TweakTown NewsRefine News by Category:
The University of California, Irvine student health center was reportedly compromised, with a form of keylogger malware running for at least six weeks. In the breach, student ID numbers, contact information and bank numbers of up to 1,800 students and a small number of others at risk, according to UC Irvine spokespeople.
No UC Irvine medical records were compromised, with the malware operating from February 14 to March 27, according to officials.
Universities are having a hard time trying to keep their networks secure, with cybercriminals finding large amounts of information that is increasingly easy to compromise. The University of Pittsburgh Medical Center was recently hit by a data breach, while Iowa State University also suffered a data breach as criminals tried to mine for bitcoins. University of California at San Francisco also suffered a breach, and University of Hawaii officials are warning of increasingly clever phishing attacks.
Security experts cannot seem to agree whether or not anti-virus software today is adequate to defend against sophisticated malware attacks, with another industry leader saying most anti-virus simply isn't effective. Lastline Labs researched malware samples for one year from May 2013 to May 2014, using 47 anti-virus signatures, and found that no solution detected every malware sample on any of the test days.
Also of note, the first day of testing, just 51 percent of anti-virus software products detected malware samples - and took two days, on average, for an AV scanner to alert to malware that slipped by in previous tests.
Here is what Engin Kirda, co-founder of Lastline Labs said: "I heartily encourage further testing and analysis of advanced malware detection techniques - by CIOs, CSOs and the broader security community in addition to my own team - in order to battle test detection technology. In order to protect our organizations, our people and our resources, we have to collaborate, integrate and share intelligence in order to begin to close the gap."
Facebook wants to keep its users secure from online malware threats, and has teamed up with security firm F-Secure to provide a free browser-based malware scanner. The No. 1 social networking website also is working with Trend Micro, so it's a two-pronged defense method that will be closely analyzed to ensure effectiveness.
It's great to see Facebook step up and work with security companies to try and keep its users secure in an evolving cyberthreat landscape. If a Facebook user is compromised, it's not uncommon to have malware collect personal information, post status updates, or send messages to friends, in a clever attempt to compromise more users.
Here is what Arto Saari, F-Secure Product Manager said: "Facebook's dramatic global growth has significantly changed how people interact with their friends and family. In turn, Facebook's popularity has made it a major target for online criminals. We are pleased to partner with Facebook to stop cybercriminals from taking advantage of Facebook's user base for malicious ends."
Major defense contractor Lockheed Martin recently said it has seen cyberattacks targeting its PCs and networks quadruple over the past seven years, indicating a steep rise in the need for stronger cybersecurity efforts. So far in 2014, there have been at least 43 hacker groups and organizations targeting Lockheed, according to Chandra McMahon, Lockheed information systems vice president of commercial markets.
Not surprisingly, Lockheed also saw a rise in malware attacks, with Microsoft noting that malware infection tripled in 2013 - and threats are continuing to evolve at a rapid pace.
"While we haven't seen specific action on objectives in terms of damage, what we have seen over the last several years (is) malware created and deployed to damage critical infrastructure," McMahon also added.
Popular retailer Target is struggling to win over customers following its major data breach in late 2013, with first quarter profits falling 16 percent. Through its first fiscal quarter, which ended on May 3, customer transactions also fell 2.3 percent when compared to the previous quarter - and the previous quarter saw customer transactions already drop 5.5 percent.
"We're in a place when it comes to the data breach where we don't have visibility yet to potential third-party liabilities and operating expenses they've incurred," said John Mulligan, Target interim CEO and chief financial officer.
It's going to be a continued uphill battle for Target to convince customers to give the retailer another try - as brand trust clearly took a hit. This is a serious warning for other retailers, to ensure their customer data is secure, as consumers are growing weary of the sheer number of data breaches and cases of identity theft due to lackadaisical security protocols. Target executives were reportedly warned about the threat of a security breach, though did nothing to change it.
Following news that the Chinese government has banned Windows 8 from government PCs, Microsoft is working with Chinese officials to evaluate the OS. The company was reportedly "surprised" to hear about the ban, receiving a memo released by the China Central Government Procurement Central.
Although no official reasoning was offered by the government, Chinese news agency Xinhua said it was related to PC security. Most government PCs are currently running Windows XP, the aging Microsoft OS that reached end of support in early April - though there are growing political tensions related to organized cyberspying between both the United States and China.
"Microsoft has been working proactively with the Central Government Procurement Center and other government agencies through the evaluation process to ensure that our products and services meet all government procurement requirements," said Joanna Li, a Microsoft spokesperson located in Beijing. "At the same time we are working on the Windows 8 evaluation with relevant government agencies."
Recent news of a brute-force attack that compromised a weak password system at an unnamed public utility is the latest example of a growing threat to public utility companies. The Department of Homeland Security and FBI are working with utility companies in an effort to beef up cybersecurity, hoping to avoid industrial control functions from being compromised.
"It's not a question of if but when we are going to have some sort of cyberattack on the grid," said Philip Jones, U.S. energy regulator, during a recent speech. "My biggest nightmare is that there is a coordinated physical and cyberattack."
Many public utilities also rely on Windows XP, which reached end of support early last month, though likely are paying Microsoft for additional security. However, it's foreign-based cyberthreats that are especially frightening, with China, Russia, Syria, and North Korea reportedly trying to compromise U.S. utility infrastructure.
More companies face cyberattacks and potential data theft, with many C-level executives unsure how to combat these types of growing threats. CEOs should be extremely proactive to try and prevent cyberattacks, which will help protect employee and customer data from theft.
CEOs should try to join an information-sharing organization, with additional cybersecurity-focused groups starting, and run security audits. It's also important - yet typically overlooked - to monitor what access third-party vendors have, especially when it comes to sensitive information.
As popular retailer Target learned, a massive data breach can have a major ripple effect for future business efforts. Former Target CEO Gregg Steinhafel resigned just five months after the data breach, while the company also shuffled its IT team around.
The U.S. government is working on a national "biosurveillance" system that will provide an uncanny amount of personal medical records of U.S. patients, masked under national security, according to patient privacy advocacy group Citizens Council for Health Freedom. According to the group, biosurveillance efforts ramped up in 2009, when the Obama Administration created the Recovery Act, forcing doctors and hospitals to use computerized patient and medical records.
Here is what Twila Braise, Citizens Council for Health Freedom co-founder, told CBSNews: "It's very broad. It doesn't seem to have any limits, except they say something about, you know, properly protecting the data. But from our perspective, if the government gets access to this kind of data, [and] is allowed to do research with the data...then our privacy has already been compromised. The government has already said that our data is their data for their purposes of national health security."
There is growing concern the U.S. government wants to be able to utilize real-time access to electronic medical records, which can be used for snooping, or covert research and analysis.
As national governments try to better understand cybercrime, extreme publicity from high-profile attacks reported by mainstream media may have a bigger impact than the actual cybercrime itself, according to government officials.
"Therefore, despite the low probability of destructive terrorist cyberattack occurring, such an event may have a high profile impact even if unsuccessful," noted Glenn Lemons, Homeland Security senior intelligence officer, in a speech before the House committee on cybersecurity and terrorism. "Success in this may be determined by press coverage [as opposed to] destructive network activity."
Even with more press coverage, it's clear that many governments and corporations are simply unsure how to address the changing hacker mindset. Years ago, hackers focused on defacing websites and vandalism - but many have evolved to focus on political or monetary gains.