TweakTown NewsRefine News by Category:
The US National Security Agency (NSA) and British GCHQ intelligence agencies plan to step up their cybersecurity cooperation, as both governments face increasing numbers of cyberattacks. The agencies plan to launch cyber war games to test the cybersecurity of financial institutions, hoping to defend against the "biggest modern threats that we face."
"We have got hugely capable cyber defenses, we have got the expertise and that is why we should combine as we are going to, set up cyber cells on both sides of the Atlantic to share information," said British Prime Minister David Cameron during a press conference.
Following mass surveillance operations detailed by former NSA contractor Edward Snowden, critics said the US and UK government should focus on beefing up cybersecurity efforts - instead of spying on citizens, residents, and foreign governments - as cyberespionage campaigns target both countries.
The Lizard Squad made waves with their massive DDoS attacks on PlayStation and Xbox Live networks over the Christmas holiday. These attacks spoiled Christmas for untold millions of people as the DDoS attacks crippled servers and left shiny new game consoles unable to connect to online services. These attacks appear to be part of a larger marketing scheme for the Lizard Squad's DDoS-for-hire services.
The Lizard Squad isn't afraid to taunt authorities and that has drawn even more scrutiny. However, they have been very successful at remaining in the shadows, until now. UK police with the South East Regional Organized Crime Unit (SEROCU) cyber crime unit apprehended an 18-year-old male connected with the recent PlayStation and Xbox Live DDoS attacks. The man was also charged with several swatting incidents, in which a fake police call is made to instigate police raids against others.
Cybercriminals want to breach US companies, stealing data and customer records, and have found surprising levels of success. Some breached companies eventually discover that criminals spent months poking aroun compromised systems, taking their time before stealing large amounts of data.
The US government wants companies to be more forthcoming about data breaches once they are discovered, but some companies - if they actually know about it - remain quiet. Companies will be given some leeway if they inform the Department of Homeland Security (DHS) about cybersecurity incidents after they do occur, according to changes the Obama Administration plans to put in place.
"There is an element of embarrassment at work here," said Robert Cattanach, partner at the Dorsey & Whitney law firm, in a statement published by reporters. "But hacking is not a problem that any one company can solve alone."
The Department of Homeland Security (DHS) is a bureaucratic mess when it comes to cybersecurity - and would be inefficient and overmatched trying to protect citizens and other federal branches. This news comes as part of the "A Review of the Department of Homeland Security's Missions and Performance" report, which heavily scrutinized DHS activities.
"Widespread weaknesses in the federal government's information security practices represent a significant vulnerability that could be exploited by adversaries, creating a potential threat to national security and American citizens," according to the report.
It's not just hacktivists trying to breach US infrastructure, but foreign states with sophisticated cyberespionage programs. The DHS itself has failed in maintaining its own security protocols, let alone trying to secure other departments from potential cyberattack.
The French government announced there are 19,000 civilian websites now under cyberattack by unknown sources, in a wide-ranging attack. The French Defense Ministry recently faced a targeted distributed denial of service (DDoS) attack, according to officials discussing the ongoing cyber operation.
"These attacks have no effect on the conduct of our operations," said Rear Admiral Arnaud Coustilliere, in a statement to CNNMoney. Reportedly, the attacks are targeting websites while hoping for weak cyber defenses, though the top visited French websites appear to be working fine.
Over the past week, cybercriminals have posted pro-Islamic images and messages on various religious groups websites and other sites. The Anonymous hacker group temporarily downed a jihadist website last week and the Charlie Hebdo magazine released a new edition that has sold millions of copies.
The threat of mobile malware continues to increase, with rates jumping 75 percent in 2014, according a report published by Lookout. Mobile users are urged to run some type of anti-virus and anti-malware security platform on their smartphones and tablets, as threats rise.
There are a number of different types of attacks, but ransomware has cybersecurity firms extremely anxious, especially as users download apps and other files from unknown sources. It may be harder to infect users with ransomware, but payouts are larger, as victims have to turn over a ransom for full control of their devices again.
"It all goes back to monetization, what's the endgame?" pondered Kevin Mahaffey, co-founder and CTO of Lookout, in a statement published by CNBC. "While it can be complicated it can generate a huge amount of money. The bad guys aren't stupid and they wouldn't do this if they weren't making money."
A security researcher has developed a USB wall charger that can intercept, log, and decrypt signals sent from Microsoft's wireless keyboards. The KeySweeper was developed by Samy Kamkar, a giving sort, who has released instructions on how to build the device online.
The KeySweeper can be built for as little as $10 and simply appears to be a typical, and functional, USB wall charger. The charger monitors all Microsoft keyboards in range. The transmissions are encrypted, but the researcher has found multiple bugs that enable easy decryption. The design also includes optional features, such as an internal rechargeable battery that keeps the device working even after being unplugged, and SMS notification when keywords are typed into the keyboard.
There is a detailed build log on GitHub, and also a video on YouTube. Microsoft has fired back by insisting that all models manufactured after 2011 feature AES encryption, which isn't decoded by the system, but Samy Kamkar has recently purchased a vulnerable model from Best Buy last month.
Numerous states are now investigating a major data breach suffered by JPMorgan Chase in 2014, asking the company to turn over details regarding its security practices. Customer records that included names, addresses and phone numbers of up to 83 million members were stolen, though account numbers, passwords and Social Security numbers weren't impacted.
"Critical facts about the intrusion remain unclear, including details concerning the cause of the breach and the nature of any procedures adopted or contemplated to prevent further breaches," according to the letter obtained by Reuters, which more than one dozen states sent to JPMorgan Chase.
States also asked if the bank received reports of fraud, and a description of its past and current security protections.
Apple Pay is helping lead a mobile payment revolution, with consumers and retailers seeing a wider number of payment options at checkout. Mobile security is expected to reach upwards of $11 billion in 2015 alone, industry analysts forecast, and trying to keep mobile payment platforms will need special attention.
Upwards of 30 million smartphones could be used for mobile payments worldwide, according to Deloitte, with five percent of NFC-equipped devices estimated to be used for in-store transactions. If interest is accelerating in mobile payment adoption, then it's likely cybercriminals will adapt their attack strategies.
"It's very easy to predict that as the adoption of mobile payment systems like Apple Pay increases, that attacks will grow to follow that," said Chris Doggett, North American managing director at Kaspersky Lab, in an interview with the Washington Post. "It's like that famous saying, 'Why do you rob banks? Because that's where the money is.' If Apple Pay becomes a big, pervasive system for payments, you can be sure that the criminals are going to be right behind, figuring out how to breach Apple's security and how to steal money."
Even with cybercriminals using sophisticated attack methods to compromise companies, business leaders must deal with employees recklessly clicking links and installing unknown software, according to the "2015 State of the Endpoint" study.
Seventy-eight percent of surveyed IT professionals believe careless employees are the biggest threat, 68 percent blame personal devices in the workplace, and 66 percent cite commercial cloud apps used at work.
"Respondents in this year's study have shifted their thinking and are now also attributing endpoint risk to human behavior in addition to particular device vulnerabilities," said Chris Merritt, director of solution marketing at Lumension. "This is a significant cultural shift to note because it illustrates how IT is starting to look at cybersecurity holistically. In addition to technology solutions, in 2015 IT must also take into account company policies and control processes, user awareness and overall employee education."