Sunday, November 01, 2015

Cybersecurity News and Education for the Week of November 1, 2015





Cyber Crime

TalkTalk Hackers Demanded £80K in Bitcoin: TalkTalk, a British phone and broadband provider with more than four million customers, disclosed Friday that intruders had hacked its Web site and may have stolen personal and financial data. Sources close to the investigation say the company has received a ransom demand of approximately £80,000 (~USD $122,000), with the attackers threatening to publish the TalkTalk’s customer data unless they are paid the amount in Bitcoin. KrebsOnSecurity, October 24, 2015

Cyber Attack

Hackers turning millions of smart CCTV cameras into botnets for DDoS attacks: Security researchers have spotted that malware is being used to hijack CCTV cameras all over the world into botnets so that hackers can use them to launch Distributed Denial of Service (DDoS) cyber attacks. International Business Times, October 26, 2015

Cyber Privacy

U.K. Gov’t: No End-To-End Encryption Please, We’re British…: The U.K. government continues to tie itself in ugly knots about encryption. The question is why? TechChruch, October 29, 2015
Anonymous Hackers Threaten to Reveal Identities of 1,000 Ku Klux Klan Members: In a blog post uploaded yesterday afternoon, the Internet hackers known as Anonymous have threatened to unhood up to 1,000 Ku Klux Klan members. Essence, October 29, 2015
European Parliament Urges Protection for Edward Snowden: BRUSSELS — The European Parliament narrowly adopted a nonbinding but nonetheless forceful resolution on Thursday urging the 28 nations of the European Union to recognize Edward J. Snowden as a “whistle-blower and international human rights defender” and shield him from prosecution. The New York Times, October 29, 2015

Cyber Warning

Hackers infect MySQL servers with malware for DDoS attacks: SQL injection is used to abuse a MySQL feature and install malware on servers. InfoWorld, October 29, 2015
With $325 Million In Extorted Payments CryptoWall 3 Highlights Ransomware Threat: A new report from the Cyber Threat Alliance (CTA) on the latest version of the CryptoWall malware family helps illustrate why ransomware has emerged as one of the biggest threats to web users in recent times. DarkReading, October 29, 2015
Fake UPS tracking notification email carries malware: Windows users are advised to be on their guard, after a new malware campaign was spammed out posing as an email from UPS. GrahamCluley, October 27, 2015

Cyber Security Management

CSOs demanding more from cybersecurity tech: CSOs and CISOs are becoming more powerful, and their wielding that power to demand more from their technology vendors, to throw out underperforming tech, and to take more risks on new and innovative approaches. CSO, October 30, 2015
Survey: CISOs see cybersecurity progress: Proactive risk assessment, the adoption of systemic frameworks, and executive prioritization are advancing the world of cybersecurity. FedSccop, October 29, 2015
Information security maturing as a profession, says (ISC)2: Today’s information security professionals understand security is a blend of social, people and technology, and to be successful, they have to be capable across all of them, says (ISC)2’s managing director for Europe. ComputerWeekly, October 27, 2015

Cyber Security Management – Cyber Defense

Xen Patches ‘Worst’-Ever Virtual Machine Escape Vulnerability: One of the fundamental assumptions in virtualized computing environments is that code running in one virtual machine cannot escape its confines and directly access the host operating system and thereby other VMs running on the same physical server. Any vulnerability that enables a VM escape is considered a pretty big deal. DarkReading, October 30, 2015
University of Phoenix Survey Finds Threat of Cybercrime Prompts Nearly 3 in 4 U.S. Adults to Change Online Behaviors: PHOENIX, Oct. 22, 2015 — Data breach instances increased 23 percent in 2014 and U.S. adults are taking notice. Nearly three-quarters (74 percent) say they have changed their online behavior due to the threat of cybercrime, according to a new survey from University of Phoenix® College of Information Systems and Technology conducted online by Harris Poll in September among 2,028 U.S. adults. Forty-six percent are not conducting transactions on a shared computer, followed by 35 percent each who are changing passwords more often, not giving out personal information online, and not using public Wi-Fi. University of Phoenix, October 22, 2015

National Cyber Security

Hackers release info on Obama’s national security transition team: The slow drip of information allegedly stolen from CIA Director John Brennan’s personal email account continues to find its way onto WikiLeaks, with a list of personal information about 20 members of President Obama’s transition team added to the leak in the most recent post on Oct. 26. C4ISR&Networks, October 30, 2015

Cyber Law

The Problems Experts And Privacy Advocates Have With The Senate’s Cybersecurity Bill: It took more than four years for the Senate to pass a cybersecurity bill. As the legislation grew stale amid compromise and contention on the Senate floor over the years, hackers continued to refine their criminal craft and develop more sophisticated methods of attack. As a result, the bill approved on Tuesday by a vote of 74 to 21 will likely be ineffective in the prevention of cybercrime but it has also been criticized for the litany of privacy issues it could potentially introduce. At its best, the bill—the Cybersecurity Information Sharing Act (CISA)—has been hailed as a step in the right direction in the fight against cybercriminals. Forbes, October 29, 2015
A Quick Guide to the Cybersecurity Bill Passed by the U.S. Senate: Yesterday, after more than a year of bickering, stalling and revising, the Senate passed its most significant cybersecurity bill to date 74–21. The Cybersecurity Information Sharing Act (CISA) is a controversial measure to encourage businesses and government agencies to share information related to malicious hackers and their methods. Scientific American, October 28, 2015
Steptoe Cyberlaw Podcast – Interview with Mikko Hypponen: Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth? That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think). Mikko is the Chief Research Officer at F-Secure and a long-time expert in computer security who has spoken and consulted around the world for over 20 years. His company recently published a lengthy paper on Russian government cyberspies, which F-Secure calls “the Dukes.” Mikko describes the Dukes’ targets and tactics, including a remarkably indiscriminate attack on a Tor exit node. I press him on whether attribution is really getting better, and on whether F-Secure’s paper eases or heightens concerns about Kaspersky’s ties to Russian intelligence. Steptoe Cyberblog, October 27, 2015
Senate Approves a Cybersecurity Bill Long in the Works and Largely Dated: WASHINGTON — After four years of false starts and strife over privacy protections, the Senate passed legislation by a vote of 74 to 21 on Tuesday that would help companies battle a daily onslaught of cyberattacks. The New York Times, October 27, 2015
Cybersecurity Information (Over)Sharing Act?: The U.S. Senate is preparing to vote on cybersecurity legislation that proponents say is sorely needed to better help companies and the government share information about the latest Internet threats. Critics of the bill and its many proposed amendments charge that it will do little, if anything, to address the very real problem of flawed cybersecurity while creating conditions that are ripe for privacy abuses. What follows is a breakdown of the arguments on both sides, and a personal analysis that seeks to add some important context to the debate. KrebsOnSecurity, October 27, 2015

Cyber Insurance

Marsh: Premium for cybercrime Insurance on the rise: The cyber security insurance industry is seeing increased demand as more and more high profile cyber-attacks are embroiling companies in controversy and costing them millions of dollars. While take-up and liability limits continue to rise, as well as the kind of insurance products available, premiums are also rising quickly, research by Marsh shows. This is especially the case in the retail and health sectors that have seen a spate of high profile high cost breaches in recent years., October 27, 2015's Security Recruiter Blog