CyberSecurity Pulse 2016-05-26

CyberSecurity Pulse 2016-05-26

“The truth springs from arguments amongst friends.”
David Hume

Analyst Insight

Security and Defense Contractors Become the Central Focus

Swiss CERT has released details of an APT attack on Swiss defence organisations. Released in conjunction with defence contractor RUAG, the report outlines an attack of considerable ambition on the defence contractor itself as well as Swiss special forces unit, DRA10.

CyberSecurity Pulse 2016-05-19The attackers seem to have been able to steal very little data. According to RUAG, it amounted to less than 0.01 percent of the data managed by the company. They have stated that “no secret data was affected by the attack on RUAG”. However, the attack was apparently conducted “very professionally” according to the company.

Although ministries of defence and security agencies of each country are pretty concerned about cybersecurity by deploying the necessary measures to address their threats, the point is that contractors do not always have these levels of awareness. At this point, they are being targeted so as to undermine the security measures of their clients (in some cases, official organisations) and thus gain access to confidential information. In this sense, it is important to demand safety standards extended to the ontractors in a proportional way to the sensitivity of the material they deal with.

» More information at SC Magazine UK

Top Stories

Microsoft’s Approach to Terrorist Content Online

CyberSecurity Pulse 2016-05-19Terrorist attacks around the world have sparked intense discussion and debate about which is the best way to address the difussion of content on the Internet that is used to promote terrorist violence or recruit for terrorist groups. In this sense, Microsoft amended its terms of use to specifically prohibit the posting of “terrorist content” on its services and will invest in private-public partnerships to tackle the broader issue of terrorism. To achieve this goal, the firm has defined terrorist content as any material posted by, or in support of, organizations included on the Consolidated United Nations Security Council Sanctions List that depicts graphic violence, encourages violent action, endorses a terrorist organization or its acts, or encourages people to join such groups.

» More information at NBC News

Google Trust API Plans to Replace Your Passwords with Trust Score

CyberSecurity Pulse 2016-05-19The importance of increasing online security around personal information has risen due to the increase in cyberattacks and data breaches over recent years. The massive LinkedIn hack proves that people are absolutely awful at picking passwords. The data breach leaked 167 Million usernames and passwords online, out of which "123456" were used by more than 750,000 accounts, followed by "LinkedIn" (172,523 accounts), and "password" (144,458 accounts). In a typical authentication mechanism, two-factor verification is the second layer of security that is designed to ensure that you are the only person who can access your account, even if someone knows your password. But now Google also intends to use user's biometrics data to strengthen the second layer of authentication with a more trustworthy approach.

» More information at The Hacker News

Rest of the Week´s News

BoE Demands UK Banks to Step up Cybersecurity after Bangladesh Attack

Following the attack in February on the Central Bank of Bangladesh, the Bank of England (BoE) has issued an urgent call for all British banks to carry out a security review of any computer connected to the SWIFT network. In the attack launched three months ago, hackers were able to compromise £56 million in what is thought to be one of the largest bank robberies in history.

» More information at SC Magazine UK

Google Allo Engineer End Push for End-to-end Encryption by Default

A co-leader on Google's product security team has deleted part of a blog post in which he wished the Allo messenger app would provide end-to-end encryption by default. If it is the user's responsibility to deliberately turn on encryption by using the incognito mode, the critics have argued that most of them will never avail themselves of the protection that end-to-end encryption provides if it is turned off by default.

» More information at Ars Technica UK

E-Health Companies Have Seen a Growth in Cyberattacks

Last summer, deceptive emails began targeting employees at the Centers for Medicare and Medicaid Services. The messages were crafted to look like official business, but they actually were from attackers seeking agency passwords. The influx of spearphishing emails significantly increased during the months of 2015 June and July.

» More information at Nextgov

Further Reading

Ke3chang Is Back and It's Targeting Indian Embassies Around the Globe

» More information at Security Affairs

Cash Stolen from 15K ATMs in Japan

» More information at SC Magazine UK

Hacker in Jail for Reporting Police System Security Flaws

» More information at Zdnet