Oh My!! More than 6 Million LinkedIn Passwords Stolen! June 6, 2012
Posted by Chris Mark in cybersecurity, Data Breach, Industry News.Tags: Chris Mark, cybercrime, cybersecurity, InfoSec, LinkedIn, privacy, security, Stolen Passwords
add a comment
Change your LinkedIn password now! According to an article on CNN, over 6 million LinkedIn passwords were stolen by Russian hackers. LinkedIn also confirmed in their own blog post that some of the posted passwords did match LinkedIn accounts. According to the story: “The 6.5 million leaked passwords were posted Monday on a Russian online forum, camouflaged with a common cryptographic code called SHA-1 hash. It’s a format that’s considered weak if added precautions aren’t taken. Roughly half of the “hashed” passwords have already been decoded and posted online in human-readable text.” You can read more about how Hashes are cracked using Rainbow tables in the awesome post here.
“Flame On!”- New CyberWeapon Discovered in Middle East May 28, 2012
Posted by Chris Mark in cyberespionage, cybersecurity, InfoSec & Privacy, News, terrorism.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, data theft, Duqu, Flame, hack, InfoSec, Kapersky, security, Stuxnet
1 comment so far
Complementing the post CyberEspionage, researchers have discovered a new cyberweapon. First there was Stuxnet, then there was Duqu..now there is Flame. Called by a researcher: “…the most complex piece of malicious software discovered to date…” the recently discovered virus is designed to capture data but can also change computer setting and turn on integrated microphones to record what is being said in the room. Kapersky labs discovered the virus, dubbed “Flame”, which has been lurking undetected inside of thousands of computers in the Middle East for as long as 5 years. According to Kapersky, the countries with the most infections include Iran with the most infections followed by Israel/Palestine area, Syria, and Sudan. According to Kapersky senior researcher Roel Schouwenberg: “The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information”. (more…)
“Kiss My QR Code”; Symantec Releases 2011 Internet Security Threat Report May 20, 2012
Posted by Chris Mark in cybersecurity, Data Breach, InfoSec & Privacy.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, Internet Threat Report, malware, Phishing, QR Code, Symantec
add a comment
This month Symantec released the results of their 2011 Internet Security Threat Report. It is a very compelling read and highlights just how difficult it is becoming to protect systems, and data. Some of the more interesting findings: 2011 saw variants of Malware increase from 283 million to 407 million (you read that correct…million). Additionally, data thieves have begun using QR codes to infect Android phones with malicious software. One out of every 299 emails is a phishing attempt. This is a document that I recommend you download and read.
“Wowee wow wow!”; The Costs Of CyberSecurity; Part II May 15, 2012
Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.Tags: bloomberg, Chris Mark, cybersecurity, data security, InfoSec, mark consulting group, PCI DSS, ponemon
add a comment
In reading the Ponemon/Boomberg report on the costs of cybersecurity, I was shocked to see that companies would need to increase spending 700% to achieve 95% protection. In reading closer, I was even more shocked to see that financial services companies would need to increase spending over 1,270% to achieve 95% protection. Of the 48 financial services firms surveyed the average annual security investment was $22.9 million. To achieve the 95% goal, security investment would need to increase to $292.4 million per year. You can see the results in an interactive chart here.
As stated in my previous post: “CyberSecurity Cold War; Spend Ourselves Into Oblivion”, it is obvious that companies cannot increase security investment 11 fold or even 7 fold. There must be a better answer.
By the way..the “Wowee wow wow” is from Christopher Walken’ character The Continental 😉
“RSA Doesn’t Dine Alone” – China Suspected In Pipeline Attack May 13, 2012
Posted by Chris Mark in cybersecurity, InfoSec & Privacy, terrorism.Tags: china, Chris Mark, cybercrime, cyberespionage, cybersecurity, data breach, Pipeline Breach, RSA, security, terrorism
add a comment
For background on this story, please read the previous post, as well as an earlier post titled: “Cyberattack underway against US Pipelines”. While the timing of this story is fortuitous for this author, the event is frightening. According to the Christian Science Monitor “Those analyzing the cyberspies who are trying to infiltrate natural-gas pipeline companies have found similarities with an attack on a cybersecurity firm a year ago. At least one US government official has blamed China for that earlier attack.” The referenced security firm is RSA. Again quoting CSM: “Investigators hot on the trail of cyberspies trying to infiltrate the computer networks of US natural-gas pipeline companies say that the same spies were very likely involved in a major cyberespionage attack a year ago on RSA Inc., a cybersecurity company. And the RSA attack, testified the chief of the National Security Agency (NSA) before Congress recently, is tied to one nation: China.”
Anyone who doubt that the US is under attack by China should read about the attacks against Dupont, RSA, Lockheed Martin, and more.
Global Security, Privacy, & Risk Management 