• Cybercrime imposing growing costs on global economy

    A new report has found that the cost of cybercrime to the global community and infrastructure is not only incredibly high, but steadily rising as well. The study concluded that up to $575 billion a year — larger than some countries’ economies — is lost due to these incidents. The emergence of the largely unregulated, and unprotected, Internet of Things will make matters only worse.

  • FBI, DHS study threats against news organizations covering “The Interview” incident

    Last week, the FBI and DHS issued a joint intelligence bulletin to law enforcement agencies across the country urging them to remain vigilant, citing a series of threats against movie theaters that show “The Interview” and news organizations that continue to cover the incident between Sony Entertainmentand Guardians of Peace, the hacking group allegedly backed by North Korea. A Tennessee man has since emerged saying he issued the threat against the news organizations and that he was just “messing around,” but the FBI is trying to determine whether the threat to news organizations was indeed a hoax.

  • U.S. says evidence ties North Korea to Sony cyberattack

    U.S. intelligence agencies said they have concluded that the North Korean government was “centrally involved” in the attacks on Sony’s computers. This conclusion, which will likely be confirmed today (Thursday) by the Justice Department, was leaked to the media only hours after Sony, on Wednesday, canceled the Christmas release of the comedy — the only known instance of a threat by a nation-state pre-empting the release of a movie. Senior administration officials, speaking on condition of anonymity, said the White House was still debating whether publicly and officially to accuse North Korea of the cyberattack.

  • Sony cancels Christmas release of “The Interview”

    Sony Pictures announced it has cancelled the Christmas release of “The Interview,” the a film at the center of a hacking campaign, after dire threats to moviegoers and a decision by major movie theater groups to cancel screenings in the United States. “Those who attacked us stole our intellectual property, private e-mails, and sensitive and proprietary material, and sought to destroy our spirit and our morale — all apparently to thwart the release of a movie they did not like,” the company said in a statement.

  • FBI moves cyberthreats to top of law-enforcement agenda

    FBI director James Comey said combatting cybercrime and other cyber threats are now top FBI priority. “It (the Internet) is transforming human relationships in ways we’ve never seen in human history before,” Comey said. “I see a whole lot of hacktivists, I see a whole lot of international criminal gangs, very sophisticated thieves,” he added. “I see people hurting kids, tons of pedophiles, an explosion of child pornography.” In October Comey urged Congress to require tech companies to put “backdoors” in apps and operating systems. Such a move would allow law enforcement officials to better to monitor suspected criminals who often escape the law using encryption and anti-surveillance computer software.

  • McAfee Labs report previews 2015 cyber threats, exploits, evasions

    McAfee Labs November 2014 Threats Report offers an analysis of threat activity in the third quarter of 2014, and the organization’s annual 2015 Threats Predictions for the coming year. The report details a third quarter filled with threat development milestones and cyber events exploiting long-established Internet trust standards. McAfee Labs forecasts a 2015 threat landscape shaped by more attacks exploiting these standards, new attack surfaces in mobile and Internet of Things (IoT), and increasingly sophisticated cyber espionage capabilities, including techniques capable of evading sandboxing detection technologies.

  • A malware more sophisticated than Stuxnet discovered

    Security experts at Symantechave discovered the world’s most sophisticated computer malware, Regin. Thought to have been created by a Western intelligence agency, and in many respects more advanced than Stuxnet — which was developed by the U.S. and Israeli government in 2010 to hack the Iranian nuclear program — Regin has targeted Russian, Saudi Arabian, Mexican, Irish, and Iranian Internet service providers and telecoms companies. “Nothing else comes close to this … nothing else we look at compares,” said one security expert.

  • More companies adopt active defense to thwart hackers

    Some U.S. companies are beginningto counter-hack cybercriminals by using intelligence shared within industry circles. Federal officials have not openly endorsed active defense, but measures like tricking hackers into stealing fake sensitive data, then tracking its movements through the Web, are gaining support. Some firms have gone as far as hacking alleged criminals’ servers. “The government is giving ground silently and bit by bit on this [active defense] by being more open,” said former National Security Agencygeneral counsel Stewart Baker. “I have a strong sense from everything I’ve heard. . . that they’re much more willing to help companies that want to do this.”

  • Differences between hacking, state-sponsored cyberwarfare increasingly blurred: Experts

    Cybersecurity officials say that there is an increasing similarity between hacking attacks and full-on cyber warfare, as digital infrastructures continue to grow and play a larger role in everyday life. “It’s not a clear, bright red line,” said Mitchell Silber, the executive managing director of K2 Intelligence, “It really is more murky, the difference between where a cyber criminal hack ends and where some type of state or state-sponsored event begins.”

  • U.S. government networks vulnerable despite billons spent on protecting them

    Experts say that cybersecurity has leaped over terrorism as the top threat to U.S. security, and with the awareness of the threat comes funding better to secure government systems. There are currently 90,000 information technology security professionals working for the government, 33 percent of them are contractors. The federal government is projected to hire more cyber professionals and spend $65 billion on cybersecurity contracts between 2015 and 2020, but today, federal cybersecurity officials are still struggling to keep sensitive data from hackers and cyber criminals. Some have warned of a “Cyber Pearl Harbor” — but Pearl Harbor was a surprise. No one in business or government today can continue to plead surprise when it comes to the possibility of cyberattack.

  • Information sharing is key in responding to cyberattacks

    Time is not your friend when your information systems are under cyberattack, but sharing threat information before, during, and after an attack with a trusted group of peers can help. Not only does it alert the other members of your community to a potential attack, it can provide critical actionable information to speed and bolster your own defenses. Participating in a formal information sharing group can greatly enhance an organization’s cybersecurity capabilities.

  • Mission Secure closes round of seed financing to commercialize cybersecurity technology

    Charlottesville, Virginia-based Mission Secure Inc. (MSi), a cyberdefense technology and solutions provider focusing on protecting physical systems and autonomous vehicles, last week announced it had recently closed its seed financing round led by Ballast Fund investors, a private equity firm and several high net worth angel investors.

  • Banks collaborate to thwart cybercrime

    The Financial Services Information Sharing and Analysis Center (FS-ISAC), a cybersecurity information sharing group, has teamed up with the Depository Trust & Clearing Corporation to form Soltra. Named after a series of fire signals that were used in Europe hundreds of years ago to warn against invaders, the organization alerts member banks of incoming or potential cyber threats.

  • Contactless cards fail to recognize foreign currency

    New research has highlighted a “glitch” in the Visa system which means their contactless cards will approve foreign currency transactions of up to 999,999.99 in any foreign currency. Side-stepping the £20 contactless limit, transactions can be carried out while the card is still in the victim’s pocket or bag. Transactions are carried out offline, avoiding any additional security checks by the bank, and although the current system requires the credit card to authenticate itself, there is currently no requirement for the POS (point of sale) terminal to do the same.

  • Identifying ways to improve smartphone security

    What information is beaming from your mobile phone over various computer networks this very second without you being aware of it? Experts say your contact lists, e-mail messages, surfed Web pages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission. The apps downloaded to smartphones can potentially track a user’s locations, monitor his or her phone calls and even monitor the messages a user sends and receives — including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue. Assigning risk scores to apps may slow down unwarranted access to personal information.