Hacking, Security & Privacy - Page 22

The South Korean government believes they have found evidence that shows North Korea is behind cyberattacks aimed at its financial sector and nuclear operators. The malicious code was designed to delete files from infected PCs, which prevented banking customers from transferring money online or withdraw money in-person.

"The malicious codes used in the attack were same in composition and working methods as 'Kimsuky' codes known to be used by North Korea," according to the South Korean prosecutor's office, and noted by CNN. In addition, some IP addresses were traced back to Shenyang, China, which is along the border between China and North Korea - with North Korea reportedly relying on China's more established Internet infrastructure to launch attacks.

North Korea's growing cyber ability tends to be focused on South Korea, with financial institutions, nuclear power operators, and private sector companies all targeted in the past.

The Media Trust, a cybersecurity firm focused on monitoring and protecting the advertising ecosystem, has unveiled a new software as a service (SaaS) offering able to provide real-time data about malicious ads.

Resolution Services is designed for use by ad networks, publishers, ad exchanges, paid-content engines and demand platforms, and scans for malware detection - providing faster remediation time if something is detected.

"Every day the ad-network-and-exchange model proves its worth as evidenced by the millions of ads successfully served in just one 24-hour cycle, but the constant threat of malvertising requires continuous improvement and greater collaboration across the industry," said Chris Olson, co-founder and CEO of The Media Trust.

There are 85,000 new malicious IPs launched daily, while technology companies and financial institutions endure the highest number of phishing attacks, according to the Webroot 2015 Threat Brief. The United States has the most malicious IP addresses with 31 percent, ahead of China (23 percent), and Russia (10 percent) - with half of all malicious IP addresses tracing back to Asia.

The United States hosts the most amount of phishing sites, accounting for three out of every four - even though experts believe foreign operators could be utilizing US-based sites for their operations.

"Webroot has seen a continued rise in the number of malicious URLs, IP addresses, malware, and mobile applications used to enable cybercriminals to steal data, disrupt services, or cause other harm," said Hal Lonas, CTO at Webroot.

Unknown Arabic-speaking hackers have successfully breached Israeli military computer networks, in an ongoing cyberespionage campaign, according to enterprise cybersecurity firm Blue Coat Systems. The hackers pieced together an effective attack vector by using existing malware that was launched via social engineering attacks to compromise victims.

The use of social engineering and code that wasn't customized allowed the hackers to operate with low overhead, while still being able to complete their mission. The phishing emails were sent to publicly listed military addresses, promising a breaking military news update, or a video clip of the "Girls of the Israel Defense Forces."

Israel has a strong private sector focused on cybersecurity, but faces a growing number of enemies improving their cyberattack abilities. Groups such as Hezbollah, for example, are able to launch surprisingly sophisticated cyber missions aimed at stealing information and interrupting military operations.

Companies must have a strategy in place when a data breach occurs, and it looks like IT managers may not be best to handle a breach crisis, according to a new report by Booz Allen Hamilton. Instead, a business savvy leader at the company is better prepared to handle the problem, as they will be prepared to address crisis communications, legal issues, disaster recovery, and other strategic decisions that must be made.

A skilled executive that has a high-level view of the company's complete operation will be able to react more efficiently instead of an IT or security manager.

"They may have to shut the systems down, reconfigure things, and do other things that will affect the business," said Bill Stewart, executive vice president of Booz Allen Hamilton, in a statement published by CSO Online. "And they might not be in a situation where they understand the broader business objectives. Having someone who understands the broader business, helps them make better decisions."

There are more than 16 billion connected computing devices in use across the world today, with even more Things expected to utilize the Internet of Things (IoT) in the future.

Cybersecurity experts are concerned about a large number of threats, with 83 percent worried about rogue or unauthorized devices operating undetected in their networks, according to a recent survey by Pwnie Express. To make matters even worse, 69 percent of cybersecurity professionals cannot access full wireless visibility of devices, so it's difficult to identify what is actually connected.

As more companies and users embrace IoT, there is concern that the Internet of Evil Things (IoET) will find countless vulnerabilities to exploit in the future.

A whopping 99 percent of Google Android phone owners faced a potential threat from cybersecurity loopholes, according to the Cheetah Mobile 2014 Mobile Security Report.

Mobile users faced a number of different phishing scams, malware attacks, and data leaks in 2014 - and social network phishing is evolving, posing even more threats that users should be aware of.

Android, the most popular mobile operating system, has been applauded for its open source ecosystem - which also gives cybercriminals the ability to easily create malicious tools. Cybersecurity experts recommend running an anti-malware scanner, at the very least, to help identify potential threats that could be avoided.

Cybercriminals find healthcare data to be an appealing target, as medical records contain a large amount of personal information. There is a drastic need for better cybersecurity protocols - and how hospitals and other medical agencies handle paper and electronic records.

Thirty four percent of reported medical data breaches over the past three years took place in California, Florida, Texas, New York and Illinois - with a mix of healthcare system partners, insurers, and other third parties helping contribute to the problem.

"News of hacking incidents and cybersecurity [breaches] have been in the news so much lately, [that] both for industries inside and outside healthcare, one might get the impression that hacking is the most common reason for data breaches," said Dr. Vincent Liu, from the division of research for Kaiser Permanente, in a statement to Medpage Today. "In fact, we found that theft of paper or electronic records accounted for the majority - protecting the security and privacy of patient data needs to be a priority in many different venues, and with all types of patient data, including paper records."

Insider threats remain a significant threat to corporations, causing the most actual damage and harm, according to a recent survey published by the Cryptzone cybersecurity firm.

"It's remarkable that many organizations are still utilizing network security technologies developed in the nineties - a time when the Internet was still in its infancy," said Kurt Mueffelmann, president and CEO of Cryptzone. "The cyberattacks we have seen over the last few years have demonstrated that it's far too easy for hackers to steal user credentials, and then use those credentials to traverse the enterprise network in search of the most valuable data."

Forty-eight percent of respondents said IT departments are main controllers related to cybersecurity policy, 36 percent said information security owns policy control, and 12 percent noted compliance or risk management teams are responsible for security policies.

Cybercriminals are finding security vulnerabilities that allow them to target critical infrastructure like electric grids, and could also begin targeting nuclear power plants, according to a cybersecurity specialist in Israel.

"The disruption and possible infiltration of critical infrastructure is the most severe form of cyberattack," said Col. Dr. Gabi Siboni, director of the cyber security program at the Institute for National Security Studies program, in a statement to the Jerusalem Post. "Such attacks on airplanes or air traffic control towers, for instance, means that hackers could cause accidents, or even paralyze entire flight systems. As of now, this area of capabilities is the exclusive domain of developed states."

The United States, UK, Israel, South Korea, and other nations have expressed concern related to critical infrastructure cybersecurity. Recently, South Korea - which has blamed North Korea - suffered a breach at its national nuclear plant operator, though quickly confirmed its 23 atomic reactors weren't at risk.

Enterprise security company SentryBay has unveiled a new anti-keylogging solution designed for smartphones, tablets, and other mobile products. To help keep mobile users secure, the product generates a dedicated secure keyboard, keystroke encryption, screen capture protection, and the generation of fake random characters.

Both Google Android and Apple iOS cache user keypad entries, providing savvy hackers with the ability to monitor and uplift what is entered.

"We are pleased to announce these latest innovations," said Dave Waterson, CEO of SentryBay. "For a long time we have been a leader in PC-based anti-keylogging technology, but after years of R&D we finally feel the solution we have developed for mobile can provide the strong data entry security that app developers are looking for."

Cybersecurity experts from around the world will descend on the Moscone Center in San Francisco for RSA Conference 2015 this week. The growing security industry is expected to be worth up to $20 billion within the next three years, as the US government and private sector companies purchase new software and hardware.

"Seven or eight years ago you could hear a pin drop at RSA," said Dan Ives, analyst at FBR Capital Markets, in a statement to FT. "Now it is going to be like a Bon Jovi concert. It is the seminal event in cybersecurity: the new year's eve, the wedding, the bar mitzvah."

A number of high-profile security incidents in 2013, 2014 and so far in 2015 have shown the need for next-generation cybersecurity solutions. More than $1 billion in venture capitalist funds have been invested in cybersecurity during Q1 2015 alone - and it appears more investors are preparing to flock to the market.

US lawmakers and military officials are worried that their cyber abilities are still not advanced enough, especially in regards to cybersecurity, and want to increase efforts to recruit cyber warriors. The top Pentagon cyber official, Eric Rosenbach, confirmed he is concerned that the Cyber Command doesn't have a strong command and control platform that can launch strong offensive cyber weapons.

"Today I think we are, we could be, an easy target," said Air Force Lt. Gen. James McLaughlin, deputy commander of the US Cyber Command, in a recent statement to Capitol Hill.

The US military wants to create a group of 6,200 'cyber warriors' by the end of next year, working in 133 operational teams. Along with increasing manpower, US military leaders want to invest in new hardware and software that will give it an advantage against foreign governments.

The Iranian government has a growing cyber arsenal capable of launching more attacks against political rivals and foreign governments, according to the Norse cybersecurity firm and the American Enterprise Institute. Even with international sanctions, the country has been able to create tools used for reconnaissance and intelligence collection from compromised targets.

"Cyber gives them a usable weapon, in ways nuclear technology does not," said Frederick Kagan, director of the American Enterprise Institute's Critical Threats Project, in a statement published by the New York Times. "And it has a degree of plausible deniability that is attractive to many countries."

There is concern that Iran would spend even more money to help develop its cyberweapons - but the country has already continually improved its current attack capabilities. China and Russia have developed capable cyberattack efforts, but cybersecurity experts show the most concern that North Korea and Iran are trying to improve their hacking tools.

There were at least 29 million US healthcare records stolen between 2010 and 2013 in data breaches, according to the Journal of the American Medical Association (JAMA). More than 58 percent of data breaches occurred by theft, with two-thirds of the incidents caused by electronic data that was stored on laptops, USB drives, and other portable media.

Stanford University and Kaiser Permanente researchers studied data breaches that involved at least 500 victims or more, so the 29 million figure could actually be even higher. It's also worth noting that some healthcare patients could have been victimized more than once, as some data may have been duplicated.

Cybersecurity professionals believe 2015 could be the year of healthcare record chaos, as Anthem suffered a breach - and more could be on the way.

Small businesses are a lucrative target for cybercriminals trying to launch ransomware malware attacks, and the problem is only getting worse. Careless employees are tricked, typically using phishing emails, and the custom malware encrypts various files - demanding a ransom payment or the files will be permanently encrypted.

"They set the ransom so low that, as violated as I feel and as much as I wanted to fight, at the end of the day I realized I can pay and get back to work," said Mark Stefanick, president of Advantage Benefits Solutions, in a statement published by the Wall Street Journal. Stefanick chose to pay the $400 ransom so files were quickly decrypted and his company could get back to normal operation.

Around 30 percent of ransomware victims choose to pay the ransom to end the cyberattack, according to Trend Micro chief cybersecurity officer Tom Kellerman. There were at least 250,000 new ransomware samples studied by Intel Security during Q4 2014, a whopping 155 percent increase quarter-over-quarter.

A hacker group with support from the Chinese government has operated for more than 10 years without being detected, able to compromise information from companies and reporters, according to FireEye. Many of the attacks started with social engineering, with victims unknowingly installing the Mysterious Eagle malware onto PCs - so the hacker group could remotely monitor and control the compromised systems.

The APT30 group has been in operation from 2004 and was able to collect information "about journalists, dissidents and political developments in relation to China targeting government and military organizations, and targeting economic sectors of interest to China's economy."

The Chinese government has long been accused of funding cybercriminal groups aimed at compromising western targets - much of the attention is focused on the US government and companies with US customers.

Most headlines featuring hackers tend to focus on cybercriminals trying to breach security protocols for criminal gain - but there is a growing effort to support "white hat" hackers working in an ethnical manner to find security bugs.

"There are actually a lot of good hackers out there that are revealing vulnerabilities and bugs in technology that we all rely on," said Keren Elazari, analyst for GigaOM Research, while speaking during the Atlantic Security Conference, in a statement to CBC's "Mainstreet" program. "A lot of companies are still kind of reluctant to open their doors to hackers... that's something I'm trying to change."

Google, Facebook, Tesla, and other companies rely on so-called "bug bounty" programs that provide cash and other incentives for coders. It can be difficult for internal programmers to try to work out bugs and vulnerabilities in their own software, so having outside help can be critical.

Even with companies spending more on cybersecurity efforts, data security breaches are at an all-time high, the Gartner research group recently said.

However, these high-profile breaches are finally sounding alarm bells among C-level executives - and they may be desperate to spend money - but aren't really sure what they are buying and trying to implement.

The number of security information and event management (SIEM) solutions leads the way in regard to cybersecurity, collecting, saving and analyzing security data. However, trying to sort through all of that data remains rather confusing, but security analytics technology is maturing.

Cybersecurity is a complicated issue that has serious ramifications for the United States and other countries that aren't focusing enough attention on the matter. More national governments are developing programs to attack political rivals, in an effort to steal information and cause data breaches.

"Cyber is a weapon of war," said Ray Boisvert, former head of intelligence for the Canadian Security Intelligence Service (CSIS), in a statement to The Register. "The NASDAQ and Home Depot hacks are examples of this."

There are around 60 countries involved in various forms of cyberespionage, including terrorist groups like Hezbollah, according to US assistant secretary of defense for Homeland Defense and Global Security, Eric Rosenbach. Boisvert thinks that number is accurate, though much of the attention is focused on Russia and China.