Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Imminent threats

 

ROUNDTABLE: The significance of the ‘Onliner’ spambot leaking 711 million emails

By Byron V. Acohido

A spambot, referred to as Onliner, has been discovered delivering a malicious banking Trojan. What’s worse, the spammers behind Onliner inadvertently exposed some 711 million email addresses held in their possession.

Some context is needed to grasp the significance of this. Consider that spambots have been around for a long time. For the most part, garden-variety spambots are a huge nuisance, designed to carry out a two-stage mission. First, a spambot crawls the internet seeking out email addresses from websites, news group postings and chat-room conversations, and from this crawling activity it compiles a gargantuan mailing list. Next, a spambot blasts out email pitches for all manner of sketchy products and services.

Related video: Scammers take …more

PODCAST: What senior executives need to understand about the global threat landscape

By Byron V. Acohido

While many organizations take cybersecurity seriously, there generally remains a great need for companies and agencies to think more deeply and comprehensively about network security.

That’s a top-line summary of a wide-ranging discussion I had at Black Hat 2017 in Las Vegas with Peter Alexander, chief marketing officer for Check Point Software. Below is a summary of some specific takeaways. (For a deeper drill down, take a few minutes to listen to the accompanying podcast.)

Big picture: Deter, detect, defend, debug

“There is still a perception that security is almost like insurance,” Alexander told me. “But the key difference with security is that it’s not for something that might happen; it’s for something that you know is …more

INFOGRAPHIC: Data breaches, vulnerabilities spike in first half of 2017

By Rodika Tollefson

For the most part, year-to-year this century, statistics about data breaches have steadily grown worse, and 2017 is no exception. The magnitude of data breaches is on track to exceed last year, based on a recent report by Risk Based Security Inc.

Already, in the first six months of 2017, more than 6 billion records have been exposed in 2,227 reported data breaches, according to Risk Based Security. This compares to just under 1.5 billion exposed records in 2,316 reported incidents during the first half of last year.

INFOGRAPHIC: Network defenses continue to exhibit myriad cracks

If the pace continues, this year can easily surpass 2016, which saw 4,149 reported breaches that …more

MY TAKE: Why Petya, WannaCry signal much worse cyber attacks to come

By Byron V. Acohido

The go-forward implications of the Petya “wiper” attack, coming on the heels of the WannaCry ransomware worm, are profound.

The cybersecurity community has moved quickly to blunt variants of both WannaCry and Petya. But this is only the beginning. Here is a summary of takeaways, with a few dots connected.

Related article: Companies, Uncle Sam hit snooze on WannaCry, Petya

Ukraine wild card. Petya hit with a vengeance locking up business systems globally on June 27;  the attackers demanded a $300 payment in Bitcoin for a decryption key. Ukraine bore the brunt; its central bank, state telecom, metro and airport took broadsides. Danish shipping giant Maersk, Russian oil company Rosneft, U.S. drug company Merck and the U.S. law firm DLA Piper were …more

PODCAST: Former White House CIO — companies need cyber defense strategy

By Byron V. Acohido

Theresa Payton honed her cybersecurity skills as the White House’s first female chief information officer, under President George W. Bush. Payton is now president and CEO of cybersecurity consulting company Fortalice Solutions. I had the chance to interview her at the recent Enfuse 2017 cybersecurity conference in Las Vegas.

We discussed how digital attacks have increased, what strategies embattled organizations should embrace and why über-competitive tech security vendors need to learn to share threat intelligence more readily. Here are a few top takeaways:

DIY hacking increases When Payton was at the White House, she says cyber criminals and terrorists had to have skill and talent to break into digital systems. Now, with emerging technologies, “it’s never been easier and …more

Q&A: Why WannaCry signals a coming wave of nation-state cyber weapon hacks

By Byron V. Acohido

Companies would be remiss to downplay the profound implications of last month’s headline-grabbing WannaCry ransomware attack.

WannaCry was a mere harbinger; the tip of the iceberg. WannaCry happened a few weeks after the Shadow Brokers hacking collective stole dozens of the National Security Agency’s ace-in-the-hole hacking tools.

Shadow Brokers futilely tried to sell these cyber weapons piecemeal. But after getting no takers, publicly released them. Someone then quickly snapped up two of the free spy tools—code named EternalBlue and DoublePulsar—and whipped up WannaCry, which spread, in a matter of days, into government, utility and company networks in 150 countries.

Related article: Why insecure software is the root of all problems

The initial version of WannaCry proved …more

MY TAKE: Remember Conficker? WannaCry revives self-spreading worms – with nasty twists

By Byron V. Acohido

The landmark WannaCry ransomware attack, I believe, may have been a proof of concept experiment that inadvertently spun out of control after it got released prematurely.

But now that it’s out there, WannaCry signifies two developments of profound consequence to company decision-makers monitoring the cybersecurity threat landscape:

• It revives the self-propagating internet worm as a preferred way to rapidly spread new exploits, machine to machine, with no user action required.

• It lights up the cyber underground like a Las Vegas strip billboard, heralding a very viable style of attack. WannaCry already has begun to spur hackers to revisit self-spreading worms, an old-school, highly invasive type of attack.

The unfolding “kill switch” subplot supports my analysis. First a recap: WannaCry is an exploit …more