Cyberattack

Cyberattack / News Briefs

Mobile Malware Growing Exponentially, Limited Capability of Current Security Solutions Big Concern

Security analysis suggest troubling and escalating trends in the development of malware that exploits vulnerabilities on mobile devices. "From turning mobile devices into bots, to infiltration of mobile applications, driven by the use of personal devices in the workplace, cybercriminals are taking full advantage of this market," reports M86 Security Labs in its just released Threat Predictions Report.

EU and US Carry Out First Joint Cyber Security Exercise

The first joint cyber security exercise between the EU and US is being held today in Brussels, with the support of the EU's cyber security Agency ENISA and the US Department of Homeland Security. The day-long table-top exercise, named "Cyber Atlantic 2011", is using simulated cyber-crisis scenarios to explore how the EU and US would engage each other and cooperate in the event of cyber-attacks on their critical information infrastructures.

Reports of Possible Cyberattack in Palestine

According to reports today, hackers have attacked Palestinian servers, cutting off phone and Internet service across the West Bank and Gaza. Foreign governments are accused to be behind the attack. "Since this morning all Palestinian IP addresses have come under attack from places across the world," said the Palestinian communications minister today. Reneys reports these outages are the largest observed all year for this country, which normally has a fairly stable Internet.

Nitro Attacks Target the Chemical Industry

New security report has revealed at least 48 companies involved in research, development, manufacturing of chemicals and advanced materials have been victims of a coordinated cyberattack traced to a source in China. The purpose of the attacks, code named Nitro, appear to be industrial espionage, collecting intellectual property for competitive advantage, according to Symantec.

Duqu Reported as Precursor to a Future Stuxnet-Like Attack

Virus researchers at Symantec Corp. have revealed a variant of the Stuxnet worm, named Duqu, that is found to be stealing information about industrial control systems. Symantec reports: "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility... Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose."

Report on Today’s State of DNS Services

The Domain Name System, or DNS, has come a long way since its early days and the constant expansion of consumer activity and security concerns has raised further awareness about the critical role of the DNS. However, as the Yankee Group Research points out in a recent report, "there are more changes coming that are also raising the profile of DNS -- notably the move to cloud computing and the migration to IPv6." Suffice to say this is "Not Your Father's DNS". The report titled, "DNS: Risk, Reward and Managed Services" takes a fresh look at today's state of the DNS and the pros and cons of in-house, ISP and managed service provider DNS management options.

OPTA revokes Diginotar License as TTP

Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones.

New Research Reveals 56% Rise in Cost of Cybercrime

New research indicates cyberattacks increasingly plague businesses and government organizations, resulting in significant financial impact, despite widespread awareness. Conducted by the Ponemon Institute, the Second Annual Cost of Cyber Crime Study revealed that the median annualized cost of cybercrime incurred by a benchmark sample of organizations was $5.9 million per year, with a range of $1.5 million to $36.5 million each year per organization. This represents an increase of 56 percent from the median cost reported in the inaugural study published in July 2010.

US Department of Transportation Seeking Help for Motor Vehicle Cybersecurity Safeguards

The U.S. Department of Transportation (USDOT), Research and Innovative Technology Administration (RITA) and Volpe National Transportation Systems Center (Volpe Center), today released a Request for Information (RFI) seeking to obtain informed views on the "perceived needs, prevailing practices, and lessons learned concerning the cybersecurity and safety of safety-critical electronic control systems used in various modes of transportation and other industry sectors."

Automated Web Application Attacks Can Peak at 25,000 an Hour

Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to the newly released Imperva Web Application Attack Report. Report also notes that when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second.

US, India Sign Cybersecurity Agreement

The United States and India signed a Memorandum of Understanding (MOU) today to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cybersecurity, according to U.S. Department of Homeland Security. "The MOU was signed in New Delhi by Jane Holl Lute, Deputy Secretary for the U.S. Department of Homeland Security (DHS) and R. Chandrashekhar, Secretary, India Department of Information Technology."

Researchers Use Social Graphs to Detect Spammers, Attackers

A project named S-GPS or Spammer Global Positioning System, by Microsoft researchers uses spammer identification rather than spam identification to identify zombie-based spammers.

Internet Groups Inaugurate First of Three Cyber Security Facilities

ICANN and internet exchange firm Packet Clearing House (PCH) have joined forces with Infocomm Development Authority of Singapore (IDA) and the National University of Singapore (NUS) to launch the first of three facilities designed to boost the adoption of Domain Name System Security (DNSSEC) among country code Top-Level Domains (ccTLDs). The three new facilities, located in Singapore; Zurich, Switzerland (still under construction) and San Jose, California, provide cryptographic security using the recently deployed DNSSEC protocol.

US New Cybersecurity Strategy Includes Military Option

Defense Systems reports: "The U.S. government's sweeping new cybersecurity strategy announced May 16 states that the country will respond to a major cyberattack using any or all of the means at its disposal, reports the Associated Press. Although military response to a cyberattack is one of the options listed in the International Strategy for Cyberspace, it will be considered only as a last resort, officials said."

Escalating US, Chinese Silent War on the Internet

Jason Mick reporting in DailyTech: "In the definitive cyberpunk novel Neuromancer, published in 1984, author William Gibson prophetically envisioned that wars of the future would be fought over the internet -- a new construct at the time. Today that prediction appears on the verge of coming true as we stand on the threshold of a vast digital battle. Agents in China, believed to be working for, or endorsed by the Chinese federal government are carrying out a secret cyberwar against the U.S. government and U.S. businesses. And that war appears to be escalating."