News broke yesterday that Hong Kong based Bitcoin exchange Bitfinex fell victim to a DDoS attack, following the SEC warning to investors to ask exchange providers about ‘substantial risks of theft or loss, including from hacking’ in a warning on cryptocurrencies. Igal Zeifman, Security Evangelist at Imperva commented below. Igal Zeifman, Security Evangelist at Imperva: “As the bitcoin price continues to fluctuate, we anticipate continued attacks. As we found in Q3, these types of network assaults overall grew more persistent as an alarming number of attacks escalated over 100Mpps. And in Q3 2017, we saw attacks targeting a relatively high number of cryptocurrency exchanges and services. This…
ISBuzz Team
Researchers at the University of California are reporting that one percent of all websites have been hacked over the previous 18 months. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “The recent University of California San Diego study reports what most enterprise IT professionals already know: website security standards are weak. In today’s dynamic digital environment, not only do traditional security tools fail to keep up but also security standards and best practices are woefully out of date. As a result, general security practices are ineffective against emerging threats. The best defense is applying…
The Hacker’s Playbook Findings Report* reveals that cybercriminals are able to break into enterprise networks with malware on average 60% of the time. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “Malware penetration during targeted cybersecurity attacks are this high for a couple of reasons. The first is the massive number of attack vectors for more sophisticated malware to compromise. It is simply impossible to prevent every attack. The second is that hackers have gotten very good at crafting convincing phishing emails. Millions of records of personally identifiable information (PII) have been stolen and sold on…
According to research published today by Paul Bischoff, privacy advocate for Comparitech.com, most top VPN applications can leak data during day-today use, despite their claims to the contrary. VPNs are used to improve users’ security and privacy by offering a safe, encrypted connection over a less secure internet network, but even ones that claim to use leak protection and kill switches were found to be leaky. A handful of the top VPNs were put through the test using the (now freely available from GitHub) ExpressVPN Leak Testing Tools. Some key findings from the research include: Slightly more leaks were detected…
Blockchain will evolve from beyond its application in finance and serve its purpose in government for identity, access to services and elections. Frederic Kerrest, COO & Co-Founder of Identity Specialist at Okta commented below. Frederic Kerrest, COO & Co-Founder of Identity Specialist at Okta: “Blockchain, the technology behind Bitcoin, was made popular on the dark web, but its ability to decentralise the storage of transactions and make information almost impossible to destroy has piqued the interest of financial institutions. Going into 2018, we’re seeing speculation regarding blockchain’s use cases beyond finance — particularly around its potential for government, and whether or not blockchain…
A recent survey conducted by a software industrial company indicated that a number of industrial companies are not taking cybersecurity seriously enough. The “Putting Industrial Cyber Security at the Top of the CEO Agenda” survey, that was conducted by Honeywell in collaboration with LNS Research, included responses from 130 strategic decision makers from industrial companies across North America, Europe, and other parts of the globe. Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “This survey highlights the urgent need for critical infrastructure operators to overhaul their cybersecurity processes and technology as soon as possible based on…
According to the 2016 Verizon Data Breach Incident Report, the vast majority of cyberattacks were successful due to individual error. For example, 63 percent of breaches leveraged weak, default, or stolen passwords, and 12 percent of breaches involved clicking on a malicious link or attachment. Left uninhibited, employees will behave how they choose when they are online: interacting with corrupted links and downloads, dispensing sensitive usernames and passwords, and connecting with strange people and networks with abandon. Often, because employees are not using their own devices and networks, they are less concerned about such risky practices. Unfortunately, this behavior seriously…
Follow the news that Russian hackers stole $10M from banks by infiltrating ATM networks, Stephan Chenette, CEO at AttackIQ commented below. Stephan Chenette, CEO at AttackIQ: “Most organizations have put security controls in place to prevent attackers from breaching and exploiting high value target systems such as SWIFT and ATM networks. In many cases, misconfigurations in these security controls and logging mechanisms create protection failures that allow adversaries to gain access to these critical systems without the owner finding out in a timely manner. We have entered a new phase of cyber requiring organizations to validate their security controls on a continuous basis. Because ultimately, the…
A new report from CA Veracode* reveals a lack of understanding of cybersecurity by CEOs who do not seem to address cybersecurity unless they are forced to. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “Board members and organizational leaders are fundamentally driven to deliver higher profits for the company and shareholders. For the board and CEO to act, the money spent on improving cybersecurity must have a tangible return on investment (ROI). Company leaders will not invest more into cyber security defense because the volume of incidences in the news has led many executives to…
Wide spread cryptocurrency mining Cryptocurrency mining will become one of the major monetisation avenues for attackers as more and more attacks and malware include mining functionality to generate revenue. In particular a focus will be on in-browser mining that will be the result of website attacks. A simple few lines of Javascript can cause visiting browsers to ‘mine’ cryptocurrency while on the affected sites. This is occurring now, but isn’t as widespread as it likely will be next year. An increase in DDoS attacks The return of mega DDoS attacks via IoT powered botnets is likely in 2018. These have…
