Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

News This Week

 

NEWS THIS WEEK: Ransomware worm spreads globally; Apple, Cisco partner on systems to lower cyber insurance costs; British navy ships vulnerable to cyber attack

By Byron V. Acohido

In the news this past week, companies worldwide struggled to recover after a wave of powerful cyber attacks crippled computer systems in Europe, Asia and the United States with a virus similar to the global ransomware assault in May that infected computers. Researchers at Kaspersky Lab said a regional Ukrainian website was hacked and used to distribute the ransomware, which attacked around 2,000 users across the globe. The company said that its preliminary findings suggest the malware is a new kind of ransomware not seen before. The virus downed systems at the site of the former Chernobyl nuclear power plant in Ukraine, forcing scientists to manually monitor radiation levels. Danish shipping giant A.P. Moller-Maersk said it was working to restore its operations. In the United States, pharmaceutical giant Merck reported that its computer network was compromised. France’s biggest bank, BNP Paribas, said that its real estate unit was hit. Jens Stoltenberg, Nato secretary general, said alliance members agreed last year that a cyber attack could trigger Article 5, the mutual defense clause, in the same way as a conventional military assault. Sources: The Washington Post; The (United Kingdom) Telegraph

British parliament deals with aftermath of email hack

Staff at the U.K. Parliament remain hampered after a cyber attack that compromised about 90 lawmakers’ email accounts. To prevent the attackers from gaining access to vital data, Parliament has limited the ability of members to access the Legislature’s computer network remotely. Source: Bloomberg

Breach notification rules expected to be part of defense bill

Lawmakers are expressing confidence that this year’s defense policy bill will include a measure requiring that the defense committees be notified within 48 hours of a sensitive military cyber operation. The measure is intended to boost congressional oversight of the Pentagon’s sensitive cyber operations. Source: The Hill

Apple, Cisco hope arrangement lowers insurance costs

Apple is working with Cisco to help businesses that primarily … more

NEWS THIS WEEK: Republican contractor exposes voter records; California seeks stiffer data privacy law; Florida schools hacked

By Byron V. Acohido

In the news this past week, Girl Scouts can start earning cybersecurity badges next year, thanks to an effort by the Girl Scouts of America and cybersecurity firm Palo Alto Networks. “We surveyed a lot of girls,” Girl Scouts CEO Sylvia Acevedo said. “In those evaluations, girls repeatedly said they wanted more computer science, and they were really interested in cybersecurity in terms of protecting themselves online. Bullying is a big issue. Also figuring out hackathons, they wanted to do that as well.” The badges will be available in fall 2018. There will be 18 unique badges, for Scouts from the Daisy level (who can be as young as 5 years old) all the way up to Ambassadors (18 years old). The suite of cybersecurity badges are intended to teach girls how to stay safe online and to encourage them to take jobs in the cybersecurity industry, where women are underrepresented. The Girl Scouts have been rolling out new badges for a number of STEM fields in response to high demand from girls in the program. Source: Gizmodo

Data breach losses on the decline worldwide, but not in the U.S.

Financial losses from data breaches may be starting to drop: The average cost of a data breach worldwide is now $3.62 million, down 10 percent from last year, according to a study from IBM Security and the Ponemon Institute. This marks the first decline measured since the global study was instituted. Data breaches cost companies an average of $141 per lost or stolen record, the report found. In the United States, the average cost of a breach increased 5 percent this year, to $7.35 million. Source: Tech Republic

Contractor for Republicans exposed 200 million voters’ information

Data analytics contractor Deep Root Analytics, which was employed by the Republican National Committee, left databases containing information on nearly 200 million potential voters exposed to the internet without security, … more

NEWS THIS WEEK: Russia’s hacking of U.S. election runs deep

By Byron V. Acohido

In the news this past week, Russia’s cyber attack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state, accessed a campaign finance database. In all, the Russian hackers hit systems in a total of 39 states. The scope and sophistication so concerned Obama administration officials that they took an unprecedented step—complaining directly to Moscow over a modern-day “red phone.” The White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict. Source: Bloomberg

Cyber weapons

Hackers allied with the Russian government have devised a cyber weapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life, according to U.S. researchers. The malware, which researchers have dubbed CrashOverride, is known to have disrupted an energy system in Ukraine in December. Hackers briefly shut down one-fifth of the electric power generated in Kiev. Source: Washington Post

Municipal debt

A rise in cyber attacks on U.S. public sector targets is beginning to be felt in the $3.8 trillion municipal debt market. S&P Global has begun to quiz states, cities and towns about their cyber defenses, and some credit analysts are starting to factor cybersecurity when they look at bonds. Moody’s Investors Service is also trying to figure out how to best evaluate cyber risk. Source: Reuters

Middle Eastern nations

U.K. defense giant BAE Systems has made large-scale sales across the Middle East of sophisticated surveillance technology. These sales … more

NEWS THIS WEEK: Details of Russia’s election hacking emerge; ‘Fireball’ infects 250 millions PCs; American travelers may get phones confiscated

By Byron V. Acohido

In the news this week, Russian military intelligence executed a cyber attack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to an intelligence report. The top-secret National Security Agency document analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document. Source: The Intercept

FBI looks into potential hack of Trump Organization, questions president’s sons

The FBI is investigating an attempted overseas cyber attack against the Trump Organization, summoning President Trump’s sons, Don Jr. and Eric, for an emergency session with the bureau’s cybersecurity agents and representatives of the CIA. Law enforcement officials confirmed the attempted hack and said the subsequent meeting took place at the FBI’s New York headquarters on May 8, the day before Trump fired FBI director James Comey. “We absolutely weren’t hacked,” Eric Trump said. Source: ABC News

Fireball malware might be on up to 250 million PCs

Security firm Check Point counts 250 million PCs infected with malicious code they’ve called Fireball, designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. Check Point says it found that the malware also has the ability to remotely run any code on the victim’s machine, or download new malicious files. Source: Wired

Companies, organizations plan rally to back net neutrality

Amazon, the American Civil Liberties Union, Greenpeace and other tech companies and organizations are planning a day of action July 12 … more

NEWS THIS WEEK: Is cyber insurance too pricey?; IBM, Cisco are models for sharing intelligence; Hillary ties Donald to Russian election interference

By Byron V. Acohido

In the news this week, Chipotle customers nationwide might have had their credit card information stolen as part of a recent hack, the company said. The company’s investigation revealed that hackers used malware created with the intent to gain access to customer card info at various Chipotle locations from March 24 through April 18. The software specifically searched for “track data,” which can include a customer’s name, card number, expiration date and the internal verification code. It gained the information by reading each card’s magnetic strip. Chipotle said that “there is no indication that other customer information was affected.” A complete list of Chipotle locations that the hack affected can be viewed in the online database, which includes the times and locations of suspected incidents. Source: WTVJ, Miami

National Medicaid insurer Molina closes online portal amid breach fears

Molina Healthcare, a major insurer in Medicaid and state exchanges across the country, shut down its online patient portal as it investigates a potential data breach that may have exposed sensitive medical information. The company said that it closed the online portal for medical claims and other customer information while it examined a “security vulnerability.” It’s not clear how many patient records might have been exposed and for how long. The company has more than 4.8 million customers in 12 states and Puerto Rico. Source: The Long Beach, Calif., Press Telegram

Safer Medicare cards on the way starting next year

The government is on track to meet a 2019 deadline for replacing Social Security numbers on Medicare cards with randomly generated digits and letters to protect seniors against identity theft. Beneficiaries and their families should start seeing changes next April when the agency will mail new cards to more than 57 million elderly and disabled beneficiaries. Source: The Associated Press via WMAR, Baltimore

University of Alaska gets a hard lesson in phishing risks

Approximately 25,000 students, staff and … more