Cybercrime

Europe is being urged to set up its own international cybersecurity agency to tackle the growing threat posed by cyberattacks. Jose Luiz Gilperez, security chief at Telefonica, said that cyberthreats have developed in recent years to pose just as significant a danger as physical threats.

Of particular concern is a fundamental change in the types of individuals perpetrating cyberattacks. While the stereotypical image of the lone hacker may have held true in the past, cyberattacks are now being carried out by hacking collectives, gangs of organized criminals or even national governments. Gilperez stressed that in order to counter this new threat, cybersecurity must become "a matter of business, and a matter of states".

PandaLabs, the malware research arm of Panda Security has released its latest quarterly security report revealing a wave of cyberattacks where the security and information of various governments has been compromised.

The company has detected a growing interest between countries in compromising the security and information of different governments. With that in mind, one of the most important attacks during this period was against the Hacking Team, which controls a multitude of cyberespionage and cyberattack tools for various governments around the world.

The number of "serious" cyber-attacks against the UK has doubled in just a year, BizTek Mojo reported on Tuesday, saying the company responded by forming a cyber-security academy to tackle the issue.

According to the report, GCHQ says there are, in average, seven serious threats faced by the country each day, and just last month it recorded 200 attacks, including state-sponsored assaults.

The recent cyber-attack on TalkTalk has reinforced a common perception that cyber-attacks are the work of shadowy figures operating from bedrooms or basements, attempting to mimic the work of James Bond’s arch rival, Spectre. The reality -- and a lesser known fact -- is that the majority of attacks (55 percent) involve insiders.

These insider-inspired attacks may not grab the headlines in the same way as attacks by 15 year-olds do -- in fact for obvious reputational reasons, they rarely make the newspapers at all -- but they do give the IT departments of the organizations that have suffered the attack just as big a headache.

Security analysts can struggle to cope with the large volumes of alerts generated by multiple security tools. This can make it hard to distinguish anomalies from genuine malicious actions.

To provide organizations with additional context and more accuracy to detect malicious attacks, even those that originate internally, security analytics specialist Niara is launching a new version of its platform to deliver user and entity behavior analytics (UEBA) on network packet and flow data, in addition to log data.

Just as sharing floppy disks in the 1990s carried the risk of infecting your PC with a virus, so sharing USB flash drives carries the same risk today. Fortunately you can easily protect against that kind of threat by disabling autorun and also installing a decent anti-virus program.

However, a Russian security expert has created a new, far more dangerous USB stick, which doesn’t carry a virus, but rather a deadly charge of power which can fry any device with a USB port in a matter of seconds.

A longtime reader and good friend of mine sent me a link this week to a CNBC story about the loss of fingerprint records in the Office of Personnel Management hack I have written about before. It’s just one more nail in the coffin of a doltish bureaucracy that -- you know I’m speaking the truth here -- will probably result in those doltish bureaucrats getting even more power, even more data, and ultimately losing those data, too.

So the story says they lost the fingerprint records of 5.6 million people! Game over.

John McAfee was once a fugitive. He has now said that he will be running for the US presidency in 2016. He tweeted that he will be making an official announcement at 6pm ET on September 10.

According to NBCNews, McAfee will be running for presidency as a third-party candidate under a newly created party called the Cyber Party, mainly because of the fact that McAfee has been recently providing valuable insights into many different global hacking scandals and internet surveillance.

Cyber insurance is an important element for companies as it covers the damage and liability caused by a hack, which are usually excluded from traditional liability coverage.

Stricter data privacy notification laws, government incentives, cloud adoption and the increase in high-profile hacks and data breaches have all contributed to the significant increase in the number of companies offering and buying cyber insurance.

No less an authority than colorful cybersecurity pioneer John McAfee firmly believes that the now infamous hack of the US-based Ashley Madison sex-cheating website was an inside job.

Statistically, this is extremely likely to be the case for most cyber security breaches. KCS’ own research shows that 80 percent of corporate cybercrimes can be traced to staff, and this figure is increasing. This can be the result of deliberate cybercrime or it could be that the staff member has been careless with their personal log-in details.

Whilst it's the hacks and the data breaches and the information thefts that grab the headlines, no one ever mentions the technology that lies behind them.

Where do the bad guys host their malware and where do they keep their stolen information? Like any legitimate online businesses, cybercriminals need a reliable, high availability hosting infrastructure.

Organized criminal gangs (OCGs) are increasingly using software services of the type more usually associated with legitimate corporations to grow their operations. By offering malware-as-a-service, OCGs are employing business models similar to those developed by legitimate companies in order to extend their global reach.

The companies providing the software used by OCGs to break into organizations’ IT systems, commonly called malware, now employ business models frequently comprising a revenue stream, a budget, market researchers, a global pool of developers, software quality assurance and testing, help desk support, and even money-back guarantees. This process is now being referred to as the industrialization of cyber crime.

Last month IBM launched its X-Force Exchange opening up access to threat intelligence data to help in the fight against cybercrime.

With 80 percent of cyber attacks now coming from organized gangs it's important that the good guys get organized too. IBM has announced today that more than 1,000 organizations across 16 industries are participating in the new threat intelligence community.