CyberSecurity Pulse 2016-05-19

CyberSecurity Pulse 2016-05-19

“Imagination is more important than knowledge. For knowledge is limited to all we now know and understand, while imagination embraces the entire world, and all there ever will be to know and understand.”
Albert Einstein

Analyst Insight

Discrepancies to Decide Which Companies Will Be Subject to the New European Legislation on Cybersecurity

Last Tuesday each State Member of the European Union adopted a new directive on cybersecurity in order to boost the digital single market, one of the main objectives of the European Commission. Trust and security are its bases taking into account that millions of EU citizens rely on the Internet for ever more services, from e-government and healthcare to online shopping and social networks. But the digital world is vulnerable: cybersecurity incidents, from technical failures to malicious attacks, are increasing at an alarming pace.

CyberSecurity Pulse 2016-05-12This directive, proposed by the Commission in 2013 and currently in the final stages of negotiations, aims to ensure a series of shared cybersecurity standards in the EU by improving the cybercapabilities, the cooperation, the adoption of risk management practices and the report of major incidents to the national authorities, with special emphasis on energy, transport, banking and health sectors.

However, the issues related to which digital service providers will be included in the law has been the sticking point in its development. In this sense, we will have to wait to see how each country draws up the list of the affected companies and how the election of the "objectively quantifiable criteria" that will determine which organizations will be subjected to the law is performed.

» More information at European Commission

Top Stories

SWIFT Washed Its Hands Off Banks Cybersecurity Measures

CyberSecurity Pulse 2016-05-12The Cyber Act of War of 2016 would require the President of the United State to develop a policy to determine whether a cyberattack constitutes an act of war. The bill requires the White House to compare how a cyberattack may be equivalent to conventional weapons in destruction of causalities when evaluating the attack as an act of war. “Cyberattacks on our critical infrastructure are capable of impacting our entire economy and causing significant destruction. This legislation would require the executive branch to define which of these actions constitute a cyberact of war, which would allow our military to be better able to respond to cyberattacks", the United States Senator Rounds said in a statement.

» More information at NBC News

Lack of Trust in Internet Security May Deter Economic and Other Online Activities

CyberSecurity Pulse 2016-05-12Online privacy or security concerns have stopped millions of people in the United States from using the internet to pay bills, shop or post on social media, according to a large government survey. The data from the National Telecommunications and Information Administration (NTIA) found that 29 percent of homes surveyed had not conducted financial transactions online because of privacy or security concerns. Thus, the Administration wrote in a blog post that "NTIA will continue to analyze relevant data, as well as potential policies that could help build trust in the Internet and stimulate the free flow of information and commerce online".

» More information at NTIA

Rest of the Week´s News

One Million Computers Hacked for Making Big Money from Google AdSense

A group of cyber criminals has infected as much as one million computers over the past two years with a piece of malware that hijacks search results pages. The Redirector.Paco Trojan drops JavaScript files that downloads and implements a PAC (Proxy Auto Configuration) file that hijacks all Web traffic, ensuring traffic routes through an attacker-controlled server so as to earn money from the AdSense program.

» More information at The Hacker News

Skimer Malware Is Now Used to Target ATMs

Security experts at Kaspersky Lab have spotted a new strain of the malware dubbed ‘Skimer’ (Backdoor.Win32.Skimer). Skimer is an old threat that has been around since 2009, it is used by criminal organizations to steal money and payment card data from ATMs.

» More information at Security Affairs

Hacker puts up 167 Million LinkedIn Passwords for Sale

In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details were posted online by a Russian hacker. However, now new reports suggest that a total 167 Million LinkedIn accounts were breached instead of just 6 million, leaving them on sale in a Dark Web marketplace for 5 bitcoins.

» More information at The Hacker News

Further Reading

Hacking Team Hacker Steals €10K in Bitcoins

» More information at Ars Technica UK

Runkeeper Acknowledges Location Data Leak

» More information at Ars Technica UK

Vietnam Bank Thwarts $1.1 Million Heist

» More information at The Hill