| Security News |
| This Week's Five Most Popular HackBusters Posts |
|
There is an enormous amount of noise in the security space, so how do you know what people really talk about and think is the most important topic? Well, we created the Hackbusters site for that. Hackbusters grabs feeds from hundreds of security sites, blogs and other sources. We track which topics are most liked, shared, retweeted and favored, and we built an algorithm that bubbles up the real hot topics. We tweet when a #1 hot security topic comes up.
Here are this week's five most popular hackbusters posts:
- Google Wants to Fly Drones Over Your Head to Deliver High Speed 5G Internet:
http://www.hackbusters.com/news/stories/524701-google-wants-to-fly-drones-over-your-head-to-deliver-high-speed-5g-internet
- Data Privacy Day: Reminding Us of Data Protection:
http://www.hackbusters.com/news/stories/523320-data-privacy-day-reminding-us-of-data-protection
- Hate your cable company? A superfast wireless Internet network is coming:
http://www.hackbusters.com/news/stories/522617-hate-your-cable-company-a-superfast-wireless-internet-network-is-coming-cnet
- Death Star expansion confirmed for Star Wars Battlefront:
http://www.hackbusters.com/news/stories/522003-death-star-expansion-confirmed-for-star-wars-battlefront-cnet
- NSA Hacker Chief Explains How to Keep Him Out of Your System:
http://www.hackbusters.com/news/stories/523204-nsa-hacker-chief-explains-how-to-keep-him-out-of-your-system
|
| Wombat’s "2016 State of the Phish": Attacks, Victims Continue to Rise |
|
Our friends at Wombat released their "2016 State Of The Phish". The report reflects the reality that CISOs, CSOs, and their infosec teams are facing worldwide on a daily basis: phishing and spear phishing attacks are more prevalent — and more dangerous — than ever.
Three key data points from the survey show year-over-year increases related to frequency and susceptibility to attacks:
- 85% of respondents said they were a victim of a phishing attack (up 13% from the prior report)
- 67% said they experienced a spear phishing attack (a 22% increase)
- 60% said they believe the rate of phishing attacks has increased overall
So, what are the ramifications of a successful phishing attack? From our perspective, it’s a question of means and ends; attackers have different means of exploiting their access, just as they have different end games — and those end games have different implications for the organizations targeted. When asked about the technical issues that resulted from successful phishing attacks on their organizations, respondents indicated that they faced the following:
- 42% Malware infections
- 22% Compromised accounts
- 4% Loss of data
Looking beyond the technical side of phishing, we also asked respondents to identify the business impacts associated with successful attacks:
- 44% complained of lost employees productivity
- 36% faced consequences related to the loss of proprietary information
- 20% dealt with damage to their reputation
In general, the report shows that more aggressive social engineering practices are making phishing more difficult to prevent. Case in point, 55% of survey respondents reported experiencing voice phishing (vishing) and/or SMS/text phishing (smishing). Given that email-based attacks are often preceded by information gathering efforts like phone calls, social media trolling, and even in-person reconnaissance, it’s clear that cyber security is a many-faceted thing."
|
| This Week's Ransomware Roundup |
|
I was going to write up all the news and then ran across this article by Senior Editor Sara Peters at Darkreading. Saves me some time! She started out with: "Inventive new variants and damaging attacks swept through the headlines this week." She is so right, and covers:
- Israeli Electric Authority infected with ransomware
- Lincolnshire County Council phished and 300 machines down
- CryptoWall 4.0 sends spoofed SalesForce emails with fake invoices
- New strain of Android ransomware that poses as a pr0n app
- The new stupid and destructive 7ev3n ransomware strain wanting 5 grand
Here is the article, recommended reading:
http://www.darkreading.com/endpoint/big-week-for-ransomware/d/d-id/1324086
Tripwire came up with literally 22 ways to make sure ransomware does not make it into your systems. Obviously way at the top -- number 4 to be precise -- he states you need to train employees, but there are many other ways to prevent infections. I'm not going to repeat all of them here, it's a good article with some great technical hints and tips:
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/22-ransomware-prevention-tips/
And while we are talking preventing ransomware tips, here is #23. Malwarebytes just released a Beta of their Anti-Ransomware tool which sounds promising as well. Here is the blog post where they announced it:
https://blog.malwarebytes.org/news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/
|
| More Than A Quarter Of All Malware, Ever, Was Created Last Year |
|
IT Pro Portal observed: "Here’s an interesting story: more than a quarter of all malware, ever, was created last year. Yes, more than a quarter – 27.63 per cent, to be exact. Those are just some of the figures released by security firm PandaLabs, in its 2015 Annual Report.
There are some other interesting figures in here as well: there were 84 million new malware samples detected by the firm this year, meaning 230,000 new malware samples were produced daily over the course of the year.
The number of cyber-attacks recorded over the course of the previous year also broke records – a total of 304 million samples were recorded. These figures, together with a couple of high-profile cyber-breaches we witnessed last year, struck fear into the hearts of large corporations." Read more at:
http://www.itproportal.com/2016/01/29/more-than-a-quarter-of-all-malware-ever-was-created-last-year/
|
| End-User Security Awareness First Line Of Data Protection Defense |
|
In a series of video interviews from the 2015 ISSA International Conference in Chicago, SearchCompliance editor Ben Cole discussed modern information security strategy with conference speakers and ISSA members. Here, McCarthy discusses information security best practices and why end-user security awareness is the front line of corporate data protection efforts.
He asked: "How can companies make sure their security policies and processes are staying up to date with modern threats?"
McCarthy: It's really about end-user security awareness type of training programs -- doing the pen testing and the phishing type of attacks, and making them aware. It's sort of deputizing your end users so if they see something coming in to your organization that doesn't look right, they are allowed to raise the red flag and not be chastised for doing that. It may be crying wolf -- but I'd rather have the end user crying wolf a little bit and be much more cognizant of what they are seeing on their email or in their environments, than have them click on something and all of a sudden you have a Trojan Horse that entered your environment, and six months later you have an APT. More:
http://searchcompliance.techtarget.com/video/End-user-security-awareness-first-line-of-data-protection-defense
|
| Security Awareness In Healthcare Is Lagging |
|
Unlike the financial sector, security awareness in healthcare is lagging. Also unlike the financial sector—and much to the chagrin of the industry—hacked medical records command a premium on the black market because health data is far more permanent. Healthcare organizations are facing a cybersecurity crisis. More:
http://www.techrepublic.com/article/healthcare-its-battle-to-keep-sensitive-data-safe/
|
| 10 Social Engineering Exploits Your Users Should Be Aware Of |
|
No matter how well you lock down network security, your company can still be compromised. How? Social engineering. Here are 10 ways social engineers can get to your data without touching a keyboard. More:
http://www.techrepublic.com/blog/10-things/10-social-engineering-ploys-your-users-should-be-aware-of/
|
|
|
|
.jpg)
