Online trust is at the breaking point

IT security professionals around the globe believe the system of trust established by cryptographic keys and digital certificates, as well as the security of trillions of dollars of the 1000 bountyworld’s economy, is at the breaking point.

For the first time, half of the more than 2,300 IT security professionals surveyed by The Ponemon Institute now believe the technology behind the trust their business requires to operate is in jeopardy. 100% of organizations surveyed had responded to multiple attacks on keys and certificates over the last two years.

Research reveals that over the next two years, the risk facing every Global 5000 enterprise from attacks on keys and certificates is at least $53 million USD, an increase of 51 percent from 2013. For four years running, 100 percent of the companies surveyed said they had responded to multiple attacks on keys and certificates, and vulnerabilities have taken their toll.

“The overwhelming theme in this year’s report is that online trust is at the breaking point.

More on this available from Help Net Security by clicking here.

A matter of trust…

Whether it is business or personal, more and more human interaction is happening in an online environment. But, how do you know if you can trust the person on the other end of the connection? The simple answer is most people don’t.

Great article from Florida State 24/7

How corporate America can fight cybersecurity threats

Companies must also address the non-technological tools of cybersecurity. For example, current and former employees are the most frequently-cited culprits in cyber breaches. That’s Shuyuan in actionwhy companies at the forefront of tackling the problems are going beyond a compliance checklist approach to an information security approach. They are developing broader data governance policies and practices to protect sensitive information. Thus, rather than key in on defending themselves from external threats, these companies are developing and implementing policies for the creation, use, storage, and deletion of information.

See the whole article in Fortune Magazine by clicking here.

The stakes continue to rise…

An international hacking ring has stolen as much as $1 billion from more than 100 banks in 30 countries including Russia, the U.S. and China in what could be one of the biggest banking breaches ever. Hackers used phishing schemes and other methods to infiltriate the banks’ systems and lie dormant gathering information about bank operations. Then, they steal funds by transferring money to fake accounts and dispensing cash from ATMs, according to a report that Russian-based Kaspersky Lab is to present Monday at a security conference in Cancun, Mexico. “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” the lab’s Chris Doggett told The New York Times, which first reported on the incident. In one case, a bank lost $7.3 million through ATM fraud. In another case, a financial institution lost $10 million by the attackers exploiting its online banking platform. Most of the targets have been in Russia, the U.S., Germany, China and Ukraine. More from USA Today by clicking here.

Really – it only takes one minute to understand my research…

Mary in a minute

Coordinated cyber attacks on global critical infrastructure exposed

“We discovered the scope and damage of these operations during investigations of what we thought were separate cases,” said Stuart McClure, CEO of Cylance.

Through custom and publicly available tools that use, among other methods, SQL Injection, spear phishing, water holing attacks and hacking directly through public websites, the attackers have been able to extract highly sensitive and confidential materials and compromise networks with persistent presence to such a severity that they have control over networks of victims in 16 countries.cleaver_logo

The targets belong to five groups:

Oil and Gas/Energy/Chemical – Targets discovered include a company specializing in natural gas production, electric utilities organizations, as well as a variety of oil and gas providers. This group was a particular focus of the hackers.

Government/Defense – Targets discovered include a large defense contractor and major U.S. military installation. Cylance can confirm one of those targets was San Diego¹s Navy Marine Corp Intranet, where unclassified computers were hacked.

Airports/Transportation – Targets discovered include airports, airlines, automobile manufacturers, as well as transportation networks. The most concerning evidence collected was the targeting and compromise of transportation networks and systems such as airlines and airports in South Korea, Saudi Arabia and Pakistan.

Telecommunications/Technology – Targets discovered include telecom and technology companies in several countries.

Education/Healthcare – Targets discovered include multiple colleges and universities, often with an emphasis on medical schools. Large amounts of data on foreign students have been taken, including images of passports and social security cards.

See the whole article from Help Net Security by clicking here.

Inside the “wiper” malware that brought Sony Pictures to its knees

An FBI “Flash” released earlier this week provides a fascinating window into the recent super-hacking attack that could be considered a harbinger of next-generation cyber-crime and cyber-warfare

“The malware used in the attack, which has been described by a Sony spokesperson as “very sophisticated,” is almost certainly the same as that identified in the FBI memo. That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers—and files named for key Windows components to do most of the dirty work of communicating with its masters and wreaking havoc on the systems it infects.

While the FBI memo provided a means to detect the “beacon” message used by the malware to communicate back to the command and control (C&C) servers used by the attackers who planted it, that information by itself may not protect targeted organizations. That’s because the malware only begins to broadcast back to the C&C servers once it’s been launched—and deletion of data on the targeted network has already begun.”

Read the entire article at ARS Technica

Big Data will Revolutionize Cyber Security

Organizations are increasingly exposed to a large number and variety of threats and risks to cyber security. Big Data will be one of the main elements of change by supplying intelligence-driven models.

Research firm Gartner says that big data analytics will play a crucial role in detecting crime and security infractions. By 2016, more than 25 percent of global firms will adopt big data analytics for at least one security and fraud detection use case, up from current eight percent.

Avivah Litan, vice president and distinguished analyst at Gartner said big data analytics enables enterprises to combine and correlate external and internal information to see a bigger picture of threats against their enterprises. It is applicable in many security and fraud use cases such as detection of advanced threats, insider threats and account takeover.

More from Cloud Times by clicking here

70% of US energy companies expect a cybersecurity attack in the next year

Energy companies in the US were hacked 79 times last year according to a survey by ThreatTrack Security.

The survey found that 35% of respondents reported endpoints on their network had been infected by malware that evaded their defenses during the last 12 months.

Moreover, 58% of respondents cited the complexity of malware as the most difficult aspect of defending their organization.

Of all respondents, 61% of energy companies said email is the biggest threat vector to allowing malware onto their systems.

More from by clicking here.


The language of deception…

We hear anywhere from 10 to 200 lies a day. And although we’ve spent much of our history coming up with ways to detect these lies by tracking physiological changes in their tellers, these methods have proved unreliable. Is there a more direct approach? Noah Zandan uses some famous examples of lying to illustrate how we might use communications science to analyze the lies themselves.

Spend five minutes watching this great Ted-Ed lesson by clicking here.