TweakTown NewsRefine News by Category:
The Russian government is blamed for an increasing number of organized cyberattacks against geographic rivals, Western Europe and the United States - but actually trying to prove their involvement has been overly difficult. Even though cybersecurity experts point towards Russia, with Russian political figures routinely denying involvement, it's difficult to take political action without a smoking gun present.
Cyberattacks from the US, UK, Israel, France, and Russia are sometimes masked to look like attacks originated from other regions of the world - and trying to determine legitimate sources will remain difficult, security experts note. However, some Chinese hackers like to leave calling cards to indicate who they are and where they are from when launching attacks against foreign governments and companies.
"Attribution is almost impossible to do," said C. Thomas, a hacker known as "Space Rogue," as he now serves as a computer security consultant. "Anything can be faked. People who do this stuff for a living - and their lives depend on it - will forge that stuff."
Companies operating in the European Union (EU) recently held another round of cyberattack simulations, designed to help test cyberattack response ability. The European Network and Information Security Agency (ENISA) used white hat hackers to mock attack 200 companies located in 25 EU nations for a 24-hour period.
The Cyber Europe 2014 drill focused on financial institutions, security companies, government ministries, energy providers and Internet service providers (ISPs), with distributed denial of service (DDoS) attacks, data exfiltration, and Web defacement attacks.
"The outcome of today's exercise will tell us where we stand and identify the next steps to take in order to keep improving," said Udo Helmbrecht, ENISA executive director.
A major cyberattack that will cause "widespread harm to a nation's security and capacity to defend itself and its people" is likely by 2025, according to cybersecurity experts surveyed by the Pew Research Center.
Cybercriminals are becoming increasingly organized - and state-sponsored by foreign governments - interested in attacking "inviting targets," such as national defense, banking, finance and energy. Sophisticated threats could be leading towards a cyberwar, with many major data breaches linked to the Chinese and Russian governments - while other targets blame the U.S. government for attacks.
"The Internet was not built for security, yet we have made it the backbone of virtually all private-sector and government operations, as well as communications, said Joel Brenner, former National Security Agency counsel. "Pervasive connectivity has brought dramatic gains in productivity and pleasure but has created equally dramatic vulnerabilities. Huge heists of personal information are common, and cybertheft of intellectual property and infrastructure penetrations continue at a frightening pace."
National Cyber Security Awareness Month (NCSAM) is quickly winding down, but with millions of Americans suffering identity theft each year, it's become a more important issue. Consumers are becoming more dependent on the Internet, using PCs, smartphones, tablets, and other devices to conduct shopping and online banking - at the risk of organized cybercriminals stealing personal information.
The Department of Homeland Security (DHS) teamed with the National Cyber Security Alliance (NCSA) to increase awareness of Internet-based threats, in an effort to try to inform citizens about identity theft, fraud, and other related crimes. Consumers are urged to become more vigilant against fake check scams, Internet merchandise scams, bogus prizes, sweepstakes and "free" gift emails, phishing and spoofing threats.
Here is what Sally Greenberg, National Consumers League executive director, noted: "Identity theft and online fraud affect millions of Americans, wreaking havoc on consumers' assets and personal information. Learning to spot the warning signs of common scams can help consumers avoid falling victim to these pernicious frauds."
The Pirate Bay co-founder Gottfrid Warg was sentenced to 42 months in prison, ending Denmark's highest-profile hacking case, which involved a highly sophisticated, systematic cyberattack. Warg and a co-defendant were recently found guilty of targeting IT provider CSC with attacks so they could gain access to the company's networks.
Warg was able to download a large amount of personal information of residents, including Social Security numbers, extradition agreements and criminal records, prosecutors said during the trial.
Warg was previously convicted of copyright theft and for hacking the mainframe of Logica, an IT consulting firm in Sweden.
Pirate Bay co-founder Gottfrid Svartholm Warg was found guilty in the Danish Court of Fredriksberg, after facing charges of hacking and serious vandalism. Warg and a 21-year-old co-defendant broke into servers hosted by CSC in April 2012, and kept control of the mainframes until August. He accessed hundreds of thousands of records of Danish residents, including Social Security numbers, extradition agreements and criminal records, along with additional private data.
Since this is Warg's second high-profile, significant hacking conviction - he was already serving a one-year sentence for hacking a different IT consulting firm - Danish prosecutors hope for a minimum five-year prison sentence.
Luise Høj, Gottfrid's attorney, had this to say before the ruling: "My recommendation has always been that the investigation has focused on finding clues that point to my client, even though the tracks have also pointed in another direction. I have recommended that the court dismiss the case based on the remote access argument. It is clear that my client's computer has been the subject of remote control, and therefore he is not responsible."
The CurrentC mobile payment program, which has been selected by retailers as a viable rival to Apple Pay, confirmed the service has been breached. Best Buy, Rite Aid, CVS, Best Buy, and around 50 retailers back CurrentC under the Merchant Customer Exchange (MCX). Many compromised email addresses were dummy accounts and the CurrentC app wasn't breached, according to an MCX spokeswoman.
"In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties," MCX said in an email to CurrentC testers. "We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC."
CurrentC could be in more than 110,000 locations across the United States in 2015, and this is a significant setback - traditional point of sale (POS) systems have proven to be susceptible to cyberattacks - and any type of mobile payment system must ensure their systems aren't compromised.
A likely Russian state-sponsored hacker group is being blamed for launching cyberattacks against NATO, Georgia, the Caucasus, Eastern Europe and Western European defense contractors, according to a report from FireEye. The APT28 group launches phishing attacks with links to websites that look like authentic news, with compromised information the type of data the Russian government would be interested in acquiring.
"The Sofacy group is using multiple malware families, including some that are not mentioned in the FireEye paper," said Aleks Gostev, Kaspersky Lab chief security expert of Global Research and Analysis. "They have been very active lately and have registered many domains in order to launch phishing attacks."
The FireEye report also notes APT28 sought "sensitive tactical and strategic intelligence" from governments in the region. Russia has been blamed for a number of coordinated cyberattacks against targets across Europe and in the United States, including a recent attack on the White House - and breaching point of sale (POS) machines of Home Depot.
Personal information of 18.5 million California residents, almost half of the state's total population, suffered from a data breach due to hacking, theft or other personal data exposure in 2013. Up to one-third of the total suffered from some form of fraud, California Attorney General Kamala Harris said - with the 167 significant breaches and 18.5 million number six times higher than 2.5 million accounts stolen in 131 reported breaches one year earlier.
Not surprisingly, the Target breach contributed to the significant increase, but as cybersecurity experts warned, a number of companies are suffering from large scale data breaches.
"Data breaches... threaten the privacy, the security and the economic well-being of consumers and businesses," Harris said. Cybercriminals don't prefer residents in California over other states, but the California Data Breach Report forces businesses and government agencies to publicly disclose breaches of more than 500 people.
The White House, also known as the Executive Office of the President (EOP), is familiar with enduring cyberattacks on a frequent basis. However, a recent attack was found to be organized and significantly powerful, with the White House's networks enduring a few days of consistent downtime.
"In the course of assessing recent threats we identified activity of concern on the unclassified EOP network," an anonymous source recently told the media. "Any such activity is something that we take very seriously. In this case we took immediate measures to evaluate and mitigate the activity."
In addition to state-sponsored hacker groups in China and Russia, other nations have shown interest in advanced cyber espionage tactics. The computers and systems were not damaged, but suffered extended downtime that has been largely resolved by federal cybersecurity experts, according to reports.