CyberSecurity Pulse 2016-01-21
Insecurity in IoT, the Main Challenge in 2016
On the other hand, Cybercrime remains a growth industry. There is a growing trend of aggression in many cyber-attacks specially linked to the use of extortion, whether it is through ransomware or by the threat of performing Distributed Denial of Service (DDoS) attacks. The easy access to products and services related to cybercrime allows to launch attacks of a scale and scope disproportionate in terms of risks, costs and profits. In any case, 2015 was a year in which the leaks have grabbed many headlines with hundreds of attacks and leaks of high impact. The perception of the growth of this kind of attacks is not being evaded by Governments, which are considering the obligation to report the incidents as a response to how personal data have become prime targets of cybercrime. It will be necessary to find an alignment between business and security forces in order to enhance research and response to these incidents.
Cyberattacks on Critical Manufacturing Doubled in 2015
According to a report from the US Department of Homeland Security's (DS's) Industrial Control System Computer Emergency Response Team (ICS-CERT), DHS investigated nearly twice as many critical manufacturing sector incidents between October 1, 2014 and September 30, 2015 as it did during the previous fiscal year. 97 out of the 295 incidents ICS-CERT investigated, involved organizations in the critical manufacturing sector that includes automobile manufacturers and aviation equipment manufacturers, while 46 incidents involved energy sector organizations, 25 involved water and wastewater systems and 23 involved transportation systems.
New Functionality of Malware Bankosy: Steal Passwords Through Voice Calls
The security company Symantec warned a year and a half ago about the infectiousness of Android.Bankosy malware since it was able to evade the two factor autentication (2FA) obtaining the bank passwords sent to users via conventional SMS. In this sense, security experts at Symantec have detected a new strain of this malware that is capable of stealing the passwords sent through voice calls generated by some modern 2FA systems.
Rest of the Week´s News
Firm Sues Cyberinsurer Over $480K Loss
A Texas manufacturing firm is suing its cyberinsurance provider for refusing to cover a $480,000 loss following an email scam that impersonated the firm’s chief executive. The insurer maintains that the scheme did not meet the criteria of "forgery of a financial instrument" signed as part of the issues covered in the commercial agreement.
NSA Says Surveillance Programme Meets Security Standards
The United States government’s updated program for gathering native people’s phone records has passed the muster as far as civil and privacy principles. The new structure, which was executed in November 2015, has been affirmed as conforming to eight protection shields, as per a report distributed by the Civil Liberties and Privacy Office of the National Security Agency.
Security Firm Sued For Filing “Woefully Inadequate” Forensics Report
A Las Vegas-based casino operator has sued security firm Trustwave for conducting an allegedly "woefully inadequate" forensics investigation that missed key details of a network breach. Some bad practices allowed credit card thieves to maintain their foothold during the course of the two-and-a-half-month investigation.