Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#privatemail’

hackers-cybercriminals-kris-fenton-under-attack

Old Data Breaches With Personal Information Led To New Cyber Attacks

July 22, 2016

Old breaches led to new breaches as cybercriminals’ ability to use and monetize personal information rose significantly across all industries.
Past cyber-attacks and the tools used to carry them out have led to new breaches, according to key findings in a new mid-year trend report by cyber threat intelligence provider, SurfWatch Labs. In a study of cybercrime events that occurred in the first half of 2016, the stockpile of personal information garnered from old data breaches led to new compromises and lucrative payoffs for cyber criminals.
“When LinkedIn announced in May of this year that their 2012 breach actually impacted 100 million more users than originally thought, other organizations began to see data breaches they attributed to the LinkedIn compromise, widespread password reuse by users and remote access software from services such as GoToMyPC, LogMeIn, and TeamViewer,” said Adam Meyer, chief security strategist, SurfWatch Labs. “Other breached organizations only widened the pool of information available to be stockpiled by bad actors.”
No industry was left untouched, and the tactics used were not new or sophisticated, according to the report that offers a breakdown of industries targeted, the effects of cybercrime and the tactics criminals employed.
SurfWatch Labs collected cyber event activity from thousands of open and Dark Web sources and then categorized, normalized and measured the data for impact based on their CyberFact information model. Highlights from the SurfWatch Labs Cyber Risk Report: 2016 Mid-Year Review include:
• IT and global government were the most targeted industries. Of all the CyberFacts analyzed, the information technology industry was hit the hardest in the first half of 2016. Microsoft was second behind LinkedIn as the top target. After IT, the government sector had the highest number of publicly discussed cybercrime targets, led by a breach at the Commission on Elections in the Philippines.
• The consumer goods sector made up the largest share of industry targets with information bought, sold or otherwise discussed on the dark web.
• Credentials theft is on the rise. Credentials stolen/leaked appeared in 12.7% of the negative CyberFacts in the first half of 2016, up from 8.3% in all of 2015. That rise is driven by massive credential breaches such as LinkedIn, which was the most talked about event over the period.
• Ransomware and extortion are the methods of choice. The first half of 2016 saw a significant spike in ransomware and extortion as researchers, organizations, and government officials scrambled to deal with the growing and costly problem of data or services being held hostage.
“Our research indicates the familiar cadence of ‘we were breached by a sophisticated attack but it has now been contained’ actually contradicts what has really happened so far this year,” said Meyer. “By understanding what the bad guys are up to, we can make better informed forecasts of how cybercrime will impact organizations going forward and therefore what should be done to reduce risk in the future.”

Tags: , , , , , ,

Web threat

Call For Government, Industry To Share More On Cybersecurity Threats

July 18, 2016

The federal government and industry have been urged to work together to share information on cyber security threats and attacks to counter the increasing sophistication of cyber adversaries.
According to security vendor Palo Alto Networks’ APAC chief security officer, Sean Duca, the threat landscape in Australia, and around the world, is not abating and those looking to penetrate security are becoming more sophisticated, sharing tools, exploits and attack methods, and automating their processes. “In doing so, they have achieved a clear competitive advantage in cyberspace and are eroding trust in today’s digital age.”
Duca urged the federal government, with industry, to quickly put into action the recommendations for greater cyberthreat information sharing laid out in the government’s new Cyber Security Strategy announced in April.
“Cybersecurity threat information sharing within and across industries and with the public sector must be embraced by everyone. The faster organisations can share information, the better we can serve to protect each other and push the cost back to the adversary.
“Until the public and private sectors truly collaborate to build systemic information sharing partnerships, it’s like we’re combatting our adversaries with technological weapons that have no ammunition.”
According to Duca, cybersecurity provides longevity to a business and can help differentiate the business from its competitors – “for both good and not so good reasons”.
“Organisations, both in the public and private sector, need to have strong cybersecurity fundamentals to provide trust and confidence to citizens, businesses and customers alike.”
Duca says Australian industry can play a valuable role in combatting cybersecurity threats by participating in voluntary cyberthreat information sharing.
He says “operationalising” threat information sharing, both within and across industries, and between the private and public sectors, will dramatically shift the balance of power, close the competitive gap, “and realise exponential leverage against cyber adversaries by driving up the cost of successful attacks”.
Here’s what information Duca says should be shared between the private and public sectors:
• Threat Indicators: forensic artefacts that describe the attacker’s methodology;
• Adversary’s campaign plan: a collection of threat indicators for each link in the cyberattack lifecycle attributed to a specific adversary group;
• Context: additional non-campaign plan intelligence about an adversary group that is helpful for organisations to understand the adversary. This includes things like motivation, country of origin, and typical targets;
• Adversary dossier: campaign plans + context – a collection of threat indicators attributed to a specific adversary campaign or playbook (campaign plans), plus any additional context about the adversary group.
“Our mission should be to share all of the above but, most importantly, an adversary group dossier. Doing so will enhance the assessment of the adversary group’s potential, material impact to the targeted organisation, giving a better opportunity for that organisation to detect and prevent the attack, as well as deter an adversary,” Duca observes.
He cautions that the information (to be shared) itself is important – but it must be actionable, and must arrive in as close to real time as possible.
“As we have observed in some of the largest breaches, the best resourced security teams cannot scale manual responses to automated threats – only through automating prevention and detection can organisations be fast enough to adequately secure networks.”
According to Duca, government and industry must collaboratively build a “robust, automated information sharing architecture”, capable of turning threat indicators into widely distributed security protections in near-real time.
He acknowledges that there is apprehension amongst some Australian organisations that information sharing could negatively impact them and that many feel that that by sharing information that could be classified as sensitive and privileged, “they would be giving the upper hand to their competitors”.
“This sentiment from the business community is valid and should be acknowledged. But, as noted above, we should focus on sharing attack information – not information on who has been breached.”
Some of the other challenges and “perceived barriers” to greater cyberthreat information sharing that Duca maintains should be addressed:
• Privacy: Laws should not unduly prohibit the sharing of personal information that is necessary to identify and prevent attacks. At the same time, the Australian government should ensure that there are responsible privacy protections in place related to cyberthreat information sharing.
• Trust among private sector competitors: Some organisations consider cyberthreat information to be their own proprietary intellectual property (IP) and do not want to share it. We need to reverse this notion. The more one continues to treat this information as IP, and the more it is kept in silos within our own organisations, the greater opportunity the adversary has to strike again. Adversaries share tools, exploits and attack methods – so should we. Everyone should have access to the same body of threat information and collaborate to quickly translate it into security controls to use within their own organisations and their collective customer base.
• Antitrust concerns: There is a fear among some companies that sharing threat information between organisations makes them vulnerable to antitrust violations. The Australian government should clarify that cybersecurity threat information voluntarily shared, or received, by a private entity with another private entity is exempt from antitrust laws.
• Over-classification: The government, in some instances, may “over-classify” cyberthreat information it receives from both internal and external sources. It takes a significant effort — and valuable time — to declassify that same information to share with private companies and the public at large.

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more
pr
Coffee with Privacy Pros: Three Constants of Privacy
April 23, 2019

A look behind the career and privacy theology of the law-lovin’ CPO of Uber, Ruby Zefo Jared Cose...

Read more
privacy-coins-and-bitcoin-dominance-guide
We’ve Stopped Talking And Searching About Privacy
April 15, 2019

Kalev Leetaru Contributor AI & Big Data I write about the broad intersection of data and soci...

Read more