TweakTown NewsRefine News by Category:
Ben Lawsky, a New York financial regulator and head of the New York Department of Financial Services, is reportedly considering new regulation to help prevent against "an Armageddon-type" cyberattack. There is concern that a coordinated cyberattack would be able to hit the "broader economy" of the United States.
"We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time," Lawsky said while speaking at Columbia Law School.
To help prevent against a "cyber 9/11," Lawsky wants financial institutions and insurance companies be graded by the DFS. The legislation may also require multifactor authentication and other requirements to keep data secure. Banks also must be proactive in their effort to keep data secure, as foreign-based hackers continue their attempts to disrupt Wall Street.
Lenovo likely only collected $200,000 up to $250,000 for its Superfish adware installations on consumer PCs, according to a report from Forbes. Previous estimates predicted higher figures - but considering the company's major earnings - the low sum likely won't be worth the legal and public relations headaches.
It is alarming Lenovo, which finalized a deal in summer 2014 to pre-install Superfish, received such a small amount for jeopardizing so much. In addition to promising no more Superfish installations, the company's website was reportedly compromised by the Lizard Squad hacker group last week.
It looks like Lenovo is learning from its mistakes, promising to be more transparent about pre-installed software in the future. For new machines running Microsoft Windows 10, the Lenovo standard image will only include the OS, security software, Lenovo applications, and software/drivers required to make hardware work well.
More than five billion downloaded Google Android apps could be targeted by hackers, according to cybersecurity experts. Most forms of malware (96 percent) are focused on compromising Android, according to data from the FireEye cybersecurity firm.
Android is open source and allows more developers to contribute to the OS, but that also gives hackers a great opportunity to create sophisticated malware. Malware targeting Android drastically increased from 240,000 samples in 2013 up to 390,000 unique samples last year - and the problem seems to be accelerating.
"You can get all the code and then you can insert additional instructions and make it look and feel like the original app and no way for a consumer to tell the difference when they download it," said Jason Steer, director of technology strategy at FireEye, in a statement given to CNBC.
Cyberattacks from foreign states and rogue hacker groups have become the top threat to the United States, according to US intelligence experts. Director of National Intelligence, James Clapper, is especially concerned of potential attacks from Russia, China, Iran and North Korea - saying low-to-moderate level cyberattacks pose a long-term threat against critical infrastructure.
In addition to cyberespionage from foreign governments, there is rising concern of hacker groups able to infiltrate government agencies and companies - sometimes with support from foreign governments - with the goal of interrupting business operations, stealing money, and compromising employee and customer personal data.
Unfortunately, the US government has focused more on its cyber surveillance programs while largely neglecting cybersecurity. Even though it's effective to have offensive weapons, the United States has a lot more to lose than other countries if a major data breach occurs - and there is growing focus on being able to identify and defend against attacks.
By 2018, 40 percent of large enterprises will have some type of plan to respond to aggressive cybersecurity business disruptions, a drastic increase from zero percent in 2015, according to the Gartner research group.
Gartner describes an aggressive business disruption attack as a coordinated and sophisticated effort to interfere with and damage business operations - wiped data, servers knocked offline, intellectual property stolen.
"Entirely avoiding a compromise in a large complex enterprise is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as several attack patterns and overwhelming evidence support that a compromise will occur," said Paul Proctor, VP and distinguished analyst at Gartner. "Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security program."
Twenty-eight percent of consumers know nothing or very little about mobile malware, while another 26 percent said they are aware of cyber threats but aren't worried, according to the "Consumer Security Risk" survey from Kaspersky Lab.
In addition, 31 percent of Google Android smartphones and 41 percent of tablets aren't password-protected, while 58 percent of Android smartphones and 63 percent of tablets have some form of anti-virus software.
"It is not surprising that mobile users are facing online threats more often now: devices are capable of doing so much more, and many more people are using them, so of course they will attract fraudsters," said Victor Yablokov, head of mobile product line at Kaspersky Lab. "To avoid falling victim to scams, users are advised to protect their devices against cyber threats and be especially careful with any sensitive data store on them."
Even with the rising sophistication of cyberespionage campaigns, US critical infrastructure is less likely to suffer from a single major incident - and faces a higher risk of continued low-to-medium attacks.
"Rather than a 'cyber-Armageddon' scenario that debilitates the entire US infrastructure, we envision something different," said James Clapper, director of national intelligence, in a recent report. "We foresee an ongoing series of low-to-moderate level cyberattacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security."
Clapper's statements were made as part of a report submitted to the Senate committee, with growing concern regarding cybersecurity.
FireEye's Mandiant found that the average data breach was discovered in 205 days, dropping from 229 days (2013) and 243 days (2012). Enterprises were only able to self-detect 31 percent of breaches, with third-parties and the government helping identify cybersecurity incidents.
Companies are becoming more vigilant in detecting cybercrime-related activity, such as credit card companies noticing fraudulent behavior.
"Over the last several years, organizations like the Federal Bureau of Investigation (FBI) have gotten increasingly involved in notifying US businesses that they have been identified as being compromised," said Ryan Kazanciyan, technical director at Mandiant, in a statement to eWEEK. "The result of the FBI's efforts has led to increasing numbers of victim notifications."
Europol's European Cybercrime Center is actively dismantling the Ramnit botnet, which relies on up to 3 million malware-infected zombie PCs. Twenty-seven percent of Ramnit infections were identified in India, with Indonesia (18 percent), Vietnam, the United States, Bangladesh and the Philippines also impacted.
Europol didn't say if any arrests were made at this stage of the investigation, but offered this public statement:
"This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime," said Wil van Gemert, Deputy Director of Operations at Europol. "We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes."
In retaliation for loading PCs with Superfish adware, the Lizard Squad hacker group reportedly hacked the Lenovo website on Wednesday. Website visitors saw a slideshow of people singing "Breaking Free" into their webcams, instead of the normal Lenovo website.
"We regret any inconvenience that our users may have if they are not able to access parts of our site at this time," Lenovo said in a statement. "We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information."
It has been a terrible month for Lenovo, with the company confirming - and apologizing - for its use of Superfish, and then being hacked by the Lizard Squad. The hacker group reportedly used the Webnic.cc domain name registrar, a Malaysian company, to hijack the website's Domain Name System (DNS).