1. J.P. Morgan, Bank of America, Citibank And Wells Fargo
Spending $1.5 Billion To Battle Cyber Crime: There’s a showdown going down between a global network of cyber
criminals and the world’s largest corporations, governments and cybersecurity
companies. Insurance companies estimate the annual cost of cyber-attacks to be
more than $500 billion. The BFSI sector has been the prime target of cyber
criminals over the last five years, followed by IT/telecom, defense, and the
oil and gas sector. JPMC
expects its cybersecurity spending to be around $500 million in 2016 while Bank
of America will spend $400 million, Citibank $300 million & Wells Fargo
$250 million. That’s roughly $1.5 billion in cybersecurity spending by these 4
companies. The U.S. financial services US cybersecurity market is $9.5 billion,
making it the largest non-government cybersecurity market in the world.
Worldwide market size of financial services is estimated at $16 Billion.
2. Chinese hacker Steals $170,000 by hacking airline website
and offering ticket booking: A 19-year-old man in Dalian, China has been arrested by
the police after he was caught hacking into an airline’s website, stealing
booking information from 1.6 million ticket orders, and ripping off hundreds of
travelers. Using the information, the teen went on to make hundreds of
fraudulent transactions and pocketed $170k. It took the airline three weeks to
notice the data breach. A police officer said the hack was a result of a
loophole in the airline’s computer system and was not highly sophisticated.
3. Xbox Live downed after threats; hacker group takes
responsibility: Hackers from the Phantom Squad are said to have launched
a distributed denial-of-service (DDoS) attack against the Microsoft gaming
network. In a tweet, the hacker group said Xbox maker Microsoft, and rival
Sony-owned gaming network PSN, doesn't "bother working on security"
despite their "millions of dollars." Last year, the infamous Lizard
Squad launched a series of network attacks against Xbox Live and Sony's PSN
network. The attacks were so ferocious and long-lasting that new and existing
gamers during the Christmas holidays were unable to login for hours or even
days at a time, drawing ire from the international gaming community.
4. The Ghosts of Technologies Past will Come Back to Haunt
Us: Just like it takes continual effort
to keep the Golden Gate Bridge or the Taj Mahal in its famous hue, maintenance
of the broader IT infrastructure is an ongoing task and requires continual
vigilance and effort. However, unlike a bridge or monument, IT Infrastructure
continues to grow and expand in depth and criticality, requiring increasing
resources just to maintain the status quo. In essence, with every passing day,
IT managers have to work harder just to stay in the same place...and that’s a
problem. As our infrastructure ages, the challenges posed by connected
technology that has become obsolete will grow - for eg: erstwhile robust
algorithms such as MD5 and SHA-1 have now become vulnerable to attack.
5. Over 650 terabytes of data up for grabs due to publicly
exposed MongoDB databases: There are at least 35,000 publicly accessible and
insecure MongoDB databases on the Internet, and their number appears to be
growing. Combined they expose 684.8 terabytes of data to potential theft. This
is the result of a scan performed over the past few days. Millions of user
accounts from various apps and services, including 13 million users of the
controversial OS X optimization program MacKeeper stand exposed.
6. Torrent websites infect 12 million users a month with
malware: If
you visit torrent search websites to pirate software, the risk isn't only through
the law but
also through malware. Almost a third of the 800 main torrent search
websites online today regularly serve their visitors malware - most of them
through malvertising. Malware is also found in torrented content. In one
example, a pirated copy of the game Fallout 4 served malware to a gamer victim
resulting in the theft of their bitcoin savings, worth approximately $2000.
Exploits, Remote Access Trojans (RATs), adware, ransomware and botnets were all
discovered, and all of which could lead to the theft of sensitive data or
system surveillance.
7. Russian hacking group sharpens its skills: APT 28 group targets political figures, telecom,
aerospace companies and has developed new ways of attacking according to
researchers. The primary targets of the group are in countries such as Ukraine,
Spain, Russia, Romania, the US and Canada. They primarily use three attack
vectors to infect targets: spear phishing e-mails with crafted Word and Excel
documents attached, phishing websites hosted on typosquatted domains and
malicious iFrames leading to Java and Flash zero-day exploits. The hacking
group also takes advantage of several newly discovered zero-days exploits,
relying on the fact that not everyone installs security updates immediately
after they are published.
8. Data Theft Prevention (DTP) Crosses the Chasm: Chances are, data
about you was leaked or stolen in 2015. The variety of industries targeted by
attackers in 2015 is unprecedented - 177 Million data records were stolen from
750 reported breaches. As Data has value to criminals, they began to spread
their attacks to steal data much more widely than ever before. From retail
pharmacy and broader healthcare and insurance industries; to university systems
and financial service companies; and even to attacks against prominent security
companies; data is money to attackers, and in 2015, they made a lot of money
from stolen data. An assumption that, “we are already compromised” is beginning
to pervade security professionals and the prediction is that DTP adoption will
dramatically increase in more mainstream companies.
9. NASSCOM task force considering corporate cyberattacks
disclosure: The technology industry in India is working on a
comprehensive cybersecurity plan, which includes asking companies to share information
about online breaches and the methods employed to deal with them to help the
larger community take better decisions about investing resources in
cyber-attacks. Most of the corporates do not want to disclose that they got
hacked but at-least a disclosure of actions that companies have taken to
protect themselves, in terms of staffing, in terms of funding, in terms of
action will help fix similar issues from recurring elsewhere. A similar
decision was taken in 2012 but it never saw the light of the day. Last week,
NASSCOM also discussed the need for India to become self-reliant in
cybersecurity technologies and the
need to have more trained professionals in the country engaged in
cybersecurity.
No comments:
Post a Comment