CyberSecurity Pulse 2016-12-22
|“Things don’t have to change the world to be important.”|
GCHQ Must Do More to Protect UK Banks From Hacking Attacks
Tyrie said that the UK disproportionately relies on its banking sector for revenues, and warned that it is especially vulnerable due to a combination of "legacy systems, human error, and deliberate attack". On Monday, he said: "It is essential that the intelligence community gives the regulators the technical and practical support they need to do their job. This means making sure that financial cybercrime has a high priority, and is not subordinate to other work. Failure to do so would inhibit the ability of financial institutions to maintain an adequate level of protection for millions of consumers".
Tyrie recommended "a single point of responsibility for cyber risk in the financial services sector". It may "be necessary to create a line of accountability to the treasury for financial cybercrime", he added, but "any new arrangements would need to respect the current statutory responsibilities of the financial regulators". Cybersecurity has become a priority in many countries and this has involved new organizations dedicated to the protection of cyberspace. However, the threat is so important and applies to so many sectors that a bad coordination among agencies could imply a duplication of capabilities.
Vulnerabilities Have Been Found in In-flight Entertainment Systems
Security experts at IOActive has released a research detailing cybersecurity vulnerabilities in Panasonic Avionics' In-Flight Entertainment (IFE) systems which are known to be used by a number of major airlines, including Emirates, United, Virgin and American. The vulnerabilities could allow cybercriminals to hijack passengers' in-flight displays and, in some instances, access their credit card information. An attacker may even be able to gain access to part of the airliner's IT infrastructure if the system hasn't been configured properly.
Stingray Use Could Be Unconstitutional
Use of cell-phone spying technology Stingray has become widespread among U.S. law enforcement agencies and should be better regulated, according to a new congressional report. Not only is the FBI deploying the technology but so are state and local police. There are concerns that some law enforcement agencies have used Stingrays without securing search warrants, said the report from House Committee on Oversight and Reform, published on last Monday. "Absent proper oversight and safeguards, the domestic use of cell-site simulators [Stingrays] may well infringe upon the constitutional rights of citizens to be free from unreasonable searches and seizures", it said.
Rest of the Week´s News
US Voting Machine Certification Agency Probes Potential Hack
Recorded Future said someone was offering log-on credentials for access to computers at the US Election Assistance Commission (EAC) in underground cybermarkets earlier this month. It reported that Rasputin cyberidentity had sent it a systems status report page as evidence that he had obtained access to EAC's backend systems.
Skype Backdoor Missed by Microsoft Development Team
The discovery of what appears to be backdoored code mistakenly forgotten by the development team, in Skype for Mac OS X will be an embarrassment for new owners Microsoft. It could, however, have been far more troubling for users as the code also enabled access to personal content including contacts, chat logs and recordings.
Mobile Banking Trojan Now Has Encryption and Is Targeting Over 2,000 Apps
Security experts at Kaspersky Lab have discovered a modification of the mobile banking Trojan, Faketoken, which can encrypt user data. Kaspersky Lab has detected several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016.