1. In TalkTalk aftermath: After Target,
Home Depot, JPMC
were breached their stocks showed no noticeable impact, but when UK telecom
giant TalkTalk
joined the breach victim club in Oct'15, its stock took a jaw-dropping beating,
and it hasn't recovered. A lot of people are wondering "why"? Was
something different about talk Talk’s break-in, or are we now entering the era
where cyber-attacks can damage more than a company's reputation. In the past
there have been few examples like Heartland Payment Systems & Global
Payment Systems, whose stock value eroded post cyber-attacks but in general,
Shareholders don't have good metrics, tools, and approaches to measure the
impact of cyber-attacks on businesses and hence it does not translate into a
dollar value erosion.
2. 191 Million US
Voters' Personal Info Exposed by Misconfigured Database: The database includes voters' full names,
their home addresses, unique voter IDs, date of births and phone numbers. The
database was discovered by a white hat hacker, fortunately, the database
doesn't contain Social Security Numbers, driver license numbers, or any
financial data, but it's still a massive amount of data when it comes to
protecting users privacy and security. The crazy part of the data breach is no
one is taking responsibility for the exposed database.
3. Steam confirms
DoS revealed user details: Gaming platform Steam has confirmed that a denial-of-service (DoS)
attack took place on Christmas Day, has caused around 34,000 users to have
their sensitive personal information returned and possibly seen by other users.
The company is working on identifying affected users. Earlier in Dec'15, it was
admitted that up to 77,000 accounts each month are hijacked on Steam, with
users having their digital items stolen and sold, resulting in the company implementing
increased security such as implementing two-factor authentication, Mobile Authenticator,
self-locking features, and user notifications of any risk.
4. BBC says
website knocked down due to apparent DDoS attack: Service was out for more than three hours last week. Users received an
error message and the broadcaster said on Twitter the outage was due to
technical problems. BBC later apologized for the outage. A news story posted on
the website said it had been due to a "distributed denial of service"
attack in which a website is swamped with more traffic than it can handle. This
is a relatively common way to target a website and temporarily make it
inaccessible.
5. Hyatt Hotels
Reports Data Breach: Hyatt Hotels has announced a data breach affecting its customers'
financial data, which at a later investigation proved to originate from a malware
infection on its PoS systems. Hotel representatives did not specify what brands
were affected, what hotel properties, and what kind of data was stolen. It is
yet unknown if the malware infection was found on the hotels' own reservation
system PoS, or on the payment processing system used by gift shops and
restaurants located on the hotels' premises. In the past, data breaches have
been reported by the Trump
Hotel Collection, Starwood
Hotels, and Hilton
Hotels.
6. Convenience
meets continuing complexities: The Internet Of Things will help (and hurt)
us all. The websites, apps and electronic devices that comprise the Internet of
Things (IoT), make navigating personal and business tasks more convenient than
ever, but their popularity also means a wider attack surface, expanse of data
and range of vulnerabilities for threat actors to exploit. Industries, such as
healthcare and manufacturing , that utilize a large number of connected devices
and networked systems in the course of their everyday business are likely to
face a wider range of security vulnerabilities and threats.
7. Microsoft has
pledged to inform users if their online communications (Outlook.com email and
OneDrive) are being targeted and monitored by government entities: MS is the latest to follow the foot-steps
of Facebook, Twitter, Google and more recently Yahoo to warn its users of state
attacks. Experts’ advice the additional ways to keep personal data and accounts
safe, is by not opening suspicious emails and clicking on links or downloading
attachments. The links in the fraudulent emails will REDIRECT
the users to malicious websites and attachments will deliver malware payloads,
both of these can steal user credentials as well as compromise their systems.
8. Tor Project
launches bug bounty program: Anonymizing network Tor has secured the
help of sponsors to launch a bug bounty network designed to stamp out
vulnerabilities which may risk user privacy. The Tor Project is a non-profit
organization which operates the Onion network, a relay-and-node system designed
to make user tracking online very difficult. However no system is completely
full-proof and there have been reports of Tor users being identified. There are
several Govt. and people that are interested cracking Tor, for eg: A Cybersecurity
firm offers up to $30,000 for previously unreported zero-day vulnerabilities
impacting the Tor network.
9. Indian
Financial services continue to face high number of cyber threats: The scale and size of cyber-attacks on BFSI is the highest among all
verticals. The technological changes such as mobile banking, mobile wallets,
payment gateways have increased the potential attack vectors. Hackers continue
to steal credentials and other sensitive information thru Phishing emails and
Phishing websites, DDoS attacks are not infrequent, Internal threats are
becoming serious. The solution for BFSI is comprehensive investment in PPT
(People Process and Technology).
10. Everything
about you is already known (most probably): Increasing frequency of data breaches, such
as the many seen in 2015 (780 breaches), are changing the way we think about
PII - Personally Identifiable Information (177 million data records exposed in
2015). We are, in fact, moving to a “post-privacy” society, where it is not
uncommon for an attacker to have access to information that we have previously
considered as personal. Data Theft Prevention and post breach activities will
become increasingly important though it will be hard to be fully prepared for
such an unknown. Defenders must take careful stock of their data handling
processes, be nimble in this changing technology landscape and invest in
(re)training key personnel.
No comments:
Post a Comment