more

now browsing by tag

 
 

Ports to #spend more on #cybersecurity as #digital #investments rise

Source: National Cyber Security – Produced By Gregory Evans

If there was one positive effect of the string of cyberattacks the world witnessed in 2017, it was that a clear message was sent: cybersecurity is no longer an option for supply chain professionals. In fact, it may even be up to those professionals to ensure cyber resilience.

Cyber risk is unlike any other digital threat previously left to the IT department, because it requires participation from every person, and every link in the value chain. Most companies today rely on third-party SaaS providers for pivotal business functions, and these maintain valuable and proprietary data. If this indirect supplier, however, is not secure — neither is the buyer.

The most recent disruption from a cyberattack sheds valuable insight upon the importance of security to ports. A.P. Moller – Maersk’s systems were attacked in June, costing the company up to $300 million and completely shutting down the carrier’s fully automated port terminal in Rotterdam. That same attack also targeted FedEx, which suffered days of disruptions to its TNT Express network, impacting European supply chains.

Previously, carrier and port provider choices were made mainly on cost or lead time advantages. But, when considering various service providers, procurement professionals also consider risk. Labor disruptions have led shippers to reconsider their options in the past, will cyberattacks do the same?

The post Ports to #spend more on #cybersecurity as #digital #investments rise appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Chinese #Hacking Efforts More #Strategic, Less #Noisy

Source: National Cyber Security – Produced By Gregory Evans

Chinese #Hacking Efforts More #Strategic, Less #Noisy

Chinese hackers, once some of the most careless and noisy hackers around, have become very careful and much more strategic at choosing the targets they go after.

The prototype of the Chinese hacker is well documented in the cyber-security industry. Chinese actors hack whatever they can, grab whatever they can, and sift through the data after the fact.

They also don’t care about stealth, rarely hide their tracks, and operate based on a set of general instructions that trickle down through a convoluted network of state agencies and private companies.

Nation-state cyber operations have been going on since the mid-90s, but it was only after the appearance of Chinese actors in the early 2000s that people started to pay more attention to the world of cyber-espionage.

While Russian and US groups were focusing on carrying out secret operations, putting most of their efforts in remaining hidden, Chinese hackers came like a flood and drove a truck through the front door with no regard to getting detected.

In fact, the term APT (advanced persistent threat) that is now used to describe hacker groups believed to be operating at orders and under the protection of local governments, initially stood for Asia-Pacific Threat, mainly because of the onslaught of Chinese hacks at the start of the 2000s.

US-China pact had a temporary effect on Chinese hacking operations

Their clumsiness and noisy actions eventually landed China at odds with the US, and political tensions rose so much that in the autumn of 2015, Chinese and US authorities had to meet and sign a mutual pact where neither government would “conduct or knowingly support cyber-enabled theft of intellectual property.”

The pact effectively limited nation-state hacking between the two countries to intelligence gathering operations only.

This agreement had an immediate result and after six months, cyber-security firm FireEye noted that the pact and a series of military reforms had visibly slowed down’s China’s cyber-espionage operations.

In reality, Chinese hackers didn’t stop hacking, but just started choosing their targets more carefully.

Chinese hackers become more careful

Instead of driving a truck through the front door, Chinese hacker groups started to pick locks and operate in the shadows.

For example, the clever hack and poisoning of the CCleaner app is believed to have been carried out by a Chinese APT codenamed Axiom. And let’s not forget the well-planned hacks of cloud providers so Chinese hackers could silently reach into organizations’ internal networks.

“There was indeed a decrease in activity of Chinese APTs following the pact,” Tom Hegel, Senior Threat Researcher at 401TRG, told Bleeping Computer.

“They became more strategic and operate with improved tactics since then,” Hegel added. “They were once very noisy with little care for operational security. These days it’s more strategically controlled.”

Three reports detail new Chinese hacking operations

This is why it’s so rare and most likely a coincidence that we’ve seen three reports released in the past two weeks describing various cyber operations, all linked to China.

“I personally wouldn’t say these reports are a resurgence [of Chinese hacking activity], but rather a continued increase in public reporting and identification,” Hegel said.

The first of these three new reports detailing Chinese APT activity was published last week by RiskIQ. The report details a new remote access trojan named htpRAT that was used against various targets in Laos.

The RAT comes with the ability to log keystrokes, take screenshots, record audio and video from a webcam or computer microphone, install and uninstall programs and manage files. Infrastructure reuse links the group behind this malware with PlugX, the decade-old favorite malware of multiple Chinese APTs.

A second report was released yesterday by Pwc’s cyber-security division. The report highlights new activity from a Chinese APT known as KeyBoy [1, 2], previously dormant for around four years.

The report also highlights a new RAT that can take screenshots, exfiltrate files, and download and run other malware. While previously the group targeted Taiwan, Tibet, and the Philippines, the group is now going after Western organizations. Parys says the group appears to currently be interested in corporate espionage.

Last but not least we have Check Point’s revised report on the IoT_Reaper botnet. New evidence reveals that command and control domains used by Reaper botnet were registered with an email address that is connected to the Black Vine Chinese APT, the group that breached health insurance provider Anthem in 2015.

It’s still a mystery why a cyber-espionage group would be building an IoT botnet. Some could say the group is creating a tool that could be used to launch DDoS attacks against targets the Chinese government would like to silence. Another theory is that Black Vine would use the botnet as a layer of proxies to hide future operations.

All in all, we’re seeing both a curb and maturation of Chinese hacking efforts, some of which can be attributed to the military reforms enforced by President Xi Jinping after he took power in 2012 when he said that government and military elements should stop using state resources for their own agendas.

The post Chinese #Hacking Efforts More #Strategic, Less #Noisy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Millennials are more aware of #cyber risks yet are ‘alarmingly’ careless #online. What gives?

Source: National Cyber Security – Produced By Gregory Evans

Millennials are more aware of #cyber risks yet are ‘alarmingly’ careless #online. What gives?

Millennials are more aware of cybersecurity careers than they were four years ago and believe that cyber attacks influenced the 2016 presidential election, and yet they’re not interested in pursuing cyber professionally and exhibit careless online habits in their everyday lives.

No, this is not the head-scratching dichotomy of the latest viral video from Simon Sinek explaining this either self-absorbed and entitled or passionately idealistic generation — it depends on whom you ask — born between 1981 and 1997. Rather, the insights are from a new survey from Raytheon Co.’s Intelligence, Information and Services business unit, based in Dulles, along with the National Cyber Security Alliance and Forcepoint, an Austin, Texas-based cyber company owned by Raytheon.

The annual study, in its fifth year, captures what the companies call “alarming” trends among millennials when it comes to cybersecurity. And why does a $24 billion gov-con giant like Waltham, Massachusetts-based Raytheon (NYSE: RTE) care?

Because “the demand for skilled cyber talent has become a national security issue,” Dave Wajsgras, president of the company’s Intelligence, Information and Services division, said in a statement. “While great strides have been made to increase millennial awareness in the cybersecurity profession, there is still work to be done.”

Indeed, hacks and breaches seem to grow more damaging and widespread by the day. At the same time ISACA, a nonprofit information security advocacy group formerly known as the Information Systems Audit and Control Association, predicts there will be a global shortage of 2 million cybersecurity professionals by 2019.

Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cybersecurity-related roles, according to cybersecurity data tool CyberSeek. For every 10 cybersecurity posts that appear on careers site Indeed, only seven people even click on one of the ads, let alone apply, according to Forbes.

Opinion research firm Zogby Analytics independently conducted the Raytheon survey, polling 3,359 young adults ages 18-26 in nine countries: Australia, Germany, Jordan, Poland, Qatar, Saudi Arabia, United Arab Emirates, United Kingdom and United States.

Some of the survey’s findings are encouraging, showing rising cyber awareness and engagement among millennials:

  • 34 percent of U.S. survey respondents (37 percent globally) said a teacher discussed cybersecurity with them as a career choice, up 21 percent from the number of respondents who said a career in cyber had been mentioned to them by a teacher, guidance or career counselor in 2013.
  • 51 percent of U.S. respondents (52 percent globally) said they know the typical range of responsibilities and job tasks involved in the cybersecurity profession, up from 37 percent in the U.S. in 2014.
  • Globally, 46 percent of men have met or known someone studying cybersecurity at the high school, university or graduate level.
  • 71 percent of young adults surveyed think it’s their responsibility to keep themselves secure online rather than relying on the government, commercial companies or other individuals.

At the same time:

  • Globally, only 38 percent of millennials were willing to consider a career in cybersecurity. That percentage is unchanged from 2016.
  • Only 26 percent of women globally have met or known someone studying cybersecurity at the high school, university or graduate level.
  • Globally, 63 percent click on links even if they aren’t sure the source of the link is legitimate.
  • The proportion of U.S. young adults who share passwords with non-family members nearly doubled from 23 percent in 2013 to 39 percent in 2017 (42 percent globally this year).
  • 74 percent reported using unsecured public Wi-Fi today in the U.S. as a matter of convenience even though the security risks are well documented, up from 66 percent in 2013.

“We need to be providing the tools for this generation to take action and embrace safe online practices,” Michael Kaiser, executive director of the National Cyber Security Alliance, said in a statement. “We also need strong role models – including parents, teachers, colleagues, and friends – to help improve cyber practices nationwide and encourage the pursuit of cybersecurity careers among young adults.”

 

The post Millennials are more aware of #cyber risks yet are ‘alarmingly’ careless #online. What gives? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why We Need to Worry More Than Ever About Getting Hacked

Source: National Cyber Security – Produced By Gregory Evans

The narrative around hacking has changed. Thanks to the proliferation of high-profile hacks in recent years, we’re no longer asking ourselves, “What if?” Now, the question is, “When?” After all, if a powerhouse with unlimited resources like HBO is vulnerable to a hack, surely anyone is susceptible. It can be…

The post Why We Need to Worry More Than Ever About Getting Hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

European Commissioner Calls For More Collaboration In Cyber Security

Source: National Cyber Security – Produced By Gregory Evans

“Earlier this week at the CyberSec European Cybersecurity Forum in Poland, Julian King European commissioner for the security union called for increased collaboration in defending against cyber attacks after revealing more than 4,000 ransomware attacks have taken place every day across the EU since 2016. This comes as no surprise…

The post European Commissioner Calls For More Collaboration In Cyber Security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens

Source: National Cyber Security – Produced By Gregory Evans

A cybersecurity firm has announced hacking tools linked to the US National Security Agency are being exploited by cybercriminals. NSA-linked hacking tools are being used by cybercriminals in efforts to remotely steal money and confidential information from online banking users, according to researchconducted by cybersecurity firm Proofpoint. Proofpoint researchers discovered two different banking trojans in the wild, with computer…

The post WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Colorado Springs police estimate more than 100 victims of alleged identity thief

Source: National Cyber Security – Produced By Gregory Evans

Police estimate that more than 100 people fell victim to a 32-year-old man’s alleged pattern of identity theft in Colorado Springs. Armando Gallegos allegedly manufactured checks using others’ account information and then used the checks at local businesses. He was arrested Aug. 23 in one of the five cases of…

The post Colorado Springs police estimate more than 100 victims of alleged identity thief appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Breaches Becoming More Common

The massive security breach last week involving Equifax Inc., is drawing more concern as ransomware, phishing and other kinds of hacking become more frequent on a small and large scale. Around 143 million Americans — including 8 million New Yorkers — were affected in the latest massive breach with the… View full post on National Cyber Security Ventures

More people meeting online regardless of age, says expert

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ The latest census says there are approximately 14.3 million singles in Canada, and according to sociologist Sarah Knudson, more and more are dating online — regardless of age. “The biggest story in the past 15 years…

The post More people meeting online regardless of age, says expert appeared first on Become007.com.

View full post on Become007.com

Are Popular Social Media Accounts more Likely to Get Targeted by Hackers?

Source: National Cyber Security – Produced By Gregory Evans

Hacker attacks are nothing new – yet they seem to have evolved in terms of focus and impact, as recent devastating malware attacks like WannaCry and Petya have demonstrated. Everybody is a target nowadays, but the trend does not stop at large companies and tech giants. It seems that cybercriminals…

The post Are Popular Social Media Accounts more Likely to Get Targeted by Hackers? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures