In September 1996 New York City’s original Internet Service Provider, Panix, was hit by a SYN flood denial of service attack that took the company offline for several days. At a time when only 20 million Americans were online this was one of the first high profile examples of how fragile internet infrastructure could be.
Fast forward 20 years and businesses and individuals are now hugely dependent on the Internet services they both offer and use, and the primary threat to the availability of those Internet is the distributed denial of service (DDoS) attack. DDoS attacks have evolved consistently over the last 20 years and have moved from being a curiosity, to a nuisance, and, now, to a serious business continuity risk.
A website run by the Nevada state government has been pulled offline after it was discovered a vulnerability was leaking personal details of thousands of people applying to sell medical marijuana.
Nevada's Department of Health and Human Services confirmed that the personal details -- including addresses and social security numbers -- of more than 11,000 applicants were accessible by simply typing in the correct URL.
In the past year we’ve already seen the Internet of Things used to carry out cyber attacks, and many experts are predicting that this is a problem that will grow in coming months.
Given that many people may have acquired new IoT devices over the holiday period, financial advice website RefiGuide has put together a timely infographic looking at the risks IoT devices can pose and what you can do to protect yourself.
Earlier in the year, a huge DDoS attack was launched on Krebs on Security. Analysis showed that the attack pelted servers with 620 Gbps, and there were fears that the release of the Mirai source code used to launch the assault would lead to a rise in large-scale DDoS attacks. Welcome Leet Botnet.
In the run-up to Christmas, security firm Imperva managed to fend off a 650 Gbps DDoS attack. But this was nothing to do with Mirai; it is a completely new form of malware, but is described as "just as powerful as the most dangerous one to date". The concern for 2017 is that "it's about to get a lot worse".
An impressive and user-friendly digital presence is an indispensable asset to any brand. It is often the first point of contact for customers who expect and demand great functionality and engaging content across multiple platforms. The finding that nearly half of us won't wait even three seconds for a website to load bears witness to ever increasing customer expectations which must be met.
Partnership with a digital agency can be a great way to keep up to speed with rapid change and innovation, but, to ensure the very best outcome, both client and agency need to find an optimum commercial, creative and secure cultural fit. This should be a priority for both sides from the very first pitch. The promise of exceptional creativity and customer experience is one thing, but considering the more practical aspects of how the relationship will work is entirely another.
Threat intelligence is a popular topic in security circles these days. Many organizations are now using a threat feed that comes bundled with some other security product, such as McAfee’s GTI or IBM’s X-Force feeds. Lots of products, notably SIEMs, have added support for some sort of integration with specific threat intelligence feeds or more generic imports via STIX/TAXII. With many now hoping to take advantage of the large number of open source and free intelligence feeds available. Some are even investing in commercial intelligence feeds.
However, as many organizations quickly discover, without effective management of the threat intelligence lifecycle, making effective use of this valuable information is nearly impossible. Today, an organization has two choices for managing threat intelligence, these are to deploy a threat intelligence management platform, or a manual in-house management program. The steps required to set up a manual threat intelligence lifecycle program will be outlined below for those who prefer this approach.
Compliance with requirements and regulations is an ongoing challenge for businesses. In the cyber security space, the threat environment is constantly changing, and organizations have to meet some 500-600 different regulations and laws, as Internet of Things (IoT) devices proliferate and new, massive Distributed Denial of Service (DDoS) attacks are seen on a near-daily basis. As technology continues to evolve with such innovations as cloud computing and Big Data, security professionals are on a never-ending quest to stay up to speed on security controls and best practices.
It’s no secret that cyber security issues have increased in prominence and seriousness over the past several years. Starting with the infamous Target data breach, organizations are becoming more and more aware of potential risks they face as well as becoming more quick to adapt to changing risks, regulations, laws and situations. As we’ve seen regulatory changes happen almost overnight, it has become essential for organizations to have a reliable process for ensuring their compliance management is up to speed, as well as a system of checks and balances to prove it. For companies, especially those operating in highly regulated industries such as finance and healthcare, the challenge to stay up to date is even more paramount.
Security has never been a more pressing issue for businesses than it is now. Mobile working, the proliferation of increasingly sophisticated, connected devices, and the growing number of applications relied upon by the modern enterprise all represent potential risks that weren’t apparent in generations past.
There is a growing fear about the level of damage that cyberattacks could bring, so much so that the United Kingdom has launched a £1.9bn National Cyber Security Strategy to prevent such attacks.
The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate.
The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest". This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one. EWG goes on to urge congress not to do anything to weaken encryption.
Hackers are having a moment. As high-profile breaches have become the norm over the last few years, more and more enterprise organizations have turned to bug bounty programs. As a result, the idea of hacking for good has finally begun to resonate with the general public. This rise in popularity has inspired many, from aspiring hackers to seasoned security professionals, to join the hunt and seek out bug bounty programs to "hack on".
As an information security professional by trade and a hacker by heart, I’ve had years of experience hacking for good. From my days as a penetration tester and security leadership roles at HP Fortify, Redspin and Citrix to hacking on bug bounty programs of all sizes, I have spent my life hacking for good -- much of this experience has been hacking on bug bounty programs.
The web-enabled generation has become increasingly reliant on technology for everyday activities. Cloud services, social networks, web extensions, plug-ins and online games, are all growing in popularity and as such, are replacing desktop applications. This heightened use of mobile web-browsers has opened the back door to cybercriminals, who now have new channels to implement browser-based attacks, spread malware and maximize infection campaigns.
According to the Crime Survey for England and Wales published this October by the UK's Office for National Statistics (ONS), the official crime rate all but doubled in the year ending June 2016 after the inclusion of online crime figures for the very first time. In fact, card fraud was cited as the most common crime in the UK. John Flatley, head of crime statistics and analysis at the ONS, stated that members of the public are now 20 times more likely to be a victim of fraud than of robbery.
The Numbers Are Soaring!
On a day that we expect to see the repeal of North Carolina's controversial passage of House Bill 2, which cost the state millions of dollars in lost revenue thanks to performers cancelling concerts, businesses moving out and the NBA changing the venue for its All-Star game, we have one more state looking for a problem where one doesn't exist.
A representative in the state of South Carolina wishes to place a porn block on all new computers sold within its boundaries.
When Apple announced that Mario was making his way to iOS, there was much rejoicing. But the excitement soon gave way to disappointment for several reasons. Firstly there was the price, with many feeling $9.99 was just too much to ask for what is, ultimately, a very basic, one button platformer.
Next there's the complaint that Super Mario run requires constant access to the internet -- many users have also grumbled that the game has eaten through large chunks of their monthly data allowance. Nintendo may have made a pretty penny from sales of the title in the first few days, but the company's share price has tumbled. On top of this, just as it happened with Pokémon Go, the initial success of the game is being used to push malware at users.
Christmas is a time of goodwill and it seems that the people behind the CryptXXX ransomware aren't immune as they're offering a seasonal discount for victims who intend to pay up.
Researchers at data security company Forcepoint have discovered that where previously, victims infected with CryptXXX, also known as UltraCrypter were asked for a payment of 1.2 Bitcoin, in keeping with the season of goodwill, the cyber criminals are now offering decryption at a Christmas discount.