• Cybercrime imposing growing costs on global economy

    A new report has found that the cost of cybercrime to the global community and infrastructure is not only incredibly high, but steadily rising as well. The study concluded that up to $575 billion a year — larger than some countries’ economies — is lost due to these incidents. The emergence of the largely unregulated, and unprotected, Internet of Things will make matters only worse.

  • Medical devices, not only medical records, are vulnerable to hackers

    Health organizations have spent millions of dollars to protect hospital computer systems and software from malware, but hospitals today are increasingly equipped with many medical devices linked to Wi-Fi, making the devices a portal to hospital room operations. Infusion pumps deliver measured doses of nutrients or medications such as insulin or other hormones, antibiotics, chemotherapy drugs, and pain relievers into a patient’s body. Although it has yet to happen, it is quite possible for a hacker to infiltrate an active infusion pump on a hospital’s Wi-Fi and change the dosage. Hackers can also use the pump’s network access to inject malware in the hospital’s network systems, giving them entry to patients’ medical records. The records can then be sold to identity thieves.

  • DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities

    On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.

  • Bolstering cybersecurity by taking a step back in time to analog security systems

    Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.

  • FBI, DHS study threats against news organizations covering “The Interview” incident

    Last week, the FBI and DHS issued a joint intelligence bulletin to law enforcement agencies across the country urging them to remain vigilant, citing a series of threats against movie theaters that show “The Interview” and news organizations that continue to cover the incident between Sony Entertainmentand Guardians of Peace, the hacking group allegedly backed by North Korea. A Tennessee man has since emerged saying he issued the threat against the news organizations and that he was just “messing around,” but the FBI is trying to determine whether the threat to news organizations was indeed a hoax.

  • 2014: The year of security breach awareness

    2014 will be seen as the “Year of the Breach,” or at the least, the “Year of Raised Awareness of Breaches,” according to observers of IT security trends over the course of the year. The legal repercussions for hackers are small, and usually non-existent, but the cost in damage to the victims of hacking can be huge. A survey by the Ponemon Institute revealed that in 2014, the average cost of a cyberattack was $20.8 million for a company in the financial services sector, and $8.6 million for a retail store — costs which ultimately affect the public at large.

  • Businesses brace for more, and more sophisticated, cyberattacks in 2015

    The recent Sony Pictureshack is one more reason for industries to prepare for a series of cyberattacks which will likely occur in 2015. From massive data leaks to distributed denial-of-service (DDoS) attacks, hackers will continue to find vulnerabilities within targeted network systems. “In 2015, attackers will continue to look for new vulnerabilities so that they can ‘hack the planet’,” says one cyber expert.

  • DHS-funded app-vetting firm shows market promise

    DHS recently announced it would continue funding technology company Kryptowireso the company could further pursue private sector clients. Kryptowire sells software which identifies security vulnerabilities in mobile applications and archives the results. Kryptowire already has a client list that includes the Justice Departmentand a few entertainment and gaming companies, many of which use Kryptowire to review the safety of their apps before offering it to staff and customers.

  • Fixing e-mail vulnerabilities in your organization

    E-mail is by far the most widely used and the least secure form of communication. The reason why e-mail is so vulnerable to attacks is because most organizations simply do not take any steps to secure it. Some often believe that e-mail messages are like private letters — securely sealed while in transit, and can only be opened when they reach the recipient. In reality, unsecured e-mail can be compared to a postcard which can be easily intercepted along the way.

  • Overcompensating customers affected by a data breach may make it worse

    Information systems researchers, who studied the effect of two compensation strategies used by Target in reaction to a large-scale data breach which affected more than seventy million customers, have found that overcompensation of affected customers may only raise suspicions rather than satisfy customers’ sense of justice. The study follows a spate of data breaches experienced by large retail firms, such as Home Depot, Sony, and eBay, which, in addition to Target, use so-called “big data” and analytics better to serve customers and drive sales performance.

  • U.S. says evidence ties North Korea to Sony cyberattack

    U.S. intelligence agencies said they have concluded that the North Korean government was “centrally involved” in the attacks on Sony’s computers. This conclusion, which will likely be confirmed today (Thursday) by the Justice Department, was leaked to the media only hours after Sony, on Wednesday, canceled the Christmas release of the comedy — the only known instance of a threat by a nation-state pre-empting the release of a movie. Senior administration officials, speaking on condition of anonymity, said the White House was still debating whether publicly and officially to accuse North Korea of the cyberattack.

  • Sony cancels Christmas release of “The Interview”

    Sony Pictures announced it has cancelled the Christmas release of “The Interview,” the a film at the center of a hacking campaign, after dire threats to moviegoers and a decision by major movie theater groups to cancel screenings in the United States. “Those who attacked us stole our intellectual property, private e-mails, and sensitive and proprietary material, and sought to destroy our spirit and our morale — all apparently to thwart the release of a movie they did not like,” the company said in a statement.

  • Sony hackers threaten attacks against movie goers who plan to see “The Interview”

    The hackers who attacked Sony networks are now threatening an attack on people who plan to go to see the movie “The Interview.” The hackers write in their message that they “recommend you to keep yourself distant” from movie theaters showing the movie. The hackers earlier promised to deliver a “Christmas gift.” It was not clear what they had in mind – some suggested they would release another batch of embarrassing data from Sony’s files — but it now looks as if the “gift” might well be a cyberattack on movie theaters.

  • Cyber whodunnit: North Korea prime suspect but there are many potential culprits

    Many suspect North Korea to be behind the attack on Sony Pictures. North Korea quite possibly has motive, means, and opportunity to carry out this attack on Sony, but as with any successful prosecution, that isn’t enough. We need evidence. We will have to wait for the detailed forensic work to complete before we stand a realistic chance of knowing for certain. That may or may not be forthcoming, but in the meantime we should consider what this event tells us about the balance of power in cyberspace. In a world in which major disruption can be caused with scant resources and little skill, all enemies are a threat. North Korea might be the rogue state that everyone loves to hate but there are plenty of others who could have done it. There is no longer a tiered approach of superpowers fighting proxy wars in smaller, developing nations. Now those developing nations can fight back, and you might not even know it was them.

  • Quantum physics makes fraud-proof credit cards possible

    Credit card fraud and identify theft are serious problems for consumers and industries. Corporations and individuals work to improve safeguards, but it has become increasingly difficult to protect financial data and personal information from criminal activity. Fortunately, new insights into quantum physics may soon offer a solution, as a team of researchers has harnessed the power of quantum mechanics to create a fraud-proof method for authenticating a physical “key” which is virtually impossible to thwart.