• CybersecurityPetya variant hobbles European businesses

    In the wake of May’s WannaCry attack, which affected more than 230,000 computers in over 150 countries, a fast-moving malware malware outbreak was reported 27 June at targets in Spain, France, Ukraine, Russia, and other countries. The attack infected large banks, law firms, shipping companies, and even the Chernobyl nuclear facility in the Ukraine. The new malware is thought to be a variant of Petya, a wiper malware designed to destroy systems and data with no hope of recovery.

  • CybersecurityU.K. industry warned that cybercriminals are imitating nation state attacks

    The annual assessment — the most detailed of its kind to date — of the biggest cyberthreats to U.K. businesses has been published the other day, emphasizing the need for increased collaboration among industry, government, and law enforcement in the face of a growing and fast-changing threat. The report discusses the trend of criminals imitating the way suspected nation state actors attack organizations such as financial institutions, and the risk posed by the ever-increasing number of connected devices, many of which are not always made secure by manufacturers or users.

  • CybersecurityMisaligned incentives, executive overconfidence create advantages for cyberattackers

    New report outlines how cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace. Defenders on the other hand, often operate in bureaucratic hierarchies, making them hard-pressed to keep up. Attackers thrive in a fluid, decentralized market, while bureaucracy constrains defenders. Ninety-three percent of organizations surveyed have a cybersecurity strategy, but only 49 percent have fully implemented it. Nearly 60 percent of IT executives believe their cybersecurity strategy is fully implemented, while just over 30 percent of IT staff agree. Senior executives designing cyber strategies measure success differently than implementers.

  • CybersecurityGlobal entities come shopping for Israeli cybersecurity

    By Viva Sarah Press

    As computer devices and Internet of Things (IoT) connectivity continue to break new boundaries and create changes to our lifestyle, new cybersecurity technologies to defend our tech-savvy lives are crucial. “We’re still at the beginning for the cyber arena. We still need the security solution for smart homes, we still don’t have security solutions for autonomous cars, or for connected medical devices or MRI machines, or for connected kitchen appliances. Every technology that will be introduced to our lives in the coming years will need a cyber solution,” says one expert.

  • CybersecurityDHS releases Strategic Principles for Securing the Internet of Things

    DHS the other day issued a set of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0. These principles highlight approaches and suggested practices to fortify the security of the IoT. They aim to equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems.

  • CybersecurityBolstering small businesses cybersecurity

    Small-business owners may think that they are too small to be victims of cyber hackers, but NIST experts know otherwise. NIST reaches out to small businesses, helping them understands the challenges they face in protecting their data and systems. The agency has just released Small Business Information Security: The Fundamentals, a guide written for small-business owners not experienced in cybersecurity, which explains basic steps they can take better to protect their information systems.

  • CybersecurityWhat CSPs can learn from the latest DDoS attacks

    Around the world, communications service providers (CSPs) and subscribers were affected by the 21 October 2016 DDoS attack, making it virtually impossible to reach many popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers. The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. An expert offers a few key steps CSPs can take to prepare for similar attacks in the future.

  • CybersecurityCyber incidents’ cost not large compared with other business losses

    The cost of a typical cyber breach to an American company is much less than generally estimated, providing one possible explanation for why companies do not invest more to improve computer security, according to a new study. Researchers found that the typical cost of a breach was about $200,000 and that most cyber events cost companies less than 0.4 percent of their annual revenues. The $200,000 cost was roughly equivalent to a typical company’s annual information security budget. Given that finding, the study’s author says that businesses “lack a strong incentive to increase their investment in data security and privacy protection.”

  • Cybersecurity“Great British Firewall”: U.K. plans firewall to protect industries, consumers

    The GCHQ, U.K.’s surveillance agency, said it was planning to build a British firewall to offer protection against malicious hackers. GCHQ has developed cybersecurity systems the aim of which is to protect government sites and critical infrastructure, but the agency is now ready to offer its expertise to major private companies. “It’s possible to filter unwanted content or spam. It’s possible to filter offensive content. It’s technically possible to block malicious content,” GCHQ director said. “So, the question is: why aren’t we, the cybersecurity community, using this more widely? Well, we — in the U.K.— now are.”

  • CybersecurityIt’s easier to defend against ransomware than you might think

    By Amin Kharraz

    Ransomware – malicious software that sneaks onto your computer, encrypts your data so you can’t access it and demands payment for unlocking the information – has become an emerging cyberthreat. Several reports in the past few years document the diversity of ransomware attacks and their increasingly sophisticated methods. Unfortunately, the use of advanced cryptosystems in modern ransomware families has made recovering victims’ files almost impossible without paying the ransom. However, it is easier to defend against ransomware than to fight off other types of cyberthreats, such as hackers gaining unauthorized entry to company data and stealing secret information.

  • CybersecurityWhat Machiavelli can teach us about cybercrime and e-commerce security

    Online poker offers new insights into the mind-set of scheming Machiavellians, researchers have found. The researchers show that the card betting game can be used as a novel way to better understand the psychology of strategic deception. The research is part of a broader project looking at break-through research on deception, a basic problem at the heart of cybercrime affecting sectors such as e-commerce and financial services, to deepen our fundamental understanding of how deception works particularly in online settings.

  • CybersecurityCybersecurity’s weakest link: humans

    By Arun Vishwanath

    There is a common thread that connects many of the recent hacks which captured the headlines. They all employed generic – or what is now considered “old school” – phishing attacks which typically took the form of the infamous “Nigerian prince” type e-mails, trying to trick recipients into responding with some personal financial information. “Spearphishing” attacks are similar but far more vicious. They seek to persuade victims to click on a hyperlink or an attachment that usually deploys software (called “malware”) allowing attackers access to the user’s computer or even to an entire corporate network. Yes, people are the weakest links in cybersecurity. But they don’t have to be. With smarter, individualized training, we could convert many of these weak links into strong detectors – and in doing so, significantly strengthen cybersecurity.

  • CybersecuritySystem predicts 85 percent of cyber-attacks using input from human experts

    By Adam Conner-Simons

    Today’s security systems usually fall into one of two categories: human or machine. So-called “analyst-driven solutions” rely on rules created by living experts and therefore miss any attacks that do not match the rules. Meanwhile, today’s machine-learning approaches rely on “anomaly detection,” which tends to trigger false positives that both create distrust of the system and end up having to be investigated by humans, anyway. But what if there were a solution that could merge those two worlds? What would it look like? Virtual artificial intelligence analyst developed by the MIT’s Computer Science and Artificial Intelligence Lab and machine-learning startup PatternEx reduces false positives by factor of 5.

  • CybersecuritySharing password data safely to bolster cybersecurity

    An unfortunate reality for cybersecurity researchers is that real-world data for their research too often comes via a security breach. Now computer scientists have devised a way to let organizations share statistics about their users’ passwords without putting those same customers at risk of being hacked.

  • CybersecurityCybercrime’s true toll

    Cyber thieves who steal credit and debit card numbers are making millions of dollars in profits, fueling a global criminal enterprise marked by the high-profile data breaches of major companies such as Target and Home Depot. A criminologist offers one of the first scientific studies to estimate cybercrime profits, saying the findings should be a wakeup call for consumers and law enforcement officials alike.