TweakTown NewsRefine News by Category:
Office retailer Staples recently issued an update to a data breach investigation that took place earlier in the year, targeting its retail point-of-sale (PoS) systems. The company said 115 of its stores nationwide were targeted, with 1.16 million customers affected, providing cybercriminals potential "access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes."
Retailers remain under fire from foreign cybercriminals targeting their PoS systems - and the problem likely won't suddenly go away anytime soon. Despite Staples' data breach much smaller than Target (40 million compromised) and Home Depot (56 million compromised), shows that major problems still exist.
The North Korean government has reportedly orchestrated a major cyberattack to cripple Sony Pictures - and prevent "The Interview" from being shared - but the regular North Korean citizen likely has no idea about the data breach or movie. The North Korean government strictly regulates the Internet and media in the country, so it wouldn't be surprising if the population has no knowledge of the movie, or its contents.
"North Koreans will probably never know what this film was about," noted Leonid Petrov, from the Australian National University, as noted by BusinessWeek. "If there was a film about Kim Jong Un, it would only be explained in the most laudatory, sycophantic way. Foreigners made a film about our great leader, presenting the greatness of the great leader."
As such, trying to even get copies of the movie would be extremely difficult. There have been attempts to send balloons into North Korea with copies of movies, books and other banned materials into the country - but the balloons are routinely shot down. North Korean citizens who stumble across any of the contraband is ordered to turn it over, or they face potential torture, imprisonment, and other forms of punishment.
The United States pointed towards North Korea being behind the massive Sony Pictures data breach, and many have argued for some type of retaliation against the country. However, trying to determine how to seek revenge on the North Korean government, in regards to cyberattacks, remains difficult. Trying a cyberattack in response would be risky, as the US has significantly more to lose if the North Koreans, along with its allies, decide to escalate the issue further.
"Nothing more," said Christopher Budd, online security communications professional, in a post published by GeekWire. "Yes, you read that right: nothing more. I believe that the U.S. should do nothing more in response to this situation than they already have: naming North Kore clearly as being behind this."
It seems more likely the US government will impose further sanctions on North Korea - and perhaps find ways to hurt the country's economy even further. Another idea is to find a way to distribute "The Interview" inside of North Korea, along with distributing "Team America" into the country - but that seems rather far-fetched.
Cyber espionage is a growing underworld business, with small nation states and foreign terror groups continuing to launch cyberattacks against enemies, according to a report released by McAfee Labs. Everything from distributed denial of service (DDoS) attacks to malware being delivered via social engineering techniques are being added to cyber arsenals, used by increasingly sophisticated groups.
Established nations with cyber warfare programs will look for stealthier methods to gather intelligence and cripple political and military rivals - and developing cyber espionage programs remain dedicated to stealing finances and causing disruptions.
"Of particular note, McAfee Labs now sees sophisticated Eastern European cybercriminals shifting from quick, direct attacks on financial-institution customer credentials (leading to financial theft) to a more sophisticated advanced persistent threat (APT) approach in which they collect intelligence that they can either sell or use at a later date," according to the McAfee report.
The decision by Sony Pictures Entertainment to pull "The Interview" due to a cyberattack and subsequent terror attacks has drawn criticism from actors and President Obama.
"Sony is a corporation. It suffered significant damage," Obama said during a press conference. "There were threats against its employees. I'm sympathetic to the concerns that they faced. Having said all that, yes I think they made a mistake. We cannot have a society in which some dictator in some place can start imposing censorship in the United States. I wish they'd spoken to me first. I would have told them: 'Do not get into the pattern in which you are intimidated.'"
However, Sony is defending itself from Pres. Obama's statement and criticism from actors, many American citizens, and others criticizing the company.
Cybercriminals with alleged ties to ISIS recently tried to spread malware onto a Syrian citizen media group after posing as Syrian-Canadian citizens, according to a report from Citizen Lab. The social engineering attack took place in late November, and shows the group is continually putting more effort into its cybercriminal abilities. The attempted malware attack was targeted to the Raqqah is Being Slaughtered Silently (RSS) group, and the email was worded in a manner to trick organization members.
"This bears little resemblance to anything we've seen from the usual suspects," said John Scott-Railton, the report's co-author, noted in a statement given to CBC. "That, combined with who they are targeting... gives us pause and makes us think that maybe we're looking at ISIS malware."
ISIS has used the Internet, specifically social media, as a tool to recruit and spread propaganda. However, the group has run into problems, as the Anonymous hacker collective and other groups have disrupted their online operations.
A reported 51 percent of companies suffered some type of malware breach during the past 18 months, with phishing emails and social engineering attacks able to circumvent security filters, according to a survey published by the OPSWAT IT solutions provider.
It's a frightening time for companies trying to keep their networks secure, especially as social engineering techniques - which rely on tricking employees to click fraudulent links or install the malware directly - prove difficult to defend against.
"With the sheer number of new viruses introduced every day, it is not surprising that 51% of the respondents experienced a malware breach, particularly since 39% only utilized one anti-malware solution," said Tony Berning, OPSWAT Metascan product manager. "By using only one or two anti-virus engines, companies are exposing themselves to malware threats, since no anti-virus engine can be accurate 100% of the time."
Sony Pictures is facing a public relations nightmare after a major data breach orchestrated by North Korea, and company executives just can't stop the bleeding. The data breach could become the costliest suffered by a U.S. company, with fallout that will surely continue into 2015. Beyond the sensitive documents and personal information stolen, along with the cancellation of "The Interview," there is a strong possibility some actors will avoid Sony in the future.
It remains unclear how much Sony will lose because of the cyberattack, but lawsuits, lost revenue because of "The Interview" being pulled, and other problems will only complicate matters even further.
"This attack went to the heart and core of Sony's business and succeeded," said Avivah Litan, Gartner cybersecurity analyst. "We haven't seen any attack like this in the annals of U.S. breach history."
North Korea could be using the cyberattack against Sony Pictures as a test run to try out its budding cyber capabilities, with the reclusive government potentially taking aim at US energy companies and critical infrastructure. Despite much of the Western world ignoring its growing cyber ambitions, it looks like North Korea has been able to increase its cyber weapons.
"North Korea's ultimate goal in cyber strategy is to be able to attack national infrastructure of South Korea and the United States," said Kim Heung-kwang, a North Korean defector and former computer science professor. "The hacking of Sony Pictures is similar to previous attacks that were blamed on North Korea and is a result of training and efforts made with the goal of destroying infrastructure."
The North Korean government has poured resources into its Bureau 121 cyber warfare unit, recruiting some of the nation's best computer experts - with most of the department's agents originating from the North Korean military computer school. It has successfully attacked targets in South Korea on several occasions, as some networks remain vulnerable to attack.
The U.N. General Assembly wants better digital privacy protections for Internet users, which was drafted by Germany and Brazil, earning consensus approval. Former NSA contractor Edward Snowden revealed mass surveillance capabilities by the NSA and GCHQ, which has angered a large number of Internet users.
The UN resolution, which was co-sponsored by 65 nations - as opposed to just 10 in 2013 - will also rely on private sector companies to play a role.
Previously, the UN showed great concern over Internet users' rights to digital privacy, with great concern of covert surveillance programs. "Without the necessary checks, we risk turning into Orwellian states, where every step of every citizen is being monitored and recorded in order to prevent any conceivable crime," said Harald Braun, German ambassador.