CyberSecurity Pulse 2016-11-24

CyberSecurity Pulse 2016-11-24

“When you do what you fear most, then you can do anything.”

Analyst Insight

90% of the Most Critical Cyberattacks in Spain Come From Other Governments

The National Cryptological Center (abbreviated to CCN in Spanish) is an organization within National Intelligence Center (CNI) with the objective of protecting the networks and information systems of the Spanish Administration. In a recent report, it has ensured that about 90% of cyberattacks classified as critical suffered by public bodies or strategic Spanish companies are supposed to come from foreign governments. Even, most of them could come from China, Russia, Eastern Europe and the United States according to this report.CyberSecurity Pulse 2016-11-24In this report published by the Spanish intelligence service, it has also been stated that along with cyberspionage, cyberyihadism is one of the threats that this organization thinks that may have a major rebound in the near future. It also warns about to what extent the “ISIS’s cybercapabilities are not that sophisticated but we expect that cyberattacks will be more and more destructive in the upcoming years”.

Undoubtedly, the increase of the exposure area due to the growth of IoT will cause an increase in attacks and the appearance of new cybercriminal attacks as long as manufacturers do not internalize the concepts of security by design and security by default. However, what it is not so clear, is to what extent we are capable of stablishing a real attribution of certain criminal acts taking into account the amount of techniques that can be carried out on the network to perpetrate false flag attacks and disguise the authorship. Can we really be that sure of who is our enemy?

» More information at El País

Top Stories

DOJ Defends New Warrant Rule for Computer Searches

CyberSecurity Pulse 2016-11-24The Department of Justice is defending controversial changes to the rule of evidence that would allow officials to look for computers that are masking their real location. Assistant Attorney General Leslie R. Caldwell argues that updates to Rule 41 of the federal rules of criminal procedure are necessary to keep pace with changing technology. “While most changes were for the better, some technologies enable new forms of crime and victimization that would have been difficult to imagine not that long ago”, she said. Updates to Rule 41 were approved by the Supreme Court and, without congressional action, will take effect in December.

» More information at The Hill

Akamai’s Study Backs IoT/DDoS Concerns

CyberSecurity Pulse 2016-11-24A new report relseased by Akamai supports concerns that the massive distributed denial-of-service attack on internet services provider Dyn and other famous websites held in September and October has defined a significantly dangerous milestone for cybersecurity. “Every couple of years the industry faces what could be considered harbinger attacks, where the size and scope of a security event are radically different than what has come before,” said Martin McKeay, senior security advocate at Akamai and senior editor of the report, in a statement. “I believe the industry faced its latest harbinger with the Mirai botnet”. The vulnerability of internet-of-things devices and the attack on Dyn has forced the National Institute of Standards and Technology to accelerate the release of its updated guidance on how to develop secure systems so as to encourage device and systems makers to incorporate security since the very beginning of the product design phase.

» More information at FCW

Rest of the Week´s News

WordPress Plugins Could Expose Online Shoppers on Black Friday and Cyber Monday

The Black Friday and the Cyber Monday are upon us and security experts from Checkmarx are questioning the security of some of the top WordPress e‑commerce plugins that are currently used in more than 100,000 commercial websites. Checkmarx analyzed the top 12 WordPress e‑commerce plugins discovering that four of them are affected by severe vulnerabilities, including reflected cross-site scripting, SQL injection, and file manipulation flaws.

» More information at Security Affairs

Vulnerable ATM Machines Are Spitting Out Cash on Demand

Cybersecurity firm Group IB has released a report on a hacker group named Cobalt are ransacking ATMs throughout Europe. The report details how, using malicious software which is unique to the group and triggered using mobile phones, the group is able to force ATMs to essentially spit out cash. Cobalt has carried out this attack in 14 different countries including Russia, the UK, the Netherlands and Malaysia.

» More information at SC Magazine UK

An Android Phone Hardened for Privacy Designed by The Tor Project

The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone. The device is an Android phone designed with privacy and security in mind. To protect the user’s privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. The prototype only works on Google Nexus and Pixel hardware.

» More information at Ars Technica UK

Further Reading

Locky Ransomware Spread Via SVG Images on Facebook Messenger

» More information at Security Affairs

Three Mobile Confirms a Data Breach

» Más información at ZDNet

Qualcomm Launches Bug Bounty Programme

» Más información at TechWeekEurope UK