TweakTown NewsRefine News by Category:
Many cybersecurity specialists working for the NSA and GCHQ tend to get burned out, and then head to the private sector. It provides a unique opportunity to hear more about some of the efforts the US government have employed to conduct organized cyberespionage against foreign governments.
For regular Internet users, it doesn't matter whether it's the government or a foreign cybercriminal, cybersecurity must be appreciated and not overlooked. As former government programmers and security experts abandon their government jobs in favor of the private sector, companies want to rely on technology advice from intelligence officials - providing valuable insight into how governments are conducting increased surveillance.
"Whether they're cybercriminals or state sponsored actors, I think a lot of times they can get into a network using a less sophisticated approach or a variant of a known piece of malware... it's a lower risk operationally for them," said Jim Penrose, former NSA employee and part of the department's Tailored Access Operations (TAO) group. "They don't want to fire silver bullets unless it's absolutely necessary; like a zero day or something like that, or a previously unseen piece of malware. Those are really high quality and you want to save those for a time when it's absolutely critical."
Russian cybercriminals, largely backed by the Russian government, have growing coordination as their attacks victimize the United States, UK, and Western European nations. The Energetic Bear, APT28 and Uroburous - three Russian-based malware families - are being used to conduct cyberespionage, rather than conduct data theft purely for financial gain.
Although Russian-based cybercrime targeting businesses gets most of the attention, threats of cyberespionage remain more problematic. Each new discovered exploit and toolkit reveals significant sophistication, as cybercriminals are able to rack up victims in a stealthy manner - often being discovered long after breaching targets, if at all.
"China has economic objectives," said Christopher Ahlberg, co-founder and CEO of Recorded Future. "Russia wants to show the world they are strong politically. Energy is incredibly important to them [as well]... They also want to sell gas to Western Europe - there's more of a focus on commodity markets and geopolitical [interests."
Cybercriminals will likely increase attacks against small and midsize retailers that hire temporary works to help augment staff ahead of the holidays. Cyberattacks don't peak during November or December, but criminals change their tactics to focus on companies that might hire additional staff and have focus on other day-to-day business operations.
Seasonal temporary workers haven't been trained in company policy, and might not be aware of current social engineering attacks, so they make easy prey, according to Akli Adjaoute, CEO of the Brighterion security firm. "These less-trained workers that are hired during the holiday season are much more vulnerable to social engineering attacks."
The financial impact of a data breach - or other cybersecurity problems - have been a painful lesson for companies throughout 2014. However, many companies struggle in their efforts to
After details of the sophisticated Regin malware was published online, there was concern that security companies didn't do enough to protect Internet users from the threat. Since it was released years ago, it took some time before Symantec reportedly identified - and included it in detection systems in December 2013.
However, it would appear Symantec identified Regin sometime in 2010 and it was labelled a Trojan in 2011, while F-Secure identified parts of the malware in 2009, with Microsoft learning of it in 2010.
"Symantec has been monitoring Regin for some time," Symantec recently told Forbes. "However, it has taken some time to gather all necessary components so that we can build a good understanding of the threat. We have also been monitoring for any further activity and attacks. Since no further information has come to light we have made the decision to release our findings publicly."
The CoinValut ransomware victimizes businesses, encrypting critical work files - but there is an added twist with this particular piece of software. The criminals provide one free decrypt, providing access to a file, trying to provide additional faith in victims.
CoinVault uses 256-bit AES encryption, and the decryption keys are stored on remote servers - and Windows files cannot be recovered unless the bitcoin payment is submitted to cybercriminals. Victims are ordered to pay 0.5 bitcoins, around $200 at current market prices, with the price increasing every 24 hours.
Ransomware attacks typically rely on employees falling prey to social engineering techniques, designed to trick users into clicking suspicious links or downloading unknown files.
The future of passwords could be under pressure if Intel-owned McAfee can develop new biometric authentication technology that can be supported. The average user has around 18 passwords, so using some type of biometrics would be able to help reduce that chaos.
"Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again," said Kirk Skaugen, Intel SVP and GM of the PC Client Group.
Despite passwords being under threat to be eliminated - for several years now - it still remains the most common security procedure for email, online banking, and other user accounts. However, passwords paired with other security procedures prove to be significantly more secure, though consumers are still waiting to learn more before abandoning all of their passwords.
Since 2013, there have been more than 25 successful cyberattacks against US government networks, and many federal agencies still haven't prioritized cybersecurity efforts. As China, Russia, Iran, and other foreign governments continue to launch attacks, IT experts believe governments should make a bigger effort to boost network protocols.
Internal inspectors have found numerous security vulnerabilities in different government agencies, and the US federal government still is lackadaisical in improving security. It's ironic that the Obama Administration has streamlined malware creation - and cyberwarfare development to attack foreign rivals - but has been slow to improve its own security.
"It would be wrong to suspect that the federal government is any better at this than the private sector," said Paul Rosenzweig, visiting fellow at the Heritage Foundation and former Department of Homeland Security (DHS) policy aide.
Sony Pictures Entertainment was forced to warn employees not to access corporate networks or check their email, because the company is under cyberattack and being blackmailed to prevent "secrets" from being released. It's unknown what information, if any, the hackers were able to steal from the Sony network.
An image that says SPE was "Hacked by #GOP" was published on the company's computers - and issued the following message: "Warning: We've already warned you, and this is just the beginning... We have obtained all your internal data including secrets and top secrets."
"Sony deserves praise for going offline while they figure out what is happening rather than allow further damage," said Hemanshu Nigam, Internet cybersecurity expert. "Hackers are always-on the hunt for holes in a network, which can happen when a system isn't updated properly or a feature change is made. It is critical for companies to conduct self-hacking exercises on a continuous basis to find and patch these vulnerabilities before the hackers find them."
The 2014 Christmas shopping season will see a 4.1 percent increase in sales, up to $616.9 billion, and cybercriminals will be busy trying to find new ways to target retailers and shoppers. Since many smartphone and tablet owners don't bother anti-malware software, while some don't even password-protect their devices, there is an effort to hijack mobile technologies.
"Cybercriminals follow the flow of money, and this Thanksgiving, a very high number of transactions will take place through mobile channels," said Alisdair Faulkner, ThreatMetrix chief products officer. "Unfortunately, it can be difficult for retailers to use IP geo-location data to ensure mobile transactions are authentic. Instead, retailers should try to leverage trust intelligence networks to recognize customers with good mobile purchasing history, and complement this with finer grained authentication intelligence available with a native mobile application."
However, a more realistic approach will involve cybercriminals compromising retailers - especially as more consumers keep debit and credit card data stored with their favorite stores - as network security is still often overlooked.
The sophisticated Regin stealth malware, which has been in operation since at least 2008, was likely created by the US and UK governments to spy on other governments and businesses. Specifically, the NSA and GCHQ most likely spearheaded the project, with the malware's first target against the European Union (EU).
"Having analyzed this malware and look at the [previously published] Snowden documents," said Ronald Prins, security expert. "I'm convinced Regin is used by British and American intelligence services."
Russia was the most heavily infected nation, racking up 28 percent of Regin's wrath, while 24 percent was in Saudi Arabia, Ireland (9 percent), Belgium (5 percent), and Austria (5 percent) rounded out the list of most infected nations.