At least 75% of adults are concerned about their security, privacy, malware and websites tracking them. However, many aren’t taking the right precautions to protect themselves- with millennials being the worst offenders. American adults are not taking all of the steps they could to protect themselves. Many are not aware of the best practices while online and the prevalence of cyber incidents. 71% of people say that if they hear a retail store was victim to cyber security they would think twice about shopping at that retail store. However, this anxiety and expectations have not translated into action…
64% (71% millennials) say that they are on a major retail or social networking website, they always consider their information to be safe.
55% say that if they receive an email with a link from a friend, they will most likely click on it.
55% (66% millennials) say that if they were hacked, they wouldn’t know what to do.
36% (50% millennials) say they don’t think twice about sharing their personal information on social media.
At the beginning of the week, we posted a blog about how new internet-connected gadgets could bring the internet to its knees- read it here. The blog mention that hackers could access thermostats, security cameras, smart TVs and now your refrigerator.
The attackers used a novel piece of malware called the Mirai Botnet. This device creates its zombies by grabbing devices from the Internet of Things. Instead of linking together infected laptops, the hacker used webcams, thermostats, cell phones and anything else with the ability to get online to generate traffic.
This was a brand new type of attack and this affects how the internet will work moving forward. These DDoS attacks leverage millions of LoT devices. These devices tend to contain little sensitive information, which means hackers rely on them for easy access to the internet.
This a solvable problem, as the systems can build in protections such as rate limits, which can cut off connections by source and destination. However, as of now, this is a huge problem for consumers because there is no way to combat an attack on the internet of things. The number of internet connected devices is estimated to grow over 50 billion, making things a hard.
Friday’s attack on Dyn’s DNS systems has shown a frightening vulnerability in the internet and the infrastructure built around it. Read more at TheStreet.
According to NTT Security, firms need to conduct better penetration testing to combat the changes in hackers’ tactics, techniques and procedures (TTPs).
The most targets industries are:
Hackers are becoming relentless and constantly employing new means to penetrate networks to steal confidential data. They are being more sophisticated in their attacks. Therefore, organizations must find where/how these attacks are taking place so, they can deploy the most effective network security.
“43% of attacks against finance were web based attacks, with SQL being the most common attack method and 73% of malware delivered to the healthcare industry was in the form of spam email with malicious attachments.”
As organizations consider how to better protect their security infrastructure against these attacks, it is suggested to implement an external management security service (MSS). This will help the organizations to identify their network vulnerabilities and where they need to optimize network security programs to make better informed decisions, achieve compliance and reduce costs. Read more at: helpnetsecurity
Dyn, an internet performance management company, was hit with a distributed denial of service (DDOS) attack on Friday afternoon. This cyberattack led to repeated disruption in the availability of popular websites such as Netflix, Amazon, Twitter, Spotify and many others.
The attacks hit twice and many speculated that the attacks were just practice, and the real hit will come closer to the election. While DDoS attacks have been used for years, Friday’s events take DDoS to a new level. The popularity of new internet- connected gadgets has vastly increased the pool of potential devices that can be hacked. These devices range from connected thermostats to security cameras and smart TVs. Many of these devices feature little security- making them easy targets for hackers and creating big problems for the user.
The power of this kind of cyberattack is entirely different because hackers can gain access to systems that can physically disrupt and interfere with people directly.
The hackers under the name of New World Hackers claim responsibility for Friday’s massive cyber attack. They say the attackers were merely a test, and claimed that the next target will be the Russian government for committing alleged cyberattacks against the US earlier this year.
The Department of Homeland Security is looking into the attacks and the “New World Hackers” but very little information can be found. These attacks just come to show that people need to start taking cyber safety a bit more seriously. Read More on The Street.
According to a Nationwide survey nearly 80% of small-business owners don’t have a cyber-attack response plan in place. Leading to over half of small business owners having experienced malware, phishing, Trojans, hacking, and unauthorized access to customer data. Many small businesses don’t prepare for cyber events because they think that cybercriminals only go after larger corporations, giving them a false sense of security. Around 60% of those who experienced a cyber-attack took more than one month to recover from the event. The reality is small businesses don’t have the resources to invest in proper data protection and security controls; making them the perfect target for cyber criminals.
The Nationwide survey recommends that small-business owners protect their organizations by incorporating the following:
A guard that protects the physical perimeter
A program to educate your employees about cyber awareness
An active firewall
An antivirus, malware, and spyware software
Stronger passwords with 8-10 characters that are updated regularly
A stronger Wi-Fi network
Encrypted sensitive data that is also backed-up and stored in a fire-proof safe off-site
Last week, popular security and tech page KrebsOnSecurity went dark following a massive DDos attack. While the amount of data used to put KrebsonSecurity out was large, an even larger attack happened on French Web Hosting company OVH. The speed at which the data used to carry out the attack on OVH’s servers exceeded 1 terabyte per second. The distribution of data was carried out by a variety of “bot” devices such as security cameras and other “Internet of Things” network connected devices. Read more at ARSTechnica.
The current voting process in the U.S. allows for a myriad of cyber attacks. Since the voting process is decentralized and regulated by each state, the votes are entered, tallied, and finalized in a number of different ways. In 2009 The National Institute of Standards and Technology (NIST) published the Draft Voluntary Voting Systems Guidelines, version 1.1. which set a framework on how to handle cybersecurity for the voting process. However, these standards are voluntary and not required to be followed by the states. Read more at Dark Reading.
A survey by password vault software LastPass shows that while 91% of users know that re-using passwords is risky, 61% re-use passwords anyways. Users feel overwhelmed with the amount of passwords needed for various online accounts and services. As the security associated with passwords decline, other security features such as tokens and multi-factor authentication are being used more often to fill in the security gaps that poor passwords leave behind. Read more at Dark Reading.
In an alert published by the FBI, the agency claims that recent ransomware strains are beginning to target vulnerable business servers more often than vulnerable individual users. This means that the impact of these attacks are becoming more widespread throughout the organization’s servers and affect a larger amount of sensitive data. This increased targeting also means that hackers will likely be demanding more money in order to decrypt the victim’s files. Read more at Krebson Security.
In a survey by Callcredit Information Group, the organization found that employee access to social media and BYOD device policies were the biggest perceived internal threats to data security. While companies are still worried about external threats to their information, the fraud managers and directors surveyed perceived the risk of an internal vulnerability as higher than that of an external threat. Despite the high risks to these organizations, many feel that they are ahead of the curve when it comes to their company’s cybersecurity. Read more at Infosecurity Magazine.