Cybersecurity News of the Week, December 9, 2018

Cybersecurity News of the Week, December 9, 2018

SecureTheVillage — Webinar Recording Available Online

Third-Party Security Management, SecureTheVillage and Citadel President Stan Stahl with guest John Coleman, EVP Information Technology, Pacific Premier Bank. Webinar recorded December 6, 2018.

Webinar Topics:

  • The 3rd-Party Information Security Management Challenge
  • Key Objective: Avoid Disastrous Consequences
  • Third-Party Security Management Basic Requirements
  • Information Security Manager (ISM) Responsibilities
  • The Information Risk Management Process
  • Due Diligence Considerations
  • Vendor Management Reporting
  • Information Security Manager & Leadership Team — Getting Started

This webinar presented by the Los Angeles Cyberlab.

Individuals at Risk

Identity Theft

In a cynical inadequate response, Marriott says it will reimburse some guests for new passports after massive data breach … but only if passport number can be shown to have been used to steal identity: A Marriott spokesperson said the hotel chain is working on a way to reimburse some users for the costs of getting new passports if they’re one of the persons whose data was leaked in a massive data breach last week. ZDNet, December 7, 2018

What to Expect From Class-Action Lawsuits Against Marriott: You might get some compensation for the data breach, but it will probably be small Consumer Reports, December 5, 2018

How Many Times Has Your Personal Information Been Exposed to Hackers? Find out which parts of your identity may have been stolen in major hacking attacks over the last four years: There’s been another mega-breach. Marriott said Friday that information for as many as 500 million of its customers may have been stolen. Answer the questions below to learn which parts of your identity may have been stolen in the last five years. Not all attacks are included here, and many attacks go undetected, so think of your results as a minimum level of exposure. The New York Times, November 30, 2018

Cyber Danger

Cyber crooks increasingly targeting home devices: report: Cyber security agency says manufacturers choosing convenience over security. CBS, December 6, 2018

Cyber security: Hackers step out of the shadows with bigger, bolder attacks: Successful hacking campaigns used to be all about keeping under the radar. But, for some, making a big splash is now now more important than lurking in the shadows. ZDNet, December 4, 2018

Cyber Defense

A Breach, or Just a Forced Password Reset?: Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case. Here’s a closer look at what happened, and some ideas about how to avoid a repeat of this scenario going forward. KrebsOnSecurity, December 4, 2018

Cyber Warning

Sextortion emails take an even darker turn and are now trying to infect users with the GandCrab ransomware: This past week, users in the United States have been bombarded by an email spam campaign that pushed a double-whammy of a sextortion attempt combined with a possible ransomware infection. ZDNet, December 8, 2018

Information Security Management in the Organization

Information Security Management and Governance

Cybersecurity Remains a Top Company Threat for Directors, says NACD report. 52% of directors claim to have a solid understanding of the threat of hacking as cybercrime remains a huge threat to companies worldwide: With news of yet another cybersecurity breach, this time Marriott International Inc., risk oversight by directors has never been more important. Directors&Boards, December 6, 2018

Is Your Company Ready for a Cyberattack?: Many companies are putting themselves through military-inspired games to beef up their cyber resilience. MITSloan, December 4, 2018

What the Marriott Breach Says About Security: We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. KrebsOnSecurity, December 1, 2018

Cyber Defense

A look back at cybercrime in 2018: Prepare now to mitigate the most cyber risk in 2019! CSO, December 7, 2018

ESET discovers 21 new Linux malware families. Malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities: Although Linux is a much more secure operating system compared to the more widely used Windows, it is not impervious to misconfigurations and malware infections. ZDNet, December 6, 2018

Marketing Is Overpromising And Under-Delivering Cybersecurity: There’s no other way to describe it: the fear-mongering of cybersecurity marketing is ruining the industry. That may sound sensationalist — much like the marketing tactics that the majority of the industry uses — but it is difficult to put current advertising attitudes into other words. Every other day sees a major cybersecurity breach, and every other day cybersecurity companies send out their marketers to transfer fear into sales. ITSP, December 4, 2018

Secure The Human

How to reach that person who will click on anything: There’s always that one person who falls for every phishing scam. This is how you break them of that habit. CSO, November 14, 2018

Cyber Insurance

SMBs Are Driving A New Wave of Cyber Insurance Adoption: Large organizations have long understood the intrinsic value of customer data. By using it to formulate and execute on key business decisions, customer data helps enterprises better meet customer demand, anticipate a buyer’s propensity to purchase, and stay ahead of savvy competitors. Because of the substantial amounts of resources required to successfully leverage customer data — and considering its highly confidential nature — large companies have also traditionally led the pack in implementing cyber insurance to protect this crucial business asset. ITSP, December 4, 2018

Cybersecurity in Society

Cyber Privacy

Australia’s Encryption-Busting Law Could Impact Global Privacy: Australia’s parliament passed controversial legislation on Thursday that will allow the country’s intelligence and law enforcement agencies to demand access to end-to-end encrypted digital communications. This means that Australian authorities will be able to compel tech companies like Facebook and Apple to make backdoors in their secure messaging platforms, including WhatsApp and iMessage. Cryptographers and privacy advocates—who have long been staunch opponents of encryption backdoors on public safety and human rights grounds—warn that the legislation poses serious risks, and will have real consequences that reverberate far beyond the land down under. Wired, December 7, 2018

Cyber Crime

The WIRED Guide to Data Breaches. Everything you ever wanted to know about Equifax, Mariott, and the problem with social security numbers: Another week, another massive new corporate security breach that exposes your personal data. Names, email addresses, passwords, Social Security numbers, dates of birth, credit card numbers, banking data, passport numbers, phone numbers, home addresses, driver’s license numbers, medical records—they all get swept up by shadowy, amorphous hackers for fraud, identity theft, and worse. Sometimes the affected company will send you an email suggesting that you change a password or credit card number, but for the most part, these incidents are invisible—until they aren’t. Wired, December 7, 2018

This map shows where in the US cyber crime costs people the most. Cyber crimes stemming from hacks like the Marriott data breach are on the rise: Last year, losses topped $1.2 billion: Data breaches like last week’s massive Marriott hack are becoming all too common. Last year, the Identity Theft Resource Center tracked over 1,500 instances. CNBC, December 6, 2018

U. S. Attorney in Atlanta: City didn’t pay cyber attack ransom: The U. S. Attorney’s office for North Georgia on Wednesday confirmed that the City of Atlanta did not pay a ransom to the two Iranian men accused of infiltrating the city’s computer network in a cyber attack in March. AJC, December 5, 2018

Clues in Marriott hack implicate China, reports Reuters: Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter. Reuters, December 5, 2018

Small Businesses Lose $80K on Average to Cybercrime Annually, Better Business Bureau Says: The growth of cybercrime will cost the global economy more than $2 trillion by 2019, according to the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America report. SmallBizTrends, December 3, 2018

Cyber Espionage

Facebook Used Its VPN to Spy on Other Companies, Users. A new data dump from the UK Parliament shows that Facebook collected data from Android users without notification, cut off developers that it felt… At this point, Facebook’s fundamentally bankrupt behavior isn’t a contested point — just an established fact. That viewpoint, cynical as it may sound, was fundamentally confirmed by the release of 250 pages worth of emails from the UK Parliament, which collectively demonstrate that yes, the company engages in the bad behavior we’ve suspected that it does. ExtremeTech, December 7, 2018

Cyber Freedom

AI Now calls on governments to regulate the use of artificial intelligence and facial recognition technologies before they can undermine basic civil liberties: Sophisticated facial-recognition technology is at the heart of many of China’s more dystopian security initiatives. With 200 million surveillance cameras — more than four times as many in the United States — China’s facial-recognition systems track members of the Uighur Muslim minority, block the entrances to housing complexes, and shame debtors by displaying their faces on billboards. The Verge, December 7, 2019

The Cybersecurity 202: NRCC breach sparks calls for transparency after cyberattacks: The breach of the National Republican Congressional Committee email system is throwing a spotlight on the duty to disclose cyberattacks on the political system — and the long-term effects of hacking on the public’s faith in the integrity of elections. The Washington Post, December 6, 2018

Thousands of Emails Stolen From Republican Committee’s Aides: WASHINGTON — Thousands of emails were stolen from aides to the National Republican Congressional Committee during the 2018 midterm campaign, a major breach exposing vulnerabilities that have kept cybersecurity experts on edge since the 2016 presidential race. The New York Times, December 5, 2018

Authoritarians Are Exporting Surveillance Tech, And With it Their Vision for the Internet: Chinese telecom giant ZTE is exporting surveillance technology to Venezuela, according to a recent Reuters investigation. Venezuelan officials allegedly visited Shenzhen, the Chinese technology hub, to learn about the country’s national identity card technology. “Using vast databases to store information gathered with the card’s use,” Angus Berwick wrote for Reuters, “a government could monitor everything from a citizen’s personal finances to medical history and voting activity.” It’s an insidious tool for population control, and its export—along with the export of other digital surveillance systems—is lending to the diffusion of an increasingly consolidated authoritarian model for internet governance and control. Council on Foreign Relations, December 5, 2018

The Cybersecurity 202: Russia is trying to undermine Americans’ confidence in the justice system, security experts warn: A group of cybersecurity, national security and legal experts is warning that Russia’s efforts to weaken America’s democratic institutions aren’t limited to elections — but also extend to the U.S. justice system. The Washington Post, December 5, 2018

National Cybersecurity

The Cybersecurity 202: The U.S. got tough on Kaspersky and Huawei. Will Russia and China retaliate?: The U.S. government’s get-tough strategy with Russian and Chinese companies that officials suspect of spying for their home governments risks a tit-for-tat response that could hurt U.S. companies and contribute to fracturing the global Internet, experts and former officials warn. The Washington Post, December 7, 2018

Russia Launched Cyber Attacks Against Ukraine Before Ship Seizures, Firm Says: Researchers claim to have uncovered Russian cyber attacks aimed at the Ukrainian military and government before and during the Sea of Azov captures. DefenseOne, December 7, 2018

‘Cyber-attacks have become the new normality,’ Marina Kaljurana, Estonia’s former Foreign Minister and chair of the Global Commission of the Stability of Cyberspace, tells attendees at #BlackHat Keynote: More than 10 years have passed since Estonia found itself the target of a series of DDoS attacks that battered the sites and servers of various public and private institutions – a significant event on the cyberspace battleground that forced the small nation to become one of the world’s most digitally connected countries. The Daily Swig, December 5, 2018

Cyber Lawsuit

Unencrypted medical data leads to 12-state litigation: Twelve US states are suing an electronic healthcare record provider who lost 3.9 million personal records in 2015. NakedSecurity, December 7, 2018

Critical Infrastructure

Airlines urged to move quickly as cyber attacks grow in number and sophistication: The aviation industry is struggling with implementing cyber prevention initiatives, according to research from SITA. PhocusWire, December 4, 2018

SecureTheVillage Calendar

Financial Services Cybersecurity Roundtable. December 14 @ 8:00 am – 10:00 am

Webinar: Managing Cyber-Risk and Insurance. January 17, 2019 @ 10:00 am – 11:00 am

The post Cybersecurity News of the Week, December 9, 2018 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group