Tag: cyber attacks

Enterprises fail to act on cybersecurity

William Blake: War - WIkimedia CommonsIt won’t be until 2018 that large enterprises will have proper plans to protect themselves from cyber attacks causing business disruption.

And, even then, only 40 percent of these organisations will have such plans.

That’s what a report from Gartner says, which warns that chief information security officers need to set their priorities/

Gartner thinks the frequency of a cyber attack on a large scale is low, but if it does happen, the implications are sever.

Paul Proctor, a VP at Gartner warns that servers can be downed, data wiped, and digital intellectual property published to the internet – as happened with Sony late last year.

“Employees may not be able to fully function normally in the workplace for months. These attacks may expose embarrassing internal data via social media channels and could have a longer media cycle than a breach of credit card or personal data,” he said.

He also pointed out that avoiding a compromise in a large computer enterprise “is just not possible”. Instead, those responsible should concentrate on firewalls, antivirus and vulnerability management, as well as increasing detection and response capabilities.

The Internet of Things (IoT) will expand the attack surface so enterprises need to pay better attention, and spend more money on preventing attacks.

Banks hit by cyber crooks

wargames-hackerRespected anti virus company Kaspersky Labs believes that crooks have targeted banks and that could lead to as much as one billion dollars of losses.

Kaspersky thinks the attacks were made using so-called phishing scams to access up to 100 banks’ networks and so gained access to cash machines and drew out the money.

But the attacks are confined mostly to Russia, with some attacks made on banks in Ukraine and China.

The company worked with Interpol on an investigation and it claims that the attack is one of the most significant security breaches yet.

The amount is difficult to pin down and it’s believed the billion dollar figure may have been overstated.

The crooks involved in the scam are believed to still be active but there’s no indication on where they’re based or how they gained access to ATMs.

US president goes to Silicon Valley

Obama BarackPresident Barack Obama is to meet CEOs in Silicon Valley today to canvass their views on ways to improve existing cyber legislation.

That’s in the wake of massive attacks on healthcare company Anthem and Sony.

According to Reuters, Obama is expected to say that government and the private sector need to cooperate better to meet the challenges of cyber attacks.

A White House representative said that the idea is that if the USA gets it right, more people and companies worldwide will do business with America.

But while Obama will meet some CEOs, some will pointedly stay away including Google, Facebook and Yahoo. They don’t think that the US has done enough to protect their customers from NSA surveillane.

Obama wants Congress to pass a law giving liability protection to companies that share their data about security.

SMEs at centre of cyber attacks

SymantecheadquartersTargeted security attacks rose by 42 percent in 2012, with cybercriminals targeting SMEs, Symantec has found.

In its Internet Security Threat Report the company said these threats were designed to
steal intellectual property, and were increasingly hitting the manufacturing sector as well as small businesses, which were the target of 31 percent of these attacks.

Small businesses are apparently attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques, Symantec said, citing a threefold rise in the number of attacks on these size businesses compared to 2011.

It said that while small businesses  could feel they were immune to targeted attacks, cybercriminals were enticed by these organisations’ bank account information, customer data and intellectual property. Attackers hone in on small businesses that may often lack adequate security practices and infrastructure, the company said.

Web-based attacks increased by 30 percent in 2012, which Symantec said originated from the compromised websites of small businesses.

It pointed out that these websites were used in massive cyber-attacks as well as “watering hole” attacks. In a watering hole attack, the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest. When the victim later visits the compromised website, a targeted attack payload is silently installed on their computer.

Shifting from governments, manufacturing  moved to the top of the list of industries targeted for attacks in 2012. Symantec said this was because cybercriminals were attacking the supply chain as a result of finding contractors and subcontractors susceptible to attacks and often in possession of valuable intellectual property.

Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company, the company pointed out.

On the consumer front mobiles seemed to be the worst hit, with malware increasing by 58 percent. Around a third of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers.

Apple’s iOS had the most documented vulnerabilities, it only had one threat discovered during the same period and Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system.

Webwise 61 percent of malicious websites were found to be legitimate websites that had been compromised and infected with malicious code. Business, technology and shopping websites were among the top five types of websites hosting infections.

A growing source of infections on websites was malvertisements – when criminals buy advertising space on legitimate websites and use it to hide their attack code.