Blockchain offers a secure approach to storing sensitive information and performing functions, suitable for exposed environments that demand high cybersecurity. Its use of sequential hashing, cryptography and decentralized structure, which all took decades of research and refining, make it virtually impossible for any outside party to “unilaterally alter data on the ledger.” Bitcoin was the first application of blockchain, launching in 2009.
While recent data breaches and hacking attempts on government entities have spotlighted growing cybersecurity concerns with Russia, it turns out that Russia has a cybersecurity problem of their own. Kapersky lab, an international cybersecurity and anti-virus provider headquartered in Moscow, claims to have blocked more than 73 million hacking attempts with malicious attachments in Q3 2016. Of all the organizations targeted by cybercriminals, banks led the way accounting for 27 percent of the phishing attempts. According to the report, the overall number of attempted hacks increased 37 percent compared to the previous quarter. What’s more, spam with global email traffic has also increased dramatically, with six in ten of all emails containing spam. While spam is often just “unwanted advertising … the majority of malicious spam emails during the past quarter contained ransomware, which is yet more proof of the rising epidemic of this type of malware,” said Daria Gudkova, Head of Content Analysis and Research at Kaspersky Lab.
The Lansing Board of Water and Light was forced to pay a $25,000 ransom due to a cyber-attack that held the company’s main controls hostage. The attack originated when an employee unknowingly opened an email which contained the ransomware. While the Michigan-based company estimated a total of $2.4 million dollars in both damages to internal operations from the attack and upgrades to prevent future cyber breaches, all but $500,000 of that sum was covered by insurance. In response, the BWL Board of Commissioners’ Committee agreed unanimously to implement a new information technology communication policy, which hadn’t been updated since 2007.
In what preliminary reports are indicating could be one of the biggest breaches of 2016, the Friend Finder’s Network (FFN) and the six properties operating under its domain, including Adult Friends Finder, have been breached. The breach was triggered by local file inclusion vulnerability (LFI) and resulted in over 412 million users being compromised. Most passwords were stored with SHA-1 encryption, which is too weak to thwart off modern attackers. Experts are saying that this breach could be worse than the one that occurred at MySpace earlier this year. Consequently, the FFN breach is likely to cause a domino effect of smaller breaches resulting from password reuse and spear-phishing. The breach at FFN indicates a growing need for data systems to update and modernize security as the cyber landscape continues to grow and evolve.
Over the past several weeks, we have seen a spark in Distributed Denial of Service (DDoS) attacks across the globe. Kaspersky Lab, an international cybersecurity provider based in Moscow, has confirmed that 5 of Russia’s largest banks, including Sberbank, have been experiencing persistent DDoS attacks over the past several days. At the peak of the DDoS attacks, Kaspersky Lab reached over 660,000 requests per second. Experts believe that the hackers have carried out these attacks through the botnet of a hacked Internet of Things device, similar to the recent DDoS attack on Dynamic Network Services Inc. (Dyn) in the United States. While the origins of the attacks are unknown, some speculate that they have originated from anger about Russian involvement in the U.S. elections. In response to the attacks, the Online Trust Alliance (OTA) has produced a framework for a kite mark standard in securing IoT devices. While this DDoS attack on Russian banks was just one of 68 in total this year, experts say it is one of the largest they have ever seen.
A group of researchers from Indiana University Bloomington, University of California Santa Barbara and the Georgia Institute of Technology discovered more than 600 cloud repositories that contained malware and other potentially unwanted programs (PUP). According to Liao et al.’s report, up to 10 percent of the 140,000 sites and 20 major cloud platforms researched, including those of Google, Amazon and Groupon, contained compromised content. Additionally, the researchers also found the presence of several hundred malicious “buckets,” which actively dump malware into these repositories. Threat actors have utilized a variety of common attacks including fake antiviruses, phishing, as well as drive-by downloads. Liao et al.’s findings are an indication of the growing difficulty in securing big data repositories and the possible vulnerability of these cloud platforms.
Los Angeles, a target for movie stars and warm weather, is also one of the largest for cyber-attacks in the world. Being the second largest city in the nation, L.A.’s massive data responsibilities create an enormity of security challenges. “We receive a massive amount of automated cyber-attacks every month, about 100 million,” said Ted Ross, the city’s CIO. To combat this issue, Ross reports that the city has made significant improvements to its cybersecurity in the last two years, such as the construction of a $1.8 million Integrated Security Operations Center which consolidates threat intelligence. Consolidation has helped to speed up threat response and coordination. L.A. is sharing their findings with the FBI, Homeland Security, and the Secret Service in efforts of unifying with other governments and cyber professionals. The issue of ransomware remains at the top of the list of L.A.’s worries, but they do feel confident in their security behind their internet of things infrastructure.
Former Homeland Security and intelligence officials are backing a report from George Washington University that lays out a policy framework, recommending government “certification” of private organizations, for companies to defend against foreign hackers. The report aims to offer concrete policy proposals to address the issue of legalities of private companies defending against notion-state supported cyberattacks, and the federal government’s role in supporting those defenses. Among the various policy recommendations is a call to the Department of Justice to issue guidance to the private sector regarding the legality of active defense as well as a recommendation that the White House’s independent Privacy and Civil Liberties Oversight Board conduct a review to ensure personal information is protected.
Following new research, Kaspersky Lab finds that only half of under-25s would join the fight against cybercrime, while the other half would use their skills for fun, secretive skills or financial gain. Although nearly 50 percent of young consumers believe that a career in cyber-security would be a good use of their skills, many do not pursue it. Kaspersky points to the lack of opportunities for graduates to gain experience and education in the industry as the cause for that. Seeing as many businesses hire from within and do not offer any kind of any entry-level cyber security roles, the majority of IT pros look to education establishments to be responsible for training new generations of cyber-security professionals. Kaspersky claims that, “this generation is closer to technology than any before… their talent should be harnessed and nurtured for society’s good.”
Last week, five employees of Baystate Health, of Springfield, Mass., reportedly responded to phishing emails, giving hackers access to employee email accounts containing patient information. Patient names, birth dates, diagnoses, treatments, medical record numbers and health insurance identification of potentially 13,000 people were exposed. Baystate quickly took action to secure the compromised accounts, began an investigation and notified law enforcement of the attack, and created a training program to educate workers about phishing emails. A letter of notification for those who may have been affected was also sent. So far, Baystate is unsure whether or not any of the hacked data has been used for fraudulent activities, but claims it is “committed to protecting private information and is taking this matter very seriously.”