Top 7 Cybersecurity Stories This Week 10-28-2016
Washington has changed a 29-year-old Russian hacker for compromising LinkedIn, Dropbox and Formspring. On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on October 5. Read more.
Experts think this recent attack is just a taste of what’s to come: "This is just the beginning," said Sanjay Sarma, a professor of mechanical engineering at MIT who has done pioneering work on IoT systems "There's more coming, sadly — perhaps a power plant." The problem is very real considering that thousands of new devices are connected to the internet daily. Some of these devices may be running low-power processors incapable of supporting sophisticated security. Further, embedded devices continue to operate for years after their last software patch and can even outlive the demise of their manufacturer. Read more.
Last Friday’s enormous cyber attack that brought down popular websites and online services like Amazon and Netflix was likely caused by a non-state actor, otherwise known as hackers without ties to any specific state or government. Read more.
Pagers are still used in industrial environments and many organizations don’t realize that the messages sent with these devices can be highly useful to malicious actors looking to launch a targeted attack. A surprisingly large number of critical infrastructure participants—including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers—rely on unsecured wireless pagers to automate their industrial control systems. Read more.
“Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next,” reports CSO. Criminals stole nearly $44 million directly from Russian banks in the last half of 2015 and the first half of 2016, according to Dmitry Volkov, co-founder and head of threat intelligence at Moscow-based Group-IB. Read more.
Days after the attack that disrupted large parts of the internet, Dyn has provided a status update on the events. Previously it said it was hit by traffic from tens of millions of IP addresses, some of which were likely spoofed, making the actual number of bots involved far fewer. “We are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints,” says the company. Read more.
Healthcare has experienced 22 major data breaches in the past year, according to a new study. The 2016 Healthcare Industry Cybersecurity Report from SecurityScorecard illustrates the ills in healthcare's cybersecurity posture—covering the period from August 2015 through August 2016. Network security, IP reputation, and patching cadence are among healthcare's biggest struggles, the study found. Read more.