling for security solutions this will lead to a market of acquisitions as larger companies gobble up smaller, niche security firms.
Cybercriminals are successfully using malware to steal customer debit and credit card information, company customer lists, and sensitive data seemingly at will. Underground forums have become a popular destination for criminals buying and selling stolen personal information, with analytics used to detail credit limits and which banks have more lenient security procedures in place.
In one underground forum, for example, a list of 10,000 e-mails - broken down by age, gender, and geographic location - for just $79 for purchase, and there are plenty of similar offers available. Key logger software can be purchased for $35-$50, and customizations can be added for a slightly increased fee.
After the recent Target data breach, which affected more than 70 million in-store customers, more Internet users are becoming aware of cyber threats. Banks have already paid more than $200 million in costs related to the breach, and that number is only expected to increase over the next few months.
In an attempt to attack North Korean nuclear facilities, the South Korean government wants to develop cyberwar weapons to target critical infrastructure. Similar to the Stuxnet software aimed towards Iran, South Korean wants to use software to disrupt its neighbors to the north, even with military analysts hesitant to condone significant attacks.
Earlier in the month, U.S. and South Korean officials held continued meetings regarding cybersecurity efforts to protect both nations from prying eyes in China, North Korea, and other locations. There is continued concern regarding North Korea's nuclear ambitions, and excluding an actual military strike, cyberattacks are believed to be the next option as diplomatic efforts have struggled.
The South Korean government also plans to increase funding for home-grown startups, with software and cyber development expected to be a major effort. The United States and western allies would be able to share information with South Korea, offering a unique perspective into functional cyber weapons.
However, there will be mounting concern that a physical cyberattack could harm infrastructure that wasn't initially targeted.
Mobile app infections in the Google Play app store have increased almost 400 percent from 2011 to 2013, according to online security group RiskIQ. Just three years ago, there were around 11,000 malicious apps available in the store, but that drastically increased to at least 42,000 by 2013, with Google trying to continue to fight back.
Around 12.7 percent of apps in the store are said to be compromised, with less than a quarter of the apps removed. The following categories were targeted the most: personalization, entertainment, education/books, media/audio video, and sports apps, according to RiskIQ.
"The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data," said Elias Manousos, RiskIQ CEO, in a press statement. "Malicious apps are an effective way to infect users since they often exploit the trust victims have in well known brands and companies they do business with like banks, insurance companies, healthcare providers and merchants."
The Android OS has seen continued adoption on multiple smartphones and tablets - but security issues have given security companies the opportunity to release next-generation security platforms.