TweakTown NewsRefine News by Category:
Launching cyberattacks against targets once was a time intensive, difficult and costly effort, but it has become easier and inexpensive to launch distributed denial of service (DDoS) attacks.
Groups such as Anonymous and Lizard Squad are able to launch devastating attacks against large corporations and major targets using botnets of hijacked computers and routers. However, companies are becoming better at identifying these types of cyberattacks, but prove to be hugely inconvenient when the attacks succeed.
"There's been a massive jump in the number of very large attacks going on out there," said Darren Anstee, senior analyst at Arbor, while speaking to BBC. "In 2014 we saw more volumetric attacks, with attackers trying to knock people offline by saturating their access to the Internet."
The US government is no stranger to casting a large net in hopes of catching a few fish, so news of a new vehicle tracking database isn't entirely surprising. The Justice Department has a sophisticated database to track vehicle movements, and several other agencies are already using the data.
Several US law enforcement agencies already use automated license plate scanners mounted to police vehicles, and there also stationary systems that monitor highways and also take pictures of the vehicles. Some of these systems can actually be used to identify individuals inside of the vehicles.
The Justice Department has noted that there are already 343 million records in the database. This data includes the vehicle, time, and direction of travel. The primary intention is to find trafficking offenders for the DEA, but the Justice Department plans to expand the system to search for vehicles involved in rapes and murders. There is no word if the system will be expanded to encompass even more types of crime.
Companies have struggled against cyberattacks and distributed denial of service (DDoS) attacks, while mobile devices remain "the perfect target for attackers," said Thomas Tschersich, Deutsche Telekom's computer security chief.
Cybercriminals are able to easily compromise mobile devices, and with connection speeds via mobile topping many home broadband connections, can be exploited to launch attacks against targets. To counter this threat, Deutsche Telekom informs around 20,000 German subscribers per month about malware infection - and urges them to remove the malware.
Despite Deutsche Telekom's proactive efforts, attack bandwidth is estimated at several gigabytes per hour from these mobile devices. For just a couple hundred euros, criminals are able to launch attack and generate an impressive return on investment (ROI) for their efforts.
The Lizard Squad hacker group crippled the website of Malaysia Airlines for about seven hours on Monday morning, threatening to release stolen information. The website was replaced by a "404 - Plane Not Found" statement, referring to two major airline disaster suffered by Malaysia Airlines in 2014.
Although Malaysia Airlines said user data was not compromised, Lizard Squad posted a screenshot that appeared to be a passenger flight booking from MA's internal email system - and promised that it was "going to dump some loot found on malaysiaairlines.com servers soon."
The hacker group has been linked to multiple high-profile cyberattacks over the past year, including bringing down Microsoft Xbox Live and Sony PlayStation Network on Christmas Day.
Business leaders need to become more computer literate so they are better able to understand evolving threats posed by cybercriminals. Criminals are using the digital equivalent of an F-16 fighter jet to launch attacks against governments and corporations, finding surprising levels of success, according to an Israeli cybersecurity expert.
"The breakers in cyber are one step ahead of the makers... we're out of equilibrium," said Nadav Zafrir, former Israel Defense Force tech commander and founder of Team8 Cyber Security Venture Creation, during a recent meeting with corporate leaders. "You have to redefine control. You have to let go, and it's scary. It's too important to leave it to the cyber experts. You [the CEO] have to become cyber literate."
Business leaders are confused in their efforts to defend against cyberattacks, often unsure how to prevent data breaches - and what to do if one occurs. However, analysts and experts recommend companies focus on preventing insider attacks, try to clamp down on outside threats, and have a recovery plan in case a breach does take place.
Dennis Rodman doesn't believe North Korea is responsible for attacking Sony Pictures, with the former NBA champion thinking Pyongyang wouldn't lash out against Sony Pictures just for making "The Interview."
"If the North wanted to hack anything in the world, anything in the world, really, they are going to go hack a movie? Really?!" Rodman recently said in an interview with The Hollywood Reporter. "How many movies have there been attacking North Korea? And they never hacked those. North Korea is going to hack a comedy, a movie that is really nothing? I can't see that happening. Of all the companies... really? Over a movie?
It's worth noting, however, North Korea has been blamed for attacking South Korean infrastructure, including financial institutions - and has a budding cybercriminal unit that is well-trained and financed by Pyongyang. Furthermore, if North Korea actually is responsible for breaching SPE, it was likely done to further develop its cyberespionage abilities that could be used against future targets.
Reports were published within the past week that more than 1,800 Minecraft accounts were hacked, with passwords leaked online - but the company has defended itself, and it looks like phishing attacks are to blame.
"No! We haven't been hacked," said Owen Hill, Chief World Officer at Mojang, in a published blog post. " No one has gained access to the Mojang mainframe. Even if they did, we store your passwords in a super encrypted format. Honestly, you don't need to panic."
Affected Minecraft players have been emailed and will now need to reset their passwords. If you want to change your password just in case, head to Minecraft.net/resetpassword.
Business leaders are paying attention to cybersecurity more than they were in recent years, but struggle to find methods to keep networks secure. Trying to determine what steps to take remains a complicated issue, especially with some companies discovering data breaches months after the initial incident occurs.
There are a number of potential problems for companies trying to keep their networks secure, as potential attacks originate from a variety of sources. Much focus is dedicated to preventing a breach, but business leaders also need to focus on the likelihood that a cyberattack was successful:
"The role of organized crime and government-sanctioned hacking will continue to thwart cybersecurity efforts [in 2015]," said JF Roy, CTO of TIBCO LogLogic, in a statement to TweakTown. "Breaches will continue to be discovered after the fact, which means that businesses must update their security and risk management plans to include incident response policies with contingencies for involvement of federal law enforcement."
It appears the serial ports of automated tank gauges (ATGs) of almost 5,300 gas stations and fuel depots in the United States are vulnerable because they aren't password protected. ATGs are used to more accurately track fuel tank inventory levels, raise alarms, track fuel deliveries, and conduct leak tests - but people with access to the interfaces could cause problems, according to the Rapid7 Security Street blog.
It doesn't look like there have been any incidents of actual breaches, but shows the importance of password protecting connected technologies. ATGs can be accessed via serial port, plug-in serial port, TCP/IP circuit board, and fax/modem.
Rapid7 was made aware of the issue by Jack Chadowitz, founder of the Kachoolie security firm, and started investing ATG vulnerabilities since Jan. 9.
Despite previous reports claiming the Lizard Squad was hacked, which would be a public relations nightmare for the hacker group, it appears the list could have just been distributed. Members of the group were sharing the list with trusted contacts, plotting attacks against specific accounts that piqued their interest. Seems a trusted source received the list and decided to publicly release it, according to an unnamed Lizard Squad member.
"We've got a fairly good idea who handed it over to Krebs & co. though," a supposed Lizard Squad spokesman told Forbes. "I didn't look into it much but from what I heard there were some pretty well known Twitter users in there for example and gamers. There were some interesting people who signed up... and considering most users were stupid enough to reuse their passwords..."
The Lizard Squad still seems mainly interested in attacking gaming-related services and servers, and while several members have been arrested, continue to pose a threat.