1. Increase in crime, espionage and sabotage by rogue nation-states With the ongoing failure of significant national, international or UN level response and repercussion, nation-state sponsored espionage, cyber-crime and sabotage will continue to expand. Clearly, most organisations are simply not structured to defend against such attacks, which will succeed in penetrating defences. Cybersecurity teams will need to rely on breach detection techniques. 2. GDPR – the pain still to come The 25th of May, 2018 has come and gone, with many organisations breathing a sigh of relief that it was fairly painless. They’ve put security processes in progress and can say that…
ISBuzz Team
It’s being reported that St. Francis Xavier University in Nova Scotia, Canada has been targeted by cryptocurrency mining malware in a cyberattack that has forced the institution to shut down its entire network for the better part of a week as system administrators struggle to root out the malware. Known as “cryptojacking”, the practice has become recognised as a tool of choice for cybercriminals who are increasingly pivoting toward crypto technology to facilitate their activities. Don Duncan, Director at NuData Security: “In just the first quarter of this year alone coin miner malware rose by 629% to more than 2.9 million samples according to…
One and a half years after its epidemic, WannaCry ransomware tops the list of the most widespread cryptor families and the ransomware has attacked 74,621 unique users worldwide. These attacks accounted for 28.72% of all users targeted by cryptors in Q3 2018. The percentage has risen over the last year, demonstrating more than two thirds of growth against Q3 2017, when its share in cryptor attacks was 16.78%. This is just one of the main findings from Kaspersky Lab’s Q3 IT threat evolution report. A series of cyberattacks with WannaCry cryptor occurred in May 2017 and is still considered to…
The 2018 Abu Dhabi International Petroleum Exhibition & Conference (ADIPEC) will begin on Monday 12 November, bringing together 110,000 industry experts from across the globe. As leaders and decision makers assess the future of energy and discuss the role of technology within their vision, Skybox Security calls on the industry to take a unified approach to securing IT and operational technology (OT) network that align with the needs and goals of each environment. Last year, newly published vulnerabilities affecting OT saw a 120-percent increase over the previous year, according to Skybox Security’s 2018 Vulnerability and Threat Trends Report. For sectors like energy, manufacturing…
On October 25, Fortune 1000 company CNO Financial Group, Inc. submitted a report to the Office for Civil Rights’ Breach Portal at the U.S. Department of Health and Human services. The report revealed that the personally identifiable information of 566,127 people was accessed by an unauthorized party through a subsidiary of CNO, Bankers Life. This breach is the fifth largest incident added to the HIPAA Breach Reporting Tool this year. Security experts commented below on this report. Jonathan Bensen, Acting CISO at Balbix: “With the proliferation of devices, apps, and users coupled with more than 200 ways for adversaries to exploit and breach…
In response to the guilty plea received and accepted by the US DoJ by a Utah man (Twitter handle @DerpTrolling) who flooded the servers of gaming companies with DDoS attacks and whose victims included Sony Online Entertainment and whose sentencing will be set on March 1, 2019, a Corero expert offers perspective. Sean Newman, Director Product Management at Corero Network Security: “It’s rather eye-opening to see that a cybercriminal allegedly behind attacks on Sony, EA, and other gaming providers, almost five years ago, is only just being brought to justice. This certainly shows that you can’t sit back and do nothing with…
Following the news that the attacker behind DDoS attacks against Sony, EA and Steam has entered into a guilty plea in federal court, Sean Newman, Director Product Management at Corero Networks commented below. Sean Newman, Director Product Management at Corero Networks: “It’s rather eye-opening to see that a cybercriminal allegedly behind attacks on Sony, EA, and other gaming providers, almost five years ago, is only just being brought to justice. This certainly shows that you can’t sit back and do nothing with respect to DDoS protection and hope law enforcement will address this growing problem for you. It is, however,…
Following the news that a security researcher has announced a zeroday in Oracle’s VirtualBox virtualization software, Craig Young, security researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “The vulnerability is in the implementation of a virtual Intel E1000 compatible network adapter. The write-up demonstrates how an attacker with permissions to load Linux kernel modules in a Virtual Box guest environment can achieve low-privileged code execution on the host OS which can then be elevated to gain administrative access to the host. Anyone using Virtual Box for accessing untrusted content (malware analysts for example) should immediately review their machine profiles…
The ‘Who Knows What about Me?’ report from the children’s commissioner for England has outlined that today’s children are the first to be “datafied” from birth and internet giants and toy-makers need to be more transparent about the data they are collecting on children. It is not just up to the businesses that facilitate the digital-first world; the pressure should also be on parents as it is a joint responsibility to manage and protect our children’s digital identities and let them start their digital journey on a clean slate. A recent McAfee study, Age of Consent, also discovered that: Every year,…
Here are thoughts from two cybersecurity experts in response to recent news that the National Institute of Standards and Technology (NIST), an agency of the US Department of Commerce, has partnered with IBM to use AI to rate the severity of publicly reported cyber vulnerabilities. Gabriel Gumbs, VP of Product Strategy at STEALTHbits Technologies: “Applying AI, and in particular Watson to the scoring of vulnerabilities will be useful for keeping up with the increased NIST work load, however, I don’t foresee this addressing the issue of organizations still not patching their systems in time. In theory, the ranking of vulnerabilities helps prioritize which systems are patched…