TweakTown NewsRefine News by Category:
China and Russia are two of the largest cyberespionage threats to the Western world, but countries like North Korea are able to cause significant damage on relatively modest budgets, cybersecurity experts warn.
As witnessed by the successful breach of Sony Pictures Entertainment, which has caused the company significant financial damage - and continued downtime - foreign attackers are finding easy targets to compromise. In North Korea, the reported 1,800 members of Bureau 121, the secret North Korean hacker brigade, live a pampered lifestyle in Pyongyang - with high levels of motivation to carry out cyberattacks.
"While North Korea's massive conventional forces have been declining due to aging and lack of resources... North Korea is emphasizing the development of its asymmetric capabilities," said Gen. Curtis Scaparrotti, United States Forces Korea commander. "Cyber warfare is an important asymmetric dimension of conflict that North Korea will probably continue to emphasize - in part because of its deniability and low relative costs."
Cyberattacks will continue in 2015, and there will be increased interest in nation states using cyberespionage to attack and compromise one another. Established countries will work to "enhance their ability" to launch attacks and remain hidden on compromised networks - and researchers believe smaller countries and terrorist groups will develop their cyber warfare capabilities.
The McAfee report indicates: "Cyber espionage attacks will continue to increase in frequency as long-term players will become stealthier information gatherers, while newcomers to cyberattack capabilities will look for ways to steal sensitive information and disrupt their adversaries."
Cybercriminals will evolve their abilities to learn from organized state-sponsored attacks, and look to steal intellectual property, operational intelligence, and conduct intelligence gathering on specific targets.
Even with increased awareness from phone manufacturers and wireless carriers, smartphone theft remains a significant problem in the United States. There are more than 1 million smartphones stolen in the United States every year, with the Federal Communications Commission (FCC) rather unhappy about it.
"There is no single technology 'silver bullet' that will eliminate phone theft and therefore a complementary suite of technical and operational mitigation techniques will need to be made available and applied to gain additional impact to this issue," the report indicated.
Some US states have become more aggressive regarding smartphone theft, requiring manufacturers to include anti-theft technologies in new phones - but that will slow theft - and more must be done to prevent snatch and grab, armed robbery, and other crime.
Things just don't seem to be getting better for Sony. Hot on the heels of a shocking data theft at Sony Pictures, a new attack occurred today on the PlayStation store. Suspicions are centered around North Korea for the Sony Pictures hack, and the custom malware designed for that hack is now on the loose, threatening the world at large with a devastating over-write malware.
A group called The Lizard Squad is taking responsibility for the latest attack on the PlayStation Store this morning via a Twitter message that simply reads: "PSN Login #offline". This latest attack appears to be a denial-of-service attack, which overruns the website and prevents users from logging in. However, the full scope of the attack is not yet known, and Sony is currently investigating the breadth of the assault. Word on whether there was a data breach associated with the attack will come forward in the next few days. Sony and The Lizard Squad have a contentious history, to say the least. Earlier this year Lizard Squad issued a warning there were explosives on a domestic flight, resulting in its diversion. There just so happened to be a Sony executive on the flight.
The hack against Sony has been all over the news for a couple of weeks now, but it has reportedly all been tracked back to a single, posh hotel in Bangkok. North Korea has stepped up saying that it was not responsible for the hack, which had people thinking the country had attacked Sony over its movie "The Interview" with Seth Rogen and James Franco.
The hackers were traced back to St. Regis Bangkok, which is a 4.5-star resort where even the most basic rooms cost over $400 per night. We don't know if the hack was done from inside of one of these hotels, or outside in a public area of the hotel, but we do know they came from the St. Regis Bangkok. The investigations into the breach of Sony Pictures Entertainment servers took place on December 2, at 12:25AM local time.
Pro-North Korean hackers could be responsible for a cyberattack that crippled Sony Pictures, according to a statement broadcasted on a state-run television channel. The successful breach will likely cost SPE millions from interrupted business operations, data theft, and screener versions of the movie that have leaked online.
The KCNA news agency said that the "hacking into Sony Pictures Entertainment might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal."
There are digital fingerprints that point towards North Korea, and cybersecurity experts and the FBI are helping SPE investigate the incident. Despite extreme poverty that most of the country's citizens endure, the controlling government has reportedly invested a great deal into developing hackers with developed cyberattack capabilities.
Eighty-two percent of US companies suffered at least one cyberattack in the past 12 months, with 46 percent reporting at least three or more, according to a Malwarebytes report that Lawless Research conducted. Mobile security issues garner a lot of attention, but exploitable browser vulnerabilities provide the most pressing concern at the moment.
Trying to defend against these malicious attacks has allowed the cybersecurity industry to grow at a rapid pace - and as software and hardware security both improve - retailers, financial institutions, and governments remain concerned of looming attacks.
There has been a rise in ransomware attacks, survey respondents noted, and infection levels have been relatively low - but cause great concern for executives.
Several high-profile cyberattacks launched against Apple have revealed OS X and iOS aren't as secure anymore, with criminals trying to compromise both operating systems. Enterprise workers are at risk because of Apple taking a "whack-a-mole" approach to security, which is a major threat with sophisticated spear-phishing attacks.
"Apple's responses to the WireLurker and Masque Attack operations illustrate that iOS is entering the 'whack-a-mole' era of malware defense, similar to that experienced during the last decade with PCs," said Dave Jevans, Marble Security founder and CTO. "Being proactive rather than reactive is essential in preventing these ioS vulnerabilities and exploits from affecting enterprise networks, and implementing mobile device security solutions is a huge step in achieving this."
Sophisticated cyberattacks target most major technology companies, but Apple previously was left relatively unscathed from most malicious code. However, cybercriminals want to find strategies to steal information and conduct data breaches, with a specific focus on compromising iPhones and iPads in the workplace.
Remember the Sony Pictures hack that saw employee's computers compromised and in-cinemas movies be released to the public? Well, according to recent news - this hack is even more in depth that originally thought.
Thanks to Gizmodo we were able to learn some more information regarding the whole ordeal, including various issues that Sony may face in the near future. As according to BuzzFeed, the 40 gigabytes of data released by these hackers contained everything from medical records to unreleased movie scripts - being claimed as one of the worst corporate hacks in history.
When the Target data breach occurred in late 2013, millions of Americans were at risk of fraud and identity theft - and it was the first of multiple major data breaches to hit retailers. Unfortunately, it seems unlikely all retailers have improved their security well enough to prevent a breach, and cybercriminals will probably claim at least one more victim before the end of the year.
More retailers are encrypting card numbers in their databases and installing additional secure card readers in their stores, but didn't move fast enough - so consumers aren't more secure in late 2014 than they were last year.
"If a retailer is compromised this holiday season, that announcement will probably be delayed until January," said Alphonse Pascual, Javelin Strategy & Research director of fraud and security. "For the consumer that means stepping in line at checkout or even shopping online is still tantamount to Russian roulette when it comes to using their credit and debit cards."