TweakTown NewsRefine News by Category:
Eighty-two percent of US companies suffered at least one cyberattack in the past 12 months, with 46 percent reporting at least three or more, according to a Malwarebytes report that Lawless Research conducted. Mobile security issues garner a lot of attention, but exploitable browser vulnerabilities provide the most pressing concern at the moment.
Trying to defend against these malicious attacks has allowed the cybersecurity industry to grow at a rapid pace - and as software and hardware security both improve - retailers, financial institutions, and governments remain concerned of looming attacks.
There has been a rise in ransomware attacks, survey respondents noted, and infection levels have been relatively low - but cause great concern for executives.
Several high-profile cyberattacks launched against Apple have revealed OS X and iOS aren't as secure anymore, with criminals trying to compromise both operating systems. Enterprise workers are at risk because of Apple taking a "whack-a-mole" approach to security, which is a major threat with sophisticated spear-phishing attacks.
"Apple's responses to the WireLurker and Masque Attack operations illustrate that iOS is entering the 'whack-a-mole' era of malware defense, similar to that experienced during the last decade with PCs," said Dave Jevans, Marble Security founder and CTO. "Being proactive rather than reactive is essential in preventing these ioS vulnerabilities and exploits from affecting enterprise networks, and implementing mobile device security solutions is a huge step in achieving this."
Sophisticated cyberattacks target most major technology companies, but Apple previously was left relatively unscathed from most malicious code. However, cybercriminals want to find strategies to steal information and conduct data breaches, with a specific focus on compromising iPhones and iPads in the workplace.
Remember the Sony Pictures hack that saw employee's computers compromised and in-cinemas movies be released to the public? Well, according to recent news - this hack is even more in depth that originally thought.
Thanks to Gizmodo we were able to learn some more information regarding the whole ordeal, including various issues that Sony may face in the near future. As according to BuzzFeed, the 40 gigabytes of data released by these hackers contained everything from medical records to unreleased movie scripts - being claimed as one of the worst corporate hacks in history.
When the Target data breach occurred in late 2013, millions of Americans were at risk of fraud and identity theft - and it was the first of multiple major data breaches to hit retailers. Unfortunately, it seems unlikely all retailers have improved their security well enough to prevent a breach, and cybercriminals will probably claim at least one more victim before the end of the year.
More retailers are encrypting card numbers in their databases and installing additional secure card readers in their stores, but didn't move fast enough - so consumers aren't more secure in late 2014 than they were last year.
"If a retailer is compromised this holiday season, that announcement will probably be delayed until January," said Alphonse Pascual, Javelin Strategy & Research director of fraud and security. "For the consumer that means stepping in line at checkout or even shopping online is still tantamount to Russian roulette when it comes to using their credit and debit cards."
Data breaches have become an unfortunate reality for US consumers, and the problem seems likely to accelerate in 2015 while cybercriminals perfect their craft. Cybercriminals are aware banks are increasingly issuing chip-and-PIN credit cards - as retailers also switch to support the more secure cards - and will try to compromise companies as fast as they can in early 2015.
"There will absolutely be more breaches in 2015 - possibly even more than we saw in 2014 due to the booming underground market for hackers and cybercriminals around both credit card data and identity theft," said Kevin Routhier, Coretelligent founder and CEO. "This growing market, coupled with readily available and productized rootkits, malware and other tools will continue to drive more data breaches in the coming years as this is a lucrative practice for enterprising criminals."
In addition to consumer payment data, medical records will continue to prove lucrative to cybercriminals. Healthcare providers and companies hosting confidential payment information will have to prepare for an increase in attacks designed to steal this data.
Sony Pictures Entertainment and the FBI are still investigating a massive data breach the company endured last week, and it is up to the Internet service providers to "step-up and take some responsibility," according to a British politician.
Piracy is a huge international problem," said Mike Weatherley, former UK parliament member, in a statement to TorrentFreak. "The recent cyberattack on Sony and subsequent release of films to illegal websites is just one high-profile example of how criminals exploit others' intellectual property."
This isn't a new tactic by US and British politicians, as they want to find methods to get ISPs and technology companies to crack down on piracy.
The Target breach was a nasty wakeup call for retailers, cybersecurity experts and consumers, as criminals were able to compromise millions of American shoppers. Since the incident, there has been a reported eight percent increase in IT security spending, but that still hasn't been able to slow down a tidal wave of follow up breaches.
"The reality is that companies that have taken these steps are treating the symptoms but not the underlying problems," said Dr. Barbara Rembiesa, CEO of the International Association of Information Technology Asset Managers (IAITAM). "By focusing only on narrowly focused and superficial IT security 'solutions,' companies are putting the cart before the horse and they're going nowhere."
In fact, security issues will continue to plague retailers in 2015, with companies too focused on trying to fix IT security gaps while not looking at the big picture. Dr. Rembiesa recommends companies to be fully aware of their PC systems and networks, as they cannot defend against a breach if they didn't know which systems are working on their networks.
The Sony Pictures hack has had an immediate impact in the form of several soon-to-be-released movies popping up on torrents, and Sony's employee personal records and passwords have also been leaked. Sony has been placed into a lockdown of sorts, and employees are not being allowed to login to their computers. The long-term effects may be even more devastating, as the FBI is warning that the malware used to execute the Sony attack is on the loose. The FBI's five-page flash warning was issued to major US corporations on Monday. The malware was specifically created to attack Sony, but other hackers often modify existing malware for their own purposes. There is an increasing threat of hackers creating a large number of mutations now that the exceptionally virulent bug is on the loose.
The nefarious bug not only steals data, but it also eventually overwrites all information on the storage device. This is particularly devastating. Once overwritten, the data is almost surely unrecoverable. The malware even overwrites the Windows master boot record (MBR), which makes any hope of salvaging data even harder. The warning from the FBI is targeted at businesses, but as with any malware, it will soon trickle out to the wider world at large. Nation-state developed malware is on the rise as shadowy global cyber-warfare campaigns continue unabated. Nations have many more resources at their disposal to create these electronic arms of mass destruction, but completely ignore the fact that these sophisticated hacks eventually spread to the public.
Iranian hackers continue to develop their cyberattack capabilities, and have breached some of the leading energy infrastructure and transport companies, potentially leading to physical damage, the Cylance cybersecurity firm warned.
As part of the widespread campaign, companies in the United States, China, Israel, Germany, France, India and Saudi Arabia have been hit - with industries ranging from aerospace research companies, universities, energy firms, telecommunications operators and hospitals being compromised.
"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world's physical safety," the Cylance report claimed.
It may have taken the federal government longer than cybersecurity experts would have liked, but the FBI is increasingly working with private sector companies to identify cyberattacks. Recently, the FBI issued a warning about cyberattackers using malware to breach companies, such as the recent Sony Pictures Entertainment attack.
The FBI has become more proactive in its efforts to warn companies and critical infrastructure of potential cyberattacks. "The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations," said Joshua Campbell, FBI spokesman. "This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals."
These types of "destructive" cyberattacks have been launched against companies in the Middle East and Asia - and it would appear the United States is next on the target list, the FBI warns.