1.
Ashley Madison aftermath - CEO steps down last Friday. Lawsuits filed against the company both in Canada and
US. Some users reported receiving extortion emails requesting 1.05 in bitcoins
($250) to prevent the information from being shared with the user's significant
other. On August 24 the Toronto Police Department spoke of "two
unconfirmed reports of suicides" associated with the leak of customer
profiles along with extortion attempts. The company is offering $500K for any
information that can lead to the arrest of the hackers. According to the John McAfee - this hack was
an insider job by a female employee.
2.
More than 80% of healthcare IT leaders say their systems
have been compromised - "Eighty-one percent of healthcare
executives say their organizations have been compromised by at least one
malware, botnet or other kind of cyberattack during the past two years,
according to a survey by KPMG. The KPMG report also states that only half of
those executives feel that they are adequately prepared to prevent future
attacks. The attacks place sensitive patient data at risk of exposure, KPMG
said." 13% of survey respondents said that they are targeted by external
hack attempts about once a day and another 12% seeing about two or more attacks
per week. "More concerning, 16% of healthcare organizations said they
cannot detect in real-time if their systems are compromised," the report
said.
3.
IBM has said that
TOR based attacks are steadily increasing and that Spikes in Tor traffic can be
directly tied to the activities of malicious botnets. IBM says that Companies have “little choice” but to block Tor-based
communications. What is TOR? - TOR (The Onion Router) is a browser that
delivers untraceable access to the Internet by linking all the computers onto a
network. By routing connections through a chain of users, the IP address of the
user is kept hidden. TOR was in part created by the US government and its use
was intended to protect the personal privacy of users, However - it is being
widely used for unscrupulous and illegal activities.
4.
Pentagon unveils data breach rules for defense
contractors "The Pentagon is
rolling out long-awaited rules governing how the defense industry should report
cybersecurity incidents. The regulations, published in the Federal Register on
Wednesday, require contractors and subcontractors to report "cyber
incidents that result in an actual or potentially adverse effect" on
either the contractor's information system and data, or its ability to
"provide operationally critical support." Report the incident and have a response plan
is good lesson for corporates as well.
5.
BitTorrent tracker blocks Windows 10 users "Some BitTorrent sites don't trust Windows 10 at
all. So, at least one BitTorrent tracker, iTS, has blocked Windows 10 users
from accessing torrents from their site. Others are considering banning Windows
10 users. In a YouTube video, iTS proclaimed that "Windows 10 is nothing
more than a spy tool that will keep track of every action, email, conversation,
video, picture, or anything else that you do on your computer."
6.
Keyless Cars - convenience; but always seems to come at a
cost. News emerged last week that car
manufacturers using the Megamos Crypto transponder electronic vehicle immobilizer,
used by Audi, Fiat, Honda, Volvo, and Volkswagen in over 100 models of car, had
suppressed information on a security flaw for two years. Deploying security
updates in cars is always challenging. Doing it OTA (Over The Air) is easier
but needing a recall to update is costly and time consuming with no guarantee
of all cars getting fixed. Four out of ten thefts in London last year were due
to electronic hacking. Experts recommend that you keep your smart key in an RF
Shielded pouch.
7.
Development of
legislative mechanisms and criminal law provisions are the need of the hour to
tackle the menace of cybercrime, India’s
Minister of State for Home Kiren Rijiju said last week. Addressing a
seminar on cyber and network security, Rijiju said that to ensure cyber
security, concerned agencies have the necessary training, tools and know-how to
take on new age cybercrimes.
8.
India ranks as the
9th most impacted region by ransomware
with other countries like US, Japan, the UK, Italy and Germany topping the
charts. The threat is known for locking computers or encrypting files to trick
users into handing over their money. Among the many tips for protecting your
business against cyber extortion - the most important is Back It Up, and Back It Up, and Back It Up Again.
9.
Things keep getting worse on the cyber front. From the US government to Ashley Madison to Ola to
Gaana.com, no company, organization, or person is safe from cyber-attacks. 80%
of the non-state attacks are by organized crime and these gangs are
collaborating amongst each other to help each other out. Attacks cannot be
stopped but certainly one can be prepared to prevent these attacks and also put
in process/team to handle actions post attack. The first step to prepare is to
understand how a hacker works or in other words understand the kill chain and put controls to block each of the
link in the chain. For post attack preparation - one could put an Emergency
Response Team and process - that will respond in the event of an attack.
No comments:
Post a Comment