CyberSecurity Pulse 2016-01-21

CyberSecurity Pulse 2016-01-21

Analyst Insight

Insecurity in IoT, the Main Challenge in 2016

The forecasts conducted by several cybersecurity companies agree about how the Internet of Things (IoT) will be the main workhorse in 2016. Enterprises are dealing with IoT as an integral part of their blueprint by developing from nowadays digital business models to fit the upcoming digitisation of the entire value chain, without leaving apart the fact that the wearable adoption is rising rapidly in the consumer space. However, significant advances in edge computing, networks, Big Data and analytics are still required for this truly disruptive technology to shape the future.

ciber1On the other hand, Cybercrime remains a growth industry. There is a growing trend of aggression in many cyber-attacks specially linked to the use of extortion, whether it is through ransomware or by the threat of performing Distributed Denial of Service (DDoS) attacks. The easy access to products and services related to cybercrime allows to launch attacks of a scale and scope disproportionate in terms of risks, costs and profits. In any case, 2015 was a year in which the leaks have grabbed many headlines with hundreds of attacks and leaks of high impact. The perception of the growth of this kind of attacks is not being evaded by Governments, which are considering the obligation to report the incidents as a response to how personal data have become prime targets of cybercrime. It will be necessary to find an alignment between business and security forces in order to enhance research and response to these incidents.

Top Stories

Cyberattacks on Critical Manufacturing Doubled in 2015

ciber2According to a report from the US Department of Homeland Security's (DS's) Industrial Control System Computer Emergency Response Team (ICS-CERT), DHS investigated nearly twice as many critical manufacturing sector incidents between October 1, 2014 and September 30, 2015 as it did during the previous fiscal year. 97 out of the 295 incidents ICS-CERT investigated, involved organizations in the critical manufacturing sector that includes automobile manufacturers and aviation equipment manufacturers, while 46 incidents involved energy sector organizations, 25 involved water and wastewater systems and 23 involved transportation systems.

» More information at The Hill

New Functionality of Malware Bankosy: Steal Passwords Through Voice Calls

ciber3The security company Symantec warned a year and a half ago about the infectiousness of Android.Bankosy malware since it was able to evade the two factor autentication (2FA) obtaining the bank passwords sent to users via conventional SMS. In this sense, security experts at Symantec have detected a new strain of this malware that is capable of stealing the passwords sent through voice calls generated by some modern 2FA systems.

» More information at The Register

Rest of the Week´s News

Firm Sues Cyberinsurer Over $480K Loss

A Texas manufacturing firm is suing its cyberinsurance provider for refusing to cover a $480,000 loss following an email scam that impersonated the firm’s chief executive. The insurer maintains that the scheme did not meet the criteria of "forgery of a financial instrument" signed as part of the issues covered in the commercial agreement.

» More information at Krebs on Security

NSA Says Surveillance Programme Meets Security Standards

The United States government’s updated program for gathering native people’s phone records has passed the muster as far as civil and privacy principles. The new structure, which was executed in November 2015, has been affirmed as conforming to eight protection shields, as per a report distributed by the Civil Liberties and Privacy Office of the National Security Agency.

» More information at Security Affairs

Security Firm Sued For Filing “Woefully Inadequate” Forensics Report

A Las Vegas-based casino operator has sued security firm Trustwave for conducting an allegedly "woefully inadequate" forensics investigation that missed key details of a network breach. Some bad practices allowed credit card thieves to maintain their foothold during the course of the two-and-a-half-month investigation.

» More information at Ars Technica