TweakTown NewsRefine News by Category:
The Premera Blue Cross health insurer has confirmed it suffered a data breach, putting 11 million customers at risk. Compromised data includes financial information and medical information, including names, bank account data, Social Security numbers, and clinical information.
The FBI is now working with Premera to gauge the seriousness of the data breach, with compromised records dating back as far as 2002. The company is now offering two years of free credit monitoring and identity theft protection services, Premera said on a special website designed to discuss the issue.
"All of us here at Premera have been by affected by this attack and we understand and share your concerns," said Jeff Roe, President and CEO of Premera. "Please know that we're committed to making sure you get the tools and assistance you need to help protect you."
Improving cybersecurity is a major effort by government agencies and the private sector, with security incidents still occurring at a frightening rate. Financial institutions have focused more on keeping attackers out of their networks, while trying to defend against a large number of attacks.
Most bank-related fraud tends to occur because of the use of false or anonymous identities. However, there is more focus on trying to keep malware from being installed, and to prevent distributed denial of service (DDoS) attacks from being so successful.
"It is no longer acceptable to simply apologize for a security breach and send a letter out to affected customers," said Dorean Kass, VP at Neustar. "Customers expect businesses, especially banks, to identify fraud and maintain cybersecurity, all while ensuring a convenient experience for its clients."
The US federal government believes a criminal case could begin against those responsible for breaching JPMorgan Chase, after 83 million customers were impacted. The breach last October led to customer names, addresses, phone numbers and email addresses being stolen - and investigations began immediately after the breach was revealed.
A few of the suspects live in countries which have extradition treaties with the United States, according to the New York Times, which means authorities could open criminal cases. Following a more thorough investigation, it was found that the breach wasn't nearly as sophisticated as originally believed.
"The bad news is that many of these folks are located overseas, and they are using encryption and servers all over the world," said Leslie Caldwell, assistant attorney general for the criminal division of the Justice Department, in a statement published by the New York Times. "But the good news is if we are able to jump on the breach early enough, we have an electronic trail and can get that evidence."
Yahoo plans to offer end to end encryption security protocols for its email service by the end of 2015, in an attempt to win over Internet users trying to prevent government snooping and surveillance. The new security features were demonstrated during the South by Southwest festival over the weekend, with a beta offering for developers expected soon.
Even though encryption has received praise from privacy advocates, it is often too difficult for many Internet users - trying to create encryption keys for the sender and receiver. However, Yahoo wants to provide a streamlined offering for its users, though it still will be designed for sensitive emails.
"Our goal is to have this available by the end of the year," said Alex Stamos, chief information security officer of Yahoo, in a statement to the AFP. "Anybody who has the ability to write an email should have no problem using our email encryption."
The Kaspersky Lab cybersecurity firm has launched Phound!, a new free Google Android anti-theft app, designed to help keep devices and personal information secure. The app can locate a lost or stolen device, ensuring data on the compromised smartphone or tablet is secure.
Users are able to block and prevent unauthorized access using GPS, Wi-Fi networks or GSM - and a message can be displayed on the device's screen, or a photo can be taken using the front camera. Furthermore, Phound! can be used to locate a misplaced device by sounding an alarm until the forgetful user identifies its location.
"For many consumers, mobile devices serve as storage for their most valuable and important data - contacts of friends and colleagues, personal messages, private photos and many other things," said Alexey Chikov, Senior Product Manager of Kaspersky Lab. "This means that today's smartphones and tablets need the same security as a bank vault. However, unlike bank vaults, smartphones are small, portable and easily misplaced. That is why we created a solution for our users to prevent their mobile 'vault' from falling into the wrong hands."
Ransomware attacks, using customized malware, are victimizing a wider number of PC users across the world, cybersecurity experts warn.
There have been a number of new ransomware strains discovered in recent weeks, including the CryptoFortress malware which successfully encrypts files over network shares.
"These new capabilities of Cryptoware change the threat landscape for all server and network administrators and it is even more important than ever to properly secure your shared folders with strong permissions," said Stu Sjouwerman, CEO of KnowBe4. "Between increasingly sophisticated phishing emails and exploit kits on compromised websites, users need to be trained to recognize threats with effective security awareness training."
Cyberattacks by hackers and foreign states isn't necessarily new, but 2014 helped bring consumer attention to the matter in the United States following several major data breaches. The United States should be aware that an "extremely damaging" cyberattack against the public and private sectors seems likely, warn cybersecurity experts.
"It's undeniable that the number of breaches is going up, and despite our best efforts, we are constantly surprised by new and important ways to affect these important [computer] networks," said Leo Taddeo, FBI Special Agent for Cyber Special Operations, in a statement to Bloomberg. "I think that we would be well-served to prepare for - I won't say a catastrophic attack, but an attack that has an impact that may shake some confidence levels."
Of note, business leaders should pay attention to possible "destructive malware" aimed at compromising corporate networks. Trying to clamp down on outside attacks has proven difficult, with sophisticated malware and better techniques used to infect targets.
The cybersecurity industry is an estimated $71 billion market that is growing at a rapid pace, with hackers targeting users - and increasingly sophisticated cyberespionage campaigns aimed at national governments.
Kaspersky Lab, a cybersecurity firm based in Russia, reportedly hesitated on at least two separate occasions before linking the Russian government to cybercriminal activities. Meanwhile, FireEye and CrowdStrike, two US security firms, have blamed China and Russia for organized cyber campaigns - but haven't accused the US for its cyberespionage efforts.
"Some companies think we should be stopping all hackers. Others think we should stop only the other guy's hackers - they think we can win the war," said Dan Kaminsky, chief scientist of the White Ops cybersecurity firm, in a statement published by Reuters.
The United States faces a "pervasive" issue regarding cyberattacks against physical weapons systems and private defense contractors - and cybersecurity to help protect assets is gaining more traction. The Department of Defense Instruction 5000.02, the Pentagon's guidelines for military acquisitions, will include a category focused specifically on cybersecurity.
"It's about the security of our weapons systems themselves and everything that touches them," said Frank Kendall, Defense Undersecretary, speaking to Reuters. "It's a pervasive problem and I think we have to pay a lot more attention to it."
The US government deciding to embrace cybersecurity, especially for the military, will likely generate more revenue for Lockheed Martin, General Dynamics and other contractors tasked with creating defensive cybersecurity programs.
Countries interested in conducting cyberespionage campaigns are using increasingly sophisticated methods, carefully targeting users with modular tools, according to Kaspersky Lab.
To increase stealth and reduce their visibility from cybersecurity experts, hackers are diversifying the components used in their malicious programs. One specific platform has at least 116 different plugins that can be customized depending on expected victim and what type of information they have access to.
"Nation-state attackers are looking to create more stable, invisible, reliable and universal cyberespionage tools," said Costin Raiu, director of global research and analysis at Kaspersky Lab. "They are focused on creating frameworks for wrapping such code into something that can be customized on live systems and provide a reliable way to store all components and data in encrypted form, inaccessible to regular users."