Hackers are increasingly targeting small companies for cyber-attack and the amount of malware directed at mobile operating systems is rapidly escalating, according to Symantec’s Internet Security Threat Report for 2012.
The report, issued last month, said half of all targeted attacks last year were aimed at businesses with fewer than 2,500 employees. The largest growth area for targeted attacks was businesses with fewer than 250 employees; 31 percent of all attacks targeted them. Read more
A high-level commission into the theft of US intellectual property (IP) has made wide-reaching recommendations on tightening cybersecurity, including “aggressive” changes to the law to bring it up to date with rapidly evolving computer crime.
The Commission on the Theft of American Intellectual Property, chaired by former director of national intelligence Dennis Blair and former ambassador to China Jon Huntsman, said the scale of the theft ran to hundreds of billions of dollars a year, and the main culprit was China. Read more
Critical infrastructure in the US – including the energy sector with its nuclear power facilities – is increasingly coming under cyber attack from hostile nations and a range of other hackers, with potentially disastrous consequences.
The warning was issued earlier this month by Charles Edwards, deputy inspector general of the Department of Homeland Security (DHS), who emphasized the need for streamlined communication between the government and private sector on cybersecurity. Read more
A new report published by a respected British think tank has challenged the conventional wisdom that the Stuxnet worm was a major setback to Iran’s nuclear ambitions.
Ivanka Barzashka, a researcher in the Department of War Studies at King’s College London, said in the report – based largely on data from the International Atomic Energy Agency (IAEA) – that Stuxnet may have ended up helping Iran more than it harmed it. Read more
Researchers at North Carolina State University (NCSU) have developed an innovative way of protecting networked control systems from cyber attack – raising the possibility of a defense against Stuxnet-type sabotage.
A release from NCSU (http://news.ncsu.edu/releases/wms-chow-dncs/) said Dr. Mo-Yuen Chow and PhD student Wente Zeng had created an algorithm that detects and isolates cyber attacks on systems of the kind used to coordinate transport, power and other infrastructure. Because they often rely on wireless or Internet connections, these systems are vulnerable to cyber attacks such as Stuxnet – the worm that affected Iran’s uranium enrichment program in 2009 and 2010. Read more
Internet pioneer Yahoo! Inc. announced today (Monday) it was buying Tumblr for $1.1-billion in an acquisition that some analysts were quick to criticize as holding little value for Yahoo shareholders. Read more
In Part 1 of this post about the DMARC (Domain-based Message Authentication, Reporting and Conformance) standards for digital messaging integrity, Alec Peterson of Message Systems and Sam Masiello of Groupon, both representing DMARC.org, gave us great information about the new technical specification designed to reduce the phishing abuse of known and controlled domains. Today we pick up where we left off to discuss how companies use DMARC, what benefits they get from it, and what you can do to deploy this standard within your own organization. Read more
Popular content management system WordPress is harboring a default setting that is making is susceptible to compromise, according to recent research.
Gur Shatz, CEO of IT security vendor Incapsula, wrote in a blog post that a recent Distributed Denial of Service (DDoS) attack mitigated by his firm exposed this vulnerability.
“These sites were not compromised, taken over, or rooted. Instead, the attackers took advantage of an existing WordPress vulnerability and abused the site, herding it into a voluntary botnet,” he wrote. Read more
Hacked hosting providers are becoming a fertile launch pad for new phishing attacks, accounting for nearly half of all phishing incidents during the second half of 2012, according to new research from the Anti-Phishing Working Group (APWG).
The fact that these phishing attacks are increasing is not surprising, since based on earlier reports spear phishing is the main way cyber criminals deliver their advanced, targeted malware payloads.
But according to APWG’s most recent Domain Name Use and Trends Report, Attackers leveraging these compromised hosting providers represented 47 percent of all phishing attacks recorded worldwide in the second half of 2012. Read more
The federal government issued a strong warning to the financial services sector: Beware of cyber threats, according to the recently released 2012 Financial Stability Oversight Council (FSOC) report.
The FSOC report, which fulfills a Congressional mandate to describe “significant financial market and regulatory developments, analyze potential emerging threats, and make certain recommendations,” found cyberattacks to be a significant “operational risk.” Read more