TweakTown NewsRefine News by Category:
Business leaders need to become more computer literate so they are better able to understand evolving threats posed by cybercriminals. Criminals are using the digital equivalent of an F-16 fighter jet to launch attacks against governments and corporations, finding surprising levels of success, according to an Israeli cybersecurity expert.
"The breakers in cyber are one step ahead of the makers... we're out of equilibrium," said Nadav Zafrir, former Israel Defense Force tech commander and founder of Team8 Cyber Security Venture Creation, during a recent meeting with corporate leaders. "You have to redefine control. You have to let go, and it's scary. It's too important to leave it to the cyber experts. You [the CEO] have to become cyber literate."
Business leaders are confused in their efforts to defend against cyberattacks, often unsure how to prevent data breaches - and what to do if one occurs. However, analysts and experts recommend companies focus on preventing insider attacks, try to clamp down on outside threats, and have a recovery plan in case a breach does take place.
Dennis Rodman doesn't believe North Korea is responsible for attacking Sony Pictures, with the former NBA champion thinking Pyongyang wouldn't lash out against Sony Pictures just for making "The Interview."
"If the North wanted to hack anything in the world, anything in the world, really, they are going to go hack a movie? Really?!" Rodman recently said in an interview with The Hollywood Reporter. "How many movies have there been attacking North Korea? And they never hacked those. North Korea is going to hack a comedy, a movie that is really nothing? I can't see that happening. Of all the companies... really? Over a movie?
It's worth noting, however, North Korea has been blamed for attacking South Korean infrastructure, including financial institutions - and has a budding cybercriminal unit that is well-trained and financed by Pyongyang. Furthermore, if North Korea actually is responsible for breaching SPE, it was likely done to further develop its cyberespionage abilities that could be used against future targets.
Reports were published within the past week that more than 1,800 Minecraft accounts were hacked, with passwords leaked online - but the company has defended itself, and it looks like phishing attacks are to blame.
"No! We haven't been hacked," said Owen Hill, Chief World Officer at Mojang, in a published blog post. " No one has gained access to the Mojang mainframe. Even if they did, we store your passwords in a super encrypted format. Honestly, you don't need to panic."
Affected Minecraft players have been emailed and will now need to reset their passwords. If you want to change your password just in case, head to Minecraft.net/resetpassword.
Business leaders are paying attention to cybersecurity more than they were in recent years, but struggle to find methods to keep networks secure. Trying to determine what steps to take remains a complicated issue, especially with some companies discovering data breaches months after the initial incident occurs.
There are a number of potential problems for companies trying to keep their networks secure, as potential attacks originate from a variety of sources. Much focus is dedicated to preventing a breach, but business leaders also need to focus on the likelihood that a cyberattack was successful:
"The role of organized crime and government-sanctioned hacking will continue to thwart cybersecurity efforts [in 2015]," said JF Roy, CTO of TIBCO LogLogic, in a statement to TweakTown. "Breaches will continue to be discovered after the fact, which means that businesses must update their security and risk management plans to include incident response policies with contingencies for involvement of federal law enforcement."
It appears the serial ports of automated tank gauges (ATGs) of almost 5,300 gas stations and fuel depots in the United States are vulnerable because they aren't password protected. ATGs are used to more accurately track fuel tank inventory levels, raise alarms, track fuel deliveries, and conduct leak tests - but people with access to the interfaces could cause problems, according to the Rapid7 Security Street blog.
It doesn't look like there have been any incidents of actual breaches, but shows the importance of password protecting connected technologies. ATGs can be accessed via serial port, plug-in serial port, TCP/IP circuit board, and fax/modem.
Rapid7 was made aware of the issue by Jack Chadowitz, founder of the Kachoolie security firm, and started investing ATG vulnerabilities since Jan. 9.
Despite previous reports claiming the Lizard Squad was hacked, which would be a public relations nightmare for the hacker group, it appears the list could have just been distributed. Members of the group were sharing the list with trusted contacts, plotting attacks against specific accounts that piqued their interest. Seems a trusted source received the list and decided to publicly release it, according to an unnamed Lizard Squad member.
"We've got a fairly good idea who handed it over to Krebs & co. though," a supposed Lizard Squad spokesman told Forbes. "I didn't look into it much but from what I heard there were some pretty well known Twitter users in there for example and gamers. There were some interesting people who signed up... and considering most users were stupid enough to reuse their passwords..."
The Lizard Squad still seems mainly interested in attacking gaming-related services and servers, and while several members have been arrested, continue to pose a threat.
Thirty-two percent of users who share an Internet-enabled device, such as smartphones or tablets, with relatives, colleagues or friends don't take precautions to protect their information, according to a survey from Kaspersky Lab and B2B International.
Many people use PCs, smartphones, tablets and other devices with at least one other person, with one in three users saying they share devices - but don't have proper security protocols in place while sharing technology.
"Sharing a computer or smartphone increases the risk of malware infection, data loss or account theft, so it is important to take precautions," said Elena Kharchenko, Head of Consumer Product Management at Kaspersky Lab. "Always keep backup compies of important files; delete information that should not fall into the wrong hands, especially by disabling form autofill; try to control user access rights on the device - and most importantly - use programs that provide protection against cyber threats."
Attention on cyberattacks typically tends to focus on data breaches, but nonprofit groups likely face a higher risk of ransomware attacks. These types of attacks typically begin with a phishing attempt that gets an employee to unknowingly install custom malware designed to encrypt files - and hold critical data for ransom, or the files will be left permanently compromised.
As nonprofits are adjusting efforts to reach fundraising goals, people donating to these groups expect a certain level of security while contributing money - and a ransomware attack can be extremely detrimental.
"In 2015, the number of unique cybersecurity threats has surpassed the 300 million mark, growing at a steady rate of almost 40,000 new threats a day," said Catalin Cosoi, global security strategist of Bitdefender. "But it's not only the sheer number of malware that poses an immediate risk to nonprofits across the United States. Some of these viruses now specialize in extorting businesses by encrypting data and then asking for money in return... for the decryption key."
High-profile cyberattacks and data breaches in 2014 indicated the serious need for improved security efforts, but 2015 could be even worse, noted Cisco CEO John Chambers. Data breaches sometimes take months to detect, and improving security remains a difficult process that causes headaches for business leaders and IT staff.
Of specific concern is the growing number of connected devices now access the Internet, with cybercriminals interested in exploiting these products.
"There is no data center or network in the world that hasn't been hacked," said Chambers, speaking to CNBC during the World Economic Forum. "If you watched the number of attacks, they're going up exponentially this year, this year's going to be much worse than last year."
Sony will delay releasing its third quarter earnings report because of Sony Pictures continuing to struggle with repair of its crippled computer systems. Company officials want to release Sony's earnings report on March 31, and have asked regulators for additional time to get its IT situation sorted.
It will take until early February until SPE systems are fully restored and operational because of the "amount of destruction and disruption that occurred, and the care necessary to avoid further damage by prematurely restarting functions," according to Sony.
Despite The Interview bringing it close to $50 million from the box office, online rentals and sales, it has been a constant headache for the film studio. During CES, Sony CEO Kazuo Hirai said current and former employees suffered "one of the most vicious and malicious" cyberattacks to target a company - and applauded them for their continued resolve.