Top 7 Cybersecurity Stories This Week 10-14-2016
The Obama administration has officially accused Russia of attempting to interfere in the 2016 elections, with alleged tampering including the DNC breach reported in June as well as additional hacking attempts on government organizations. According to the Washington Post, the statement made by the Office of the Director of National Intelligence and the DHS came as a result of mounting pressure from within the administration to publicly name Russia and hold it accountable for actions apparently aimed at meddling in the upcoming election. Read More.
Law enforcement officials are seeking to unlock the iPhone belonging to Dahir Adan, a suspect in September's mass stabbing in a Minnesota shopping mall—and they might ask for Apple's help once again. FBI special agent Rich Thorton said at a press conference that the agency is looking into "legal and technical options" to unlock the phone, spurring speculation that the FBI might again ask Apple for help in accessing the device. Read More.
The head of the United Nations nuclear arm said Monday that a nuclear power plant became the target of a successfully disruptive cyber attack two to three years ago, per a report in Reuters. International Atomic Energy Agency (IAEA) Director Yukiya Amano said there is a serious threat of militant attacks on nuclear plants, noting that "they are not an imaginary risk." However, the incident was not serious enough to close down the plant, with IAEA deeming the attack "disruptive" rather than "destructive." Amano declined to give specifics about the attack. Read More.
Kaspersky Lab disclosed a new APT known as StrongPity, a technically capable group that has recently been targeting encryption tools with malware. Security researcher Kurt Baumgartner said at the Virus Bulletin conference that StrongPity has quietly deployed zero-days in the past, effectively spearphished targets and maintains a modular toolset—recent activity, however, has focused on infiltrating encryption tools like TrueCrypt with malware. Read More.
The Group of Seven industrial powers (made up of Britain, Canada, France, Germany, Italy, Japan and the U.S.) on Tuesday announced they have agreed on a set of international guidelines for protecting the global financial sector from cyberattacks. According to Reuters, "the guidelines, which officials described as non-binding principles, were in a three-page document posted on the Web pages of G7 government agencies.” Read More.
A vulnerability that has existed for 12 years in OpenSSH was disclosed today, illustrating how today's IoT devices are being used to complete targeted attacks. The vulnerability was discussed as part of a report released by Akamai today on rising IoT-based attacks, which documented the discovery of cyber attackers utilizing the vulnerability to remotely generate vast amounts of traffic in a recent bout of SSHowDowN Proxy attacks. Read More.
IDC is forecasting that global revenue for security technologies will grow from $73.7 billion in 2016 to $101.6 billion in 2020. According to Fortune, "researchers cited fear as the primary motivator for this bump in cybersecurity spending in light of major hacks that have wrecked companies like Yahoo, Sony and Anthem." The estimated growth rate is more than twice the forecasted IT spending over the next five years. Read More.