TweakTown NewsRefine News by Category:
Before Sony Pictures Entertainment was compromised in a significant cyberattack that crippled its computer systems and led to large amounts of data stolen, the company was warned of lapses in cybersecurity. SPE's firewall and at least 100 other devices were being monitored by the studio's in-house team instead of Sony's corporate security team, according to an audit done by PricewaterhouseCoopers (PwC).
"Security incidents impacting these network or infrastructure devices may not be detected or resolved [in a] timely [manner]," according to a PrincewaterhouseCoopers confidential report available in September. Re/code received a copy of the report and indicated SPE knew of significant security problems, but had a slow reaction time before trying to resolve problems.
Hollywood studios and other major corporations have the opportunity to learn from SPE's significant data breach, at Sony's expense.
The Internet of Things (IoT) is expected to explode in popularity in coming years, but trying to keep a growing number of connected devices secure from cybercriminals remains a major effort. To help get a step ahead of malicious criminals, companies are embracing white hat hackers specialized in finding and exploiting potential security loopholes - and then sharing details with the company.
"Source code analysis, integrating security testing into the normal test cycle, and penetration testing at the end," said Michael Murray, director of GE Healthcare cybersecurity consulting and assessment, in a statement published by Dark Reading. "I'm [still] breaking lots of stuff. I'm just breaking it before it gets to the customer to make sure bad things don't happen to people out in the world."
Connected devices are increasing to vehicles, our homes and apartments, medical devices, and virtually everywhere else - but keeping consumers and users secure is a major effort.
Despite major ramifications from its data breach suffered last month, with Sony still seeing bulk amounts of information leaked online, the company must continue moving forward. However, hopefully some people in the movie industry can now appreciate that public figures will remain a target of interest among hackers.
Agents, actors and movie studios in Hollywood can certainly learn from Sony's glaring mistakes, understanding that those emails with snide marks about others - which they expect to be confidential - shouldn't be sent, in fear potentially being leaked.
"[T]here's going to be consequences for senior people at the studio," said Sharon Waxman, founder and editor-in-chief of TheWrap, speaking to CNBC. "The studio has to go on with its business and it's drip drip drip everyday of an unknown damage hitting the studio - and embarrassment, another piece of information."
Chinese cybercriminals are finding success using social engineering attacks to easily compromise companies, with an increased focus on universities, financial institutions, defense contractors, and critical infrastructure. Likely state-sponsored cyberattackers were able to breach the Canadian National Research Council, searching around for scientific research information and possible trade secrets.
A spear-phishing attack, with the email including an attached piece of malicious code, found its way onto the organization's network. The Canadian government didn't disclose what type of information could have been compromised from the breach, which took place earlier in 2014.
It is also unclear as to whether any personal information has been compromised," said Tobi Cohen, a privacy commissioner spokeswoman, as noted by the CBC. "We are satisfied that the organization took appropriate steps to notify employees and other parties about the cyber-intrusion and that efforts are underway to update [information technology] systems and security procedures to prevent this from happening again."
The Guardians of Peace released more information stolen from Sony, and promised a large "Christmas gift" of additional data taken in a breach Sony suffered that started late last month. The leaked content reportedly contained more email correspondence and information related to Crackle, the online video website.
Here is part of the post from hackers (via Pastebin): "We are preparing for you a Christmas gift. The gift will be larger quantities of data. And it will be more interesting. The gift will surely give you much more pleasure and put Sony Pictures into the worst state."
The cybercriminals behind the Sony breach have released seven waves of stolen data and movies to the Internet, and will continue to do so. The FBI and cybersecurity companies are helping Sony clean up the mess, but the damage has clearly already been done.
It very well could have been a symbolic victory and nothing else, after The Pirate Bay was shuttered, but digital piracy levels didn't significantly drop. Piracy torrent statistics have been made available courtesy of the anti-piracy Excipio firm, which tracks movie, TV shows, music, video games, and software torrent downloads - and on Dec. 8, the day before Pirate Bay servers were seized, there were 101.5 million IP addresses engaged in torrent downloads.
The number dropped to 99 million on Dec. 9, then down to 95 million on Dec. 10, and 95.6 million downloads on Dec. 11, according to Excipio. However, the number again topped 100 million on Dec. 12, which noted that the daily average of torrent downloads worldwide since Nov. 1 was 99.99 million.
For interested Internet users, there are dozens of other websites that allow access to torrent downloads, and Internet piracy will continue to be a thorn in the side to governments and copyright holders.
US companies need to be aware of increasingly sophisticated Iranian cyberespionage operations, according to the FBI, with targets ranging from educational institutions, energy firms, defense contractors, and additional critical infrastructure.
As part of Operation Cleaver, there have been 50 victims in 16 countries reported so far, according to cybersecurity company Cylance. The FBI's "Flash" report also included technical details about sophisticated malware and attack strategies that are likely being used by Iranian cybercriminals. "It underscores Iran's determination and fixation on large-scale compromise of critical infrastructure," Cylance CEO Stuart McClure reportedly noted.
Potential victims have been asked by the FBI to speak with them, especially if potential links point towards foreign cybercriminals.
The Belgian telecoms company Belgacom was breached by UK spies on a larger scope than previously reported, according to a Belgian newspaper. Belgacom was reportedly infected with the Regin spy tool, a suspected US and UK creation, and was likely targeted because of partnerships with hundreds of major telecommunications companies spread throughout the world.
"In its digital attack on Belgacom, the British secret service was able to intercept more communications than was previously realized," according to the De Standaard Belgian newspaper. "The security service was thus able to intercept communications from Belgacom's individual clients, from NATO and the EU, as well as from clients of hundreds of international telecoms providers. It is an unprecedented violation of the privacy of anybody who used a mobile telephone."
Conducting cyberespionage efforts has evolved into a vital tool for national governments, though the US and UK have taken interest in monitoring its political own political allies. The GCHQ likely targeted the company starting in 2011, but it took until 2013 for the breach to be identified, after Belgacom reportedly improved its cybersecurity defenses.
The German constitutional court will not allow the Green or Left parties to bring former NSA contractor Edward Snowden into the country to speak out about NSA spying. Instead, the committee of eight MPs might be sent to Moscow, where Snowden is currently living, but Snowden's attorney said the American will only speak to German officials if sent to Germany.
It's likely there are German politicians that don't want to allow Snowden into the country, as he's a wanted criminal - with a suspended US passport - and the US would be anxious for any of its allies to extradite the former intelligence analyst.
German support for Snowden reached a new high last year, after some of Snowden's leaks indicated the NSA spied on Chancellor Angela Merkel and several other high-ranking government officials.
Russia has the largest number of mobile users facing attacks, as cybercriminals look to compromise smartphones and tablet devices. The top 10 as reported by Kaspersky: Russia (45.7 percent), India (6.8 percent), Kazakhstan (4.1 percent), Germany (4.0 percent), Ukraine (3.0 percent), Vietnam (2.7 percent), Iran (2.3 percent), UK (2.2 percent), Malaysia (1.8 percent), and Brazil (1.6 percent).
However, Kazakhstan is the only nation on the top 10 countries list based on infection, ranking No. 4 with 1.62 percent, according to Kaspersky.
Cybersecurity companies strongly urge mobile users to utilize anti-malware software to keep their devices more secure. And to download apps only from authorized locations, while keeping a lookout for potential fraudulent links in emails, social media, and other locations.