TweakTown NewsRefine News by Category:
The British government plans to launch an investigation when one of the country's air traffic control centers caused chaos for air traffic heading into and leaving London on Friday. The computer problems were resolved after a 35-minute shutdown, but had a major impact on air flights, with delays and cancellations throughout the UK and other major European airports.
It would appear the Nation Air Traffic Services (NATS) air traffic management company suffered some type of computer system issue, leading to the problem.
"We are working hard to look after our customers who have been affected," according to a statement released by British Airlines. "While the system is slowly recovering, we anticipate the knock-on effects to take some time to resolve."
Google Android-powered smartwatches communicating with smartphones via Bluetooth can be compromised by brute-force attacks so cybercriminals can snoop, according to the BitDefender cybersecurity software company.
It wouldn't take more than an open source sniffing tool and at least a little cybersecurity knowledge to successfully breach Android smartwatches. Communications can be read in plaintext after the sniffing tool picks out 6-digit pin codes that are currently used to obfuscate data.
"There is no custom-built took," said Liviu Arsene, Bitdefender senior e-threat analyst, in a statement to SCMagazine.com. "Anyone with little knowledge of security can pull this off. It's all about looking in the right place."
The FBI is still unsure what hacker group successfully compromised Sony Pictures Entertainment, but said 90 percent of companies would likely fall victim to the same tactics. FBI officials also have reportedly met with Sony employees to explain how to protect themselves due to personal information being stolen as part of the breach.
"[T]he malware that was used would have gotten past 90 percent of the Net defenses that are out there today in private industry and [would have been] likely to challenge even state government," said Joe Demarest, assistant director of the FBIU cyberdivision, at a Senate Banking Committee hearing.
Sony is working with Mandiant, a cybersecurity forensics company, and CEO Kevin Mandia confirmed that this type of attack would be difficult to prepare for. The Guardians of Peace took credit for the attack, with purported GOP members emailing the media additional details of the breach.
Sony has been accused of launching distributed denial of service (DDoS) attacks against websites hosting its stolen content, using Amazon Web Service as a launch pad, according to unnamed sources speaking with Re/code. It would seem extremely unlikely - and easily identifiable - if Sony decided to use AWS to launch any form of DDoS attacks, with network monitoring company CloudFlare suggesting Sony didn't launch any counter-attacks.
Amazon sent the following statement to TweakTown:
"AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS."
Not surprisingly, launching a full-blown counter-attack is illegal, with Jennifer Stisa Granic, director of Civil Liberties at the Stanford Center for Internet and Society providing ZDNet with the following statement: "It's illegal for companies to counter-attack. That line will be fuzzy depending on the tech used, but the law is clear, no unauthorized access except for lawfully authorized government activity."
Sony is still reeling from its major cyberattack and brutal data breach, now deciding to use the Amazon Web Services (AWS) to allegedly launch distributed denial of service (DDoS) attacks against websites. Movie studios have tried to counter piracy hubs by flooding them with fake files - and launch cyberattacks against them - with varying levels of success.
"The AWS acceptable usage policy explicitly prohibits initiating denial of service attacks from their service; it's unlikely that Amazon would let this activity continue," said Tim Erlin, Tripwire director of security and risk. "Taking the step to 'hack back' against perceived legitimate targets, based on their own assessment of guilt, presents a myriad of potential legal problems."
If these accusations are true, trying to launch attacks against websites hosting stolen Sony movies isn't the best idea.
The fight against Internet piracy will lead to increased pressure on public schools, libraries and ISPs offering Wi-Fi service, as copyright holders and the government try to limit access to pirated material. The Australian government is currently amending its Copyright Act that will force ISPs to blacklist overseas-based websites found to be hosting pirated music, movies, and other copyrighted material.
The Australian Communications and Media Authority will receive registration of the new unique code, and force ISPs to carry out "reasonable steps" that puts increased burden on their shoulders. However, critics want safeguards put in place to ensure copyright holders don't abuse the new system - and prevent covert censorship efforts.
"The code will not include any sanctions to be imposed by ISPs on their customers - we believe that the copyright holders are the appropriate party to take any enforcement action against persistent infringers," said John Stanton, Communications Alliance chief. "But we are optimistic that the sending of notices by ISPs to consumers whose service has apparently been used for improper file-sharing will be a powerful signal."
Major technology companies want to hire hackers to help identify potential software vulnerabilities before products are released - and real cybercriminals are able to exploit any problems. The "bug bounties" program is being embraced by Facebook, Mozilla, Google and other major Silicon Valley companies, providing thousands of dollars to help identify bugs.
"The trajectory we're on now is completely unsustainable," said Vikram Phatek, NSS Labs CEO, when discussing the current cybersecurity landscape. "There will not be a person in the country who will not have a compromised computer if this goes on. We are ripe for having a major catastrophe."
Despite some resistance from companies weary of paying outside sources to identify security flaws, trying to prevent cybersecurity data breaches will remain a major effort. However, compromising widely used software is a lucrative effort for cybercriminals, with more money seemingly available on the black market.
The United States is increasing its shift towards chip-and-PIN technology to meet an October 2015 deadline, but the transition has been far from easy for many businesses. It turns out 69 percent of SMBs doubt they will be able to meet the late 2015 deadline, with confusion about the technology. In fact, 26 percent of survey respondents from SMBs couldn't identify what an EMV (Europay, MasterCard and Visa) terminal is, according to Software Advice report.
The EMV technology also will prove to be rather confusing for consumers, as 88 percent of US consumers have never made a purchase at an EMV terminal.
"EMV technology is coming to the U.S., but it won't be a smooth transition," said Daniel Humphries, Software Advice IT security researcher, in a statement. "Large firms may be aware of the liability shift and what it requires, but our data shows that only a small percentage of SMBs are prepared. However, there is still plenty of time for SMBs to prepare for the chip-and-pin changeover, and take matters into their own hands. This even represents a golden opportunity for merchants to make their businesses more secure from fraud."
As people spend more money this Christmas shopping season, 44 percent of consumers are ordering presents online - and cybercriminals continue to look for new methods to compromise victims. Cybercriminals have ramped up their social engineering attacks, launching phishing campaigns on email addresses, with cybersecurity experts continuing to warn shoppers about fraudulent emails.
Cybercriminals have shown increased interest in mimicking delivery updates, pose as retailers or banks, and some of the emails are surprisingly clever.
"It's seasonal - hackers will use the season to take advantage of you," said Claire Rosenzweig, Better Business Bureau president and CEO. "Everybody's all excited. They're shopping, they're shipping and scammers love this because we're all trusting."
Things just seem to be getting worse for Sony Pictures Entertainment, with cybersecurity experts now estimating SPE could face up to $100 million in costs related to its data breach. The total will account for lost worker productivity, an investigation into the incident, computer network repair and replacement, along with creating protocols to prevent a future data breach.
The estimate would have been significantly higher than $100 million if customer data was involved.
SPE's reputation will also take a major hit because of the data breach, including trying to recruit new actors and employees. "Will they be able to attract high-name stars if those stars believe their personal information will not be protected?" said Mark Rasch, a former federal cybercrime prosecutor. "How do you know what business opportunities are lost? It's hard to put a dollar figure on it."