TweakTown NewsRefine News by Category:
The United States pointed towards North Korea being behind the massive Sony Pictures data breach, and many have argued for some type of retaliation against the country. However, trying to determine how to seek revenge on the North Korean government, in regards to cyberattacks, remains difficult. Trying a cyberattack in response would be risky, as the US has significantly more to lose if the North Koreans, along with its allies, decide to escalate the issue further.
"Nothing more," said Christopher Budd, online security communications professional, in a post published by GeekWire. "Yes, you read that right: nothing more. I believe that the U.S. should do nothing more in response to this situation than they already have: naming North Kore clearly as being behind this."
It seems more likely the US government will impose further sanctions on North Korea - and perhaps find ways to hurt the country's economy even further. Another idea is to find a way to distribute "The Interview" inside of North Korea, along with distributing "Team America" into the country - but that seems rather far-fetched.
Cyber espionage is a growing underworld business, with small nation states and foreign terror groups continuing to launch cyberattacks against enemies, according to a report released by McAfee Labs. Everything from distributed denial of service (DDoS) attacks to malware being delivered via social engineering techniques are being added to cyber arsenals, used by increasingly sophisticated groups.
Established nations with cyber warfare programs will look for stealthier methods to gather intelligence and cripple political and military rivals - and developing cyber espionage programs remain dedicated to stealing finances and causing disruptions.
"Of particular note, McAfee Labs now sees sophisticated Eastern European cybercriminals shifting from quick, direct attacks on financial-institution customer credentials (leading to financial theft) to a more sophisticated advanced persistent threat (APT) approach in which they collect intelligence that they can either sell or use at a later date," according to the McAfee report.
The decision by Sony Pictures Entertainment to pull "The Interview" due to a cyberattack and subsequent terror attacks has drawn criticism from actors and President Obama.
"Sony is a corporation. It suffered significant damage," Obama said during a press conference. "There were threats against its employees. I'm sympathetic to the concerns that they faced. Having said all that, yes I think they made a mistake. We cannot have a society in which some dictator in some place can start imposing censorship in the United States. I wish they'd spoken to me first. I would have told them: 'Do not get into the pattern in which you are intimidated.'"
However, Sony is defending itself from Pres. Obama's statement and criticism from actors, many American citizens, and others criticizing the company.
Cybercriminals with alleged ties to ISIS recently tried to spread malware onto a Syrian citizen media group after posing as Syrian-Canadian citizens, according to a report from Citizen Lab. The social engineering attack took place in late November, and shows the group is continually putting more effort into its cybercriminal abilities. The attempted malware attack was targeted to the Raqqah is Being Slaughtered Silently (RSS) group, and the email was worded in a manner to trick organization members.
"This bears little resemblance to anything we've seen from the usual suspects," said John Scott-Railton, the report's co-author, noted in a statement given to CBC. "That, combined with who they are targeting... gives us pause and makes us think that maybe we're looking at ISIS malware."
ISIS has used the Internet, specifically social media, as a tool to recruit and spread propaganda. However, the group has run into problems, as the Anonymous hacker collective and other groups have disrupted their online operations.
A reported 51 percent of companies suffered some type of malware breach during the past 18 months, with phishing emails and social engineering attacks able to circumvent security filters, according to a survey published by the OPSWAT IT solutions provider.
It's a frightening time for companies trying to keep their networks secure, especially as social engineering techniques - which rely on tricking employees to click fraudulent links or install the malware directly - prove difficult to defend against.
"With the sheer number of new viruses introduced every day, it is not surprising that 51% of the respondents experienced a malware breach, particularly since 39% only utilized one anti-malware solution," said Tony Berning, OPSWAT Metascan product manager. "By using only one or two anti-virus engines, companies are exposing themselves to malware threats, since no anti-virus engine can be accurate 100% of the time."
Sony Pictures is facing a public relations nightmare after a major data breach orchestrated by North Korea, and company executives just can't stop the bleeding. The data breach could become the costliest suffered by a U.S. company, with fallout that will surely continue into 2015. Beyond the sensitive documents and personal information stolen, along with the cancellation of "The Interview," there is a strong possibility some actors will avoid Sony in the future.
It remains unclear how much Sony will lose because of the cyberattack, but lawsuits, lost revenue because of "The Interview" being pulled, and other problems will only complicate matters even further.
"This attack went to the heart and core of Sony's business and succeeded," said Avivah Litan, Gartner cybersecurity analyst. "We haven't seen any attack like this in the annals of U.S. breach history."
North Korea could be using the cyberattack against Sony Pictures as a test run to try out its budding cyber capabilities, with the reclusive government potentially taking aim at US energy companies and critical infrastructure. Despite much of the Western world ignoring its growing cyber ambitions, it looks like North Korea has been able to increase its cyber weapons.
"North Korea's ultimate goal in cyber strategy is to be able to attack national infrastructure of South Korea and the United States," said Kim Heung-kwang, a North Korean defector and former computer science professor. "The hacking of Sony Pictures is similar to previous attacks that were blamed on North Korea and is a result of training and efforts made with the goal of destroying infrastructure."
The North Korean government has poured resources into its Bureau 121 cyber warfare unit, recruiting some of the nation's best computer experts - with most of the department's agents originating from the North Korean military computer school. It has successfully attacked targets in South Korea on several occasions, as some networks remain vulnerable to attack.
The U.N. General Assembly wants better digital privacy protections for Internet users, which was drafted by Germany and Brazil, earning consensus approval. Former NSA contractor Edward Snowden revealed mass surveillance capabilities by the NSA and GCHQ, which has angered a large number of Internet users.
The UN resolution, which was co-sponsored by 65 nations - as opposed to just 10 in 2013 - will also rely on private sector companies to play a role.
Previously, the UN showed great concern over Internet users' rights to digital privacy, with great concern of covert surveillance programs. "Without the necessary checks, we risk turning into Orwellian states, where every step of every citizen is being monitored and recorded in order to prevent any conceivable crime," said Harald Braun, German ambassador.
Internet users are fighting for their privacy while browsing the Internet, but trying to see what the future holds has proven difficult. As noted by former NSA contractor Edward Snowden, Web users found they are under constant surveillance by governments and hacker groups. It turns out 55 percent of experts believe there would not be a "secure, popularly accepted and trusted privacy-rights infrastructure by 2025," according to a survey hosted by the Pew Internet Project and Elon University's Imagining the Internet Center.
Regardless of what Internet users and privacy experts say about the current state of the Internet right now, it will remain a major talking point for years to come.
"By 2025, there will be an international consensus among Internet organizations on how best to balance personal privacy and security with popular content and services," according to an unnamed specialist working on technical and policy coordination, published by Pew. "The patchwork approach of national privacy protections will be harmonized globally in 2025, and the primary of security concerns will be more balanced by such an international consensus."
ICANN employees have fallen victim to a suspected spear phishing cyberattack that began in late November 2014, the group confirmed in a blog post. The social engineering attack mimicked emails that closely resembled communications from its own domain and targeted ICANN employees. Unfortunately, the attack was successful and several ICANN staff members had their credentials compromised.
The compromised credentials were used to access ICANN's Centralized Zone Data System, providing criminals with access to names, postal addresses, email addresses, fax and phone numbers, usernames and passwords. The breach also hits the ICANN GAC Wiki, with only public information accessible to the cybercriminals.
Earlier in the year, ICANN boosted its cybersecurity, which the group said likely helped keep unauthorized access to a minimum from this attack.