Cyberattack

Cyberattack / Most Viewed

US Law-Enforcement Agencies Reported to be at Risk in Foreign-Owned Buildings

US law-enforcement agencies are at risk of being spied on and hacked because some of their field offices are located in foreign-owned buildings without even knowing it. more

China a Decade Into Sweeping Cyber Warfare and Espionage Capabilities

According to a report released today by the U.S.-China Economic and Security Review Commission, China is well into a "military modernization program that has fundamentally transformed its ability to fight high tech wars." The report further indicates that if Chinese operators are in anyway responsible for even some of the current exploitation efforts targeting US Government and commercial networks, "then they may have already demonstrated that they possess a mature and operationally proficient CNO [computer network operations] capability." more

Report Shows Substantial Rise in Phishing Attacks in 2008

According to a recent security report, the number of phishing attacks on financial services customers has increased dramatically this year, with fraudsters focusing on three banks whose customers they have judged to be particularly vulnerable. Just as phishing seemed to have slipped off the consumer radar, online fraudsters have leapt on the chance to capitalize on this false sense of security and have increased their phishing activity... more

U.S. Issues Cyber Incident Coordination Policy

White House has issued new directive spelling out how the Federal government will coordinate its incident response activities in the event of a large-scale cyber incident. more

Energy Industry Number One Target by Cyber Criminals, According to New Study

Web security company, ScanSafe reports that, in the past quarter, companies in the Energy industry faced the greatest risk of Web-based malware exposure, at a 196% heightened risk compared to other verticals. The Pharmaceutical and Chemicals industry faced the second highest risk of exposure at 192% followed by the Construction & Engineering industry at 150%. The Media and Publishing industry were also among those at highest risk, with a 129% heightened risk compared to other verticals. more

Cybersecurity Lacking Coordinated Strategy for Sharing Intelligence

During yesterday's cyber security hearing held by the U.S. House Permanent Select Committee on Intelligence, experts expressed concern over lack of coordinated strategy or mechanism for sharing intelligence about intrusions with companies as well as the need for a systematic way for companies to share information with the government. "U.S. intelligence agencies are unable to share information about foreign cyber attacks against companies for fear of jeopardizing intelligence-gathering sources and methods," reports Ellen Nakashima of the Washington Post. Telecom companies may monitor and collect data to protect their own networks, but they cannot share that information freely with the federal government absent a court order, said James A. Lewis, the Canadian Security Intelligence Service (CSIS) commission program manager. more

Cyberspace Security in Africa – Where Do We Stand?

Very few African states today have developed a national cybersecurity strategy or have in place cybersecurity and data protection regulations and laws. Yet, the continent has made major headway in developing its digital ecosystem, and moreover, it is home to the largest free trade area in the world, which is predicted to create an entirely new development path harnessing the potential of its resources and people. more

Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense!

State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked. more

UK to Get Its Own Cyber Czar

Following the recent creation of a similar post by US President, UK government has also announced the formation of a cyber security chief. Reported by the Independent: "Britain is to appoint its first national cyber security chief to protect the country from terrorist computer hackers and electronic espionage, Gordon Brown will announce tomorrow. The Prime Minister's move comes amid fears that the computer systems of government and business are vulnerable to online attack from hostile countries and terrorist organisations..." more

Implications of California Telecom Attack Gone Un-Reported

In an article titled "A Cyber-Attack on an American City", Bruce Perens writes: "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities..." more

What Trump and Clinton Said About Cybersecurity in the First US Presidential Debate

The Internet and tech got very little mention last night during the first of three presidential debatest. The only notable exception was cybersecurity where moderator Lester Holt asked: "Our institutions are under cyber attack, and our secrets are being stolen. So my question is, who's behind it? And how do we fight it?" The following are the responses provided to the question by the two candidates. more

Information Warfare Publicly Admitted, No Longer Just a Tool for Espionage

Gadi Evron reporting today on Dark Reading: "A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however. The article describes several issues and that in my opinion confuses what matters..." more

Reality Check on Google-China Saga

Reporting over at Dark Reading, Gadi Evron writes: "We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked. Nobody knows for sure that it was China who attacked Google and the other affected corporations, and if they do, they are not saying so publicly. In fact, Google's CEO Eric Schmidt told Newsweek that he has no clear evidence, but invites us to draw our own conclusions." more

Lithuanian Government and Corporate Websites Attacked

Hundreds of Lithuanian government and corporate Web sites were hacked and plastered with Soviet-era symbols and other digital graffiti this week in what appears to be a coordinated cyber attack launched by Russian hacker groups, reports Brian Krebs of the Washington Post. According to reports, Lithuanian officials did not directly accuse Russian hackers of initiating the attacks which are said to have come from foreign computers. However, iDefense, a security intelligence firm, based in Reston, VA, as linked the attacks to nationalistic Russian hacker groups protesting a new Lithuanian law banning the display of Soviet emblems, including honors won during World War II. more

Global Threat to U.S. Cybersecurity a Major Concern, Says FBI

Shawn Henry, the newly appointed Assistant Director of FBI's Cyber Division has warned that "a couple dozen" countries are eager to hack U.S. government, corporate and military networks. Although specific details of countries in question were not discussed, reporters were informed during yesterday's meeting that cooperation with overseas law enforcements is of highest priority at FBI and so far there has been great success fostering partnerships. more

Industry Updates

DNS Hijacking: The Iranian Cybersecurity Threat That May Be Overlooked

Mitigating Phishing Attacks on Cloud/File Storage Services through Domain Reputation API

Mobile Apps Take the Lead, Scammers Follow

The Louisiana State Ransomware Attack: Enhancing Cyberdefense with Reverse IP Address Lookup

Using Threat Intelligence Feeds to Prevent Orcus RAT Infections

The Orvis.com Data Leak: A Short Investigation Using WHOIS Information

Post NordVPN Data Exposure: Using Domain Threat Intelligence to Prevent MitM Attacks

InterMed Breach: How Threat Intelligence Sources Help Maintain Domain Integrity

BriansClub & PoS Malware Attacks: How Threat Intelligence Solutions Help Prevent Payment Card Theft

Alleviating the Constant Clash Between DevSecOps and DevOps Teams

Cloud and IaaS DLP Woes: Is Additional Threat Intelligence a Solution?

Carpet-Bombing Attacks: A Rising Threat to ISPs

How Threat Intelligence Prevents Nameserver Takeovers and Their Far-Reaching Damage

Can Domain Blacklisting Be Avoided?

How to Stay Safe Against DNS-Based Attacks