TweakTown NewsRefine News by Category:
The Chinese government is routinely blamed for cyberattacks, especially against U.S. and other western nations, and the country is still the top source for attacks, according to a report from Akamai. China amounted for 43 percent of attack traffic, which is an astonishing lead ahead of the United States at 19 percent, research found.
The Akamai report found cyberattacks from IP addresses in 188 countries worldwide, with China and the United States joined by Canada (10 percent), Indonesia (5.7 percent) and Taiwan (3.4 percent) at the top of the list. Furthermore, distributed denial-of-service (DDoS) attacks also saw a drastic increase during Q4 2013, with cybercriminals benefiting from cheaper, more sophisticated attacks.
However, not all attacks from Chinese-based IP addresses are likely from cyberattackers within the country - since the nation has seen an explosion in mobile and PC Internet use, many hijacked systems are compromised from hackers located elsewhere.
Xapo, the company best known for creating bitcoin vaults, also has introduced a new bitcoin debit card, in an effort to attract more consumers to the popular cryptocurrency. Instead of debiting money from a checking account, however, the Xapo card takes money from bitcoins - a digital card is free, but consumers wanting a physical card will have to pay $15.
"We are focused on making bitcoin more secure and safer and making it easier to use, the debit card is something that our customers have requested," said Wences Casares, Xapo founder and CEO, in a statement to the Wall Street Journal.
The cards should ship within two months, and Xapo is partnering with banks in the U.S. and Europe, using Visa and MasterCard networks.
An employee at Coordinated Health had a password-protected laptop stolen from a vehicle in Pennsylvania, and now 700 patients are at risk. A total of 733 victims are at risk, with names, addresses, birthdates, insurance information, and Social Security numbers exposed - with law enforcement made aware of the breach.
Coordinated Health also is providing identity protection from Experian for free, as a forensic investigator to conduct a full review of the content that was available on the laptop.
It seems ridiculous how frequently stories are published where sensitive information is found on a flash drive, external HDD, or laptop - even if password-protected - which is later lost or stolen while outside of a company building. The exact role of the employee is unknown, though it seems unlikely that many people should have access to sensitive patient information away from the office.
Cybercriminals are having a field day compromising PCs and servers, but have found ways to plague a wide variety of business sectors and industries. Recently, hackers have taken to the open seas, having their way with the shipping industry, including infecting PCs on ships.
In one case, it reportedly took 19 days before a ship could be cleared for duty, with computer malware that had to be removed. A different example was when hackers were able to breach an oil rig and actually tilt it - and Somali pirates, as they continue to target foreign ships near Somali waters, use the Internet to access navigational data.
"Increasingly, the maritime domain and energy sector has turned to technology to improve production, cost and reduce delivery schedules," a think tank recently said in a report. "These technological changes have opened the door to emerging threats and vulnerabilities as equipment has become accessible to outside entities."
Tony Colston-Hayter, dubbed the "Acid House King," has been sentenced to five and a half years in prison for his part in a "sophisticated cyberattack" that stole $2.1 million from UK banks. Hayter worked alongside nine others used a clever Trojan to make transfers from Barclays and Santander bank branches, along with stealing credit and debit card account information of other victims.
The criminals used the stolen money to splurge on a rather lifestyle, including purchasing Rolex watches, high-end designer clothing, jewelry, and electronics.
"You were once a very successful and noted businessman, and once even appeared on the Jonathan Ross show," said Judge Juliet May QC, during the court hearing. "But it all went wrong - your marriage fell apart and you suffered from health issues before taking class A drugs such as crystal meth - although I gather you have taken every mind altering drug over the years."
Insurance company AIG will expand its current cyber insurance offering to include property damage and bodily injury exposures, providing customers an enhanced layer of protection. The CyberEdge PC is designed for companies that sometimes suffer equipment failure, physical harm to personnel, or physical damage to property, as hackers breach a larger scope of technologies.
Hackers have reportedly breached everything from heart rate monitors and pacemakers to traffic lights and connected devices - and there is significant risk to U.S. infrastructure - which AIG hopes to help clients avoid by expanding insurance coverage.
"Cyber risk goes well beyond data privacy concerns covered by standalone cyber insurance offerings prevalent in the market," said Tracie Grella, AIG Global Head of Professional Liability, in a press statement. "The physical risk of a cyberattack or cyber event to property and people is very real, and it can now be specifically and unambiguously addressed with expanded cyber insurance coverage that dovetails with existing insurance."
The U.S. Department of Health and Human Services (DHHS) and HITRUST recently conducted CyberRX, the first healthcare industry cyberattack simulation. Incident response coordination and collaboration are important, though many departments tend to keep security practices internal and not share successful techniques.
The standard national cybersecurity framework isn't effective to keep critical infrastructure protected, so healthcare providers and private sector security specialists must team up to be better prepared for threats.
"The initial exercise, although limited in number of participants, is a significant step in establishing an industry CyberRX exercise playbook and formal program; identifying areas where organizations should focus; identifying opportunities for greater collaboration and information sharing between organizations, HITRUST and government; and identifying what gaps exist and where industry needs additional support to (be) better prepared," said Kevin Charest, U.S. Department of Human Services Chief Information Security Officer.
The FBI sent a private memo to healthcare providers, warning them of increased threat of cyberattacks, especially with lackadaisical security methods that open patients up to further risk. Healthcare IT is continuing to evolve and does get better, but security loopholes and savvy criminals are still causing problems for medical IT specialists.
"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," the FBI said in its memo.
As noted by security experts previously, health care data traded on the black market is more valuable than credit and debit card information. The personal information found in medical records includes information that makes it even easier to access bank accounts, commit fraud, or steal prescription drugs - a lucrative currency among criminals, too.
There was an upswing in distributed denial-of-service (DDoS) attacks during the fourth quarter of 2013, according to Akamai, in its "State of the Internet Report." Its customers reported 1,153 DDoS attacks in 2013, a 50 percent increase year-over-year - and a notable 23 percent increase from Q3 to Q4 last year.
Cybercriminals are able to launch DDoS attacks against major targets with little overhead, and overall ability to compromise servers makes DDoS a very notable attack method.
Enterprise and commerce continued to be the industries targeted most frequently by the reported DDoS attacks in the fourth quarter, at 159 and 82 attacks, respectively," Akamai said in a press release. "Together, they account for just under 70% of the reported attacks during the quarter, while slightly less than half of the total attacks were reported by customers in the Americas."
Prior to President Barack Obama's first trip to Japan, there was a bit of a mishap in Tokyo's Haneda International airport. A Skymark Airlines employee reportedly lost a printout with a list of passwords which was found after 30 minutes on an airport terminal floor.
It's unknown what type of access would be granted using the lost passwords, airport officials changed all passwords as a preventative security measure.
Although software and hardware security continues to evolve, companies need to do a better job training employees to keep information secure. There is a problem of 'password fatigue' among employees, though there has to be some sort of guidelines available - especially when co-workers are opening one another up to potential data theft.