Cyberattack

Cyberattack / Most Viewed

Security Experts Criticize Obama's New Cybersecurity Plan, Say It's Full of Holes

Despite being a respectable start, security experts call the report overheated and "clear as mud"... while many experts applaud this new focus as vital to protecting critical U.S. infrastructure and economic institutions, some analysts have noted that the report fails to answer many key questions, contains a number of inconsistencies and possible inaccuracies, and generally exaggerates the threat to the country. "It's a plan for a plan," said O. Sami Saydjari, chairman of the Professionals for Cyber Defense. "Given how bureaucracies work, they tend not to come up with bold plans in 60 days. The hard problems have yet to be grappled with." more

Reported Cyberattack Against Israel Only Ransomware to Regulatory Body, Electric Grid Not In Danger

Ransomware via a phishing attack was sent to Israel Electric Authority, not the power grid, as was heavily reported in mainstream media today. According to a cyber analyst in Israel (Eyal Sela) the media reporting so far is misleading with regards to the context around the incident, reports Robert M. Lee of SANS Institute. more

Over Half of Critical Infrastructure Providers Report Politically Motivated Cyber Attacks

A recent study released today suggests 53 percent of critical infrastructure providers have experienced what they perceived as politically motivated cyber attacks. According to Symantec's 2010 Critical Information Infrastructure Protection (CIP) Survey, participants claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses. more

U.S. Senate Modernizes Cyber-Crime Laws

The U.S. Senate has passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks, reports Brian Krebs of The Washington Post. "Under current federal cyber-crime laws prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. Under the bill approved today, that threshold would be eliminated." more

We Must Avoid Cyber Crisis Equivalent to Current Financial Crisis, Urge Experts

Cybercrime is likely to wreak as much havoc as the credit crisis in the coming years if international regulation is not improved, some of the world's top crime experts said on Wednesday. Damage caused by cybercrime is estimated at $100 billion annually, said Kilian Strauss, of the Organization for Security and Cooperation in Europe (OSCE). more

Last Quarter Saw a Surge in the Number of Bot-Infected PCs

Security experts warn that there has been a threefold increase in the number of hijacked 'zombie' PCs over the last quarter. Brian Krebs reporting on WashingtonPost: "The estimates come from Shadowserver, a group of volunteers that monitor activity from robot networks or 'botnets,' large armies of hacked personal computers used for spam, phishing and all kinds of criminal activity. Shadowserver saw a rise from roughly 100,000 botted PCs to about 400,000 over the past three months." The apparent increase may be partly due to Shadowserver's deployment of more sensors detecting botnet attacks however it is also noted that criminals are getting more advanced at hiding bots. more

Obama Urged to Appoint Cybersecurity Chief in White House

A committee of cybersecurity experts today released a 96-page report detailing recommendations for the next administration on how to combat the growing number of criminal attacks aimed at government networks. Creating a National Office for Cybersecurity within the White House is chief among the report's recommendations. A top cybersecurity official would help coordinate a national strategy among agencies, and would also work with the private sector to boost defenses against hackers, according to the report. more

Schneier: "Someone Is Learning How to Take down the Internet"

"Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet," wrote renowned security expert, Bruce Schneier, in a piece published in Lawfare. more

Hackers Stole Info on $300B Fighter Jet Program, US Defense Secretary Responds on 60 Minutes

Defense Secretary Robert Gates said Tuesday that the United States is "under cyber-attack virtually all the time, every day" and that the Defense Department plans to more than quadruple the number of cyber experts it employs to ward off such attacks. In an interview for an upcoming edition of 60 Minutes, CBS News anchor Katie Couric asked Gates about the nation's cyber security after hackers stole specifications from a $300 billion fighter jet development program as well as other sensitive information... more

U.S. Military to Spend $4.4M on Network Monitoring Upgrades in Wake of Sophisticated Cyber Attacks

BBN Technologies, an advanced technology solutions firm, has been awarded $4.4 million in funding from the Defense Advanced Research Projects Agency (DARPA) for a Scalable Network Monitoring program. "Scalable networking monitoring has become necessary as cyber attacks have grown more subtle and sophisticated," says BBN's announcement. "New technologies and applications provide new attack routes and have made traditional signature-based and anomaly detection-based defensive measures inadequate in both speed and sensitivity. To be effective in today's networks, detection algorithms must operate quickly, efficiently, and effectively in large, content-rich environments. To meet this challenge, the BBN team will develop a complete solution that is intrinsically scalable, designed for ultra high-speed deployment, and produces events that can be correlated with other network events to provide true positive alerts." more

Cybersecurity Improvement Needs Partnership Not Regulation, Says Industry Group

The market-based, voluntary approach that the Bush administration has used to encourage companies to improve cybersecurity is not sufficient and the incoming Obama administration should form a cybersecurity social contract with industry based on economic incentives, according to a new report by Internet Security Alliance (ISAlliance). ISAlliance has released a report suggesting a cybersecurity social contract through which government would encourage and reward corporations by potentially working cybersecurity into procurement and loan processes, along with possible awards programs that could be used as marketing advantages. more

U.S. and China Negotiating Cyeberwarfare Control Deal

United States and China are in negotiation to establish a cyberattack agreement, according to reports. If successful, it "could become the first arms control accord for cyberspace, embracing a commitment by each country that it will not be the first to use cyberweapons to cripple the other's critical infrastructure during peacetime," reports David Sanger in the New York Times. more

Washington Debates: When is a Cyberattack an Act of War?

Cyberattacks against Georgia have started debates in Washington on whether the laws of war apply in cyberspace, Siobhan Gorman reports in the Wall Street Journal today. "Cyberweapons are becoming a staple of war. The Georgian conflict is perhaps the first time they have been used alongside conventional military action. Governments and private cyberwarriors can exploit Internet security gaps to not only take down government Web sites but also take control of power grids and nuclear reactors." One key deciding factor, according to one expert in the report, is whether the tools of cyberattacks are weapons? more

UK Hospitals Forced to Cancel Appointments, Operations Over Cyberattack

Appointments and operations at three hospitals in the United Kingdom have been canceled due to a cyberattack on the computer network lasting five days. more

F-Secure Third Security Vendor Attacked in One Week

A Romanian hacker site said on Wednesday it was able to breach the website of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week. F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity." more

Industry Updates