CyberSecurity Pulse 2016-12-22

CyberSecurity Pulse 2016-12-22

“Things don’t have to change the world to be important.”
Steve Jobs

Analyst Insight

GCHQ Must Do More to Protect UK Banks From Hacking Attacks

Britain's financial sector needs more protection from the security services against the ever-growing threat of cyberattacks, the influential treasury committee has warned. Ciaran Martin, the head of the National Cyber Security Centre (NCSC), which is an offshoot of GCHQ set up in October, was told in a letter from a Tory Member of Parliament and the panel's chair Andrew Tyrie that the "lines of accountability between relevant authorities" were literally "opaque".

CyberSecurity Pulse 2016-12-22Tyrie said that the UK disproportionately relies on its banking sector for revenues, and warned that it is especially vulnerable due to a combination of "legacy systems, human error, and deliberate attack". On Monday, he said: "It is essential that the intelligence community gives the regulators the technical and practical support they need to do their job. This means making sure that financial cybercrime has a high priority, and is not subordinate to other work. Failure to do so would inhibit the ability of financial institutions to maintain an adequate level of protection for millions of consumers".

Tyrie recommended "a single point of responsibility for cyber risk in the financial services sector". It may "be necessary to create a line of accountability to the treasury for financial cybercrime", he added, but "any new arrangements would need to respect the current statutory responsibilities of the financial regulators". Cybersecurity has become a priority in many countries and this has involved new organizations dedicated to the protection of cyberspace. However, the threat is so important and applies to so many sectors that a bad coordination among agencies could imply a duplication of capabilities.

» More information at National Cyber Security Centre

Top Stories

Vulnerabilities Have Been Found in In-flight Entertainment Systems

CyberSecurity Pulse 2016-12-22Security experts at IOActive has released a research detailing cybersecurity vulnerabilities in Panasonic Avionics' In-Flight Entertainment (IFE) systems which are known to be used by a number of major airlines, including Emirates, United, Virgin and American. The vulnerabilities could allow cybercriminals to hijack passengers' in-flight displays and, in some instances, access their credit card information. An attacker may even be able to gain access to part of the airliner's IT infrastructure if the system hasn't been configured properly.

» More information at SC Magazine UK

Stingray Use Could Be Unconstitutional

CyberSecurity Pulse 2016-12-22Use of cell-phone spying technology Stingray has become widespread among U.S. law enforcement agencies and should be better regulated, according to a new congressional report. Not only is the FBI deploying the technology but so are state and local police. There are concerns that some law enforcement agencies have used Stingrays without securing search warrants, said the report from House Committee on Oversight and Reform, published on last Monday. "Absent proper oversight and safeguards, the domestic use of cell-site simulators [Stingrays] may well infringe upon the constitutional rights of citizens to be free from unreasonable searches and seizures", it said.

» More information at U.S. House

Rest of the Week´s News

US Voting Machine Certification Agency Probes Potential Hack

Recorded Future said someone was offering log-on credentials for access to computers at the US Election Assistance Commission (EAC) in underground cybermarkets earlier this month. It reported that Rasputin cyberidentity had sent it a systems status report page as evidence that he had obtained access to EAC's backend systems.

» More information at The Register

Skype Backdoor Missed by Microsoft Development Team

The discovery of what appears to be backdoored code mistakenly forgotten by the development team, in Skype for Mac OS X will be an embarrassment for new owners Microsoft. It could, however, have been far more troubling for users as the code also enabled access to personal content including contacts, chat logs and recordings.

» More information at SC Magazine UK

Mobile Banking Trojan Now Has Encryption and Is Targeting Over 2,000 Apps

Security experts at Kaspersky Lab have discovered a modification of the mobile banking Trojan, Faketoken, which can encrypt user data. Kaspersky Lab has detected several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016.

» More information at SC Magazine UK

Further Reading

Ukrainian Electric System Reportedly Attacked Again

» More information at Interfax

Turkey's Akbank Faces $4 Million Hit From Attempted Cyberheist

» Más información at Reuters

LinkedIn's Resets 55,000 Passwords After Data Breach

» Más información at Ars Technica UK