Issue 27 - Week of Aug 24th

1.       Ashley Madison aftermath - CEO steps down last Friday. Lawsuits filed against the company both in Canada and US. Some users reported receiving extortion emails requesting 1.05 in bitcoins ($250) to prevent the information from being shared with the user's significant other. On August 24 the Toronto Police Department spoke of "two unconfirmed reports of suicides" associated with the leak of customer profiles along with extortion attempts. The company is offering $500K for any information that can lead to the arrest of the hackers.  According to the John McAfee - this hack was an insider job by a female employee.

2.       More than 80% of healthcare IT leaders say their systems have been compromised -  "Eighty-one percent of healthcare executives say their organizations have been compromised by at least one malware, botnet or other kind of cyberattack during the past two years, according to a survey by KPMG. The KPMG report also states that only half of those executives feel that they are adequately prepared to prevent future attacks. The attacks place sensitive patient data at risk of exposure, KPMG said." 13% of survey respondents said that they are targeted by external hack attempts about once a day and another 12% seeing about two or more attacks per week. "More concerning, 16% of healthcare organizations said they cannot detect in real-time if their systems are compromised," the report said.

3.       IBM has said that TOR based attacks are steadily increasing and that Spikes in Tor traffic can be directly tied to the activities of malicious botnets. IBM says that Companies have “little choice” but to block Tor-based communications. What is TOR? - TOR (The Onion Router) is a browser that delivers untraceable access to the Internet by linking all the computers onto a network. By routing connections through a chain of users, the IP address of the user is kept hidden. TOR was in part created by the US government and its use was intended to protect the personal privacy of users, However - it is being widely used for unscrupulous and illegal activities.

4.       Pentagon unveils data breach rules for defense contractors "The Pentagon is rolling out long-awaited rules governing how the defense industry should report cybersecurity incidents. The regulations, published in the Federal Register on Wednesday, require contractors and subcontractors to report "cyber incidents that result in an actual or potentially adverse effect" on either the contractor's information system and data, or its ability to "provide operationally critical support."  Report the incident and have a response plan is good lesson for corporates as well.

5.       BitTorrent tracker blocks Windows 10 users "Some BitTorrent sites don't trust Windows 10 at all. So, at least one BitTorrent tracker, iTS, has blocked Windows 10 users from accessing torrents from their site. Others are considering banning Windows 10 users. In a YouTube video, iTS proclaimed that "Windows 10 is nothing more than a spy tool that will keep track of every action, email, conversation, video, picture, or anything else that you do on your computer."

6.       Keyless Cars - convenience; but always seems to come at a cost. News emerged last week that car manufacturers using the Megamos Crypto transponder electronic vehicle immobilizer, used by Audi, Fiat, Honda, Volvo, and Volkswagen in over 100 models of car, had suppressed information on a security flaw for two years. Deploying security updates in cars is always challenging. Doing it OTA (Over The Air) is easier but needing a recall to update is costly and time consuming with no guarantee of all cars getting fixed. Four out of ten thefts in London last year were due to electronic hacking. Experts recommend that you keep your smart key in an RF Shielded pouch.

7.       Development of legislative mechanisms and criminal law provisions are the need of the hour to tackle the menace of cybercrime, India’s Minister of State for Home Kiren Rijiju said last week. Addressing a seminar on cyber and network security, Rijiju said that to ensure cyber security, concerned agencies have the necessary training, tools and know-how to take on new age cybercrimes.

8.       India ranks as the 9th most impacted region by ransomware with other countries like US, Japan, the UK, Italy and Germany topping the charts. The threat is known for locking computers or encrypting files to trick users into handing over their money. Among the many tips for protecting your business against cyber extortion - the most important is Back It Up, and Back It Up, and Back It Up Again.

9.       Things keep getting worse on the cyber front. From the US government to Ashley Madison to Ola to Gaana.com, no company, organization, or person is safe from cyber-attacks. 80% of the non-state attacks are by organized crime and these gangs are collaborating amongst each other to help each other out. Attacks cannot be stopped but certainly one can be prepared to prevent these attacks and also put in process/team to handle actions post attack. The first step to prepare is to understand how a hacker works or in other words understand the kill chain and put controls to block each of the link in the chain. For post attack preparation - one could put an Emergency Response Team and process - that will respond in the event of an attack.