NTSC Technology Security Roundup

Weekly News Roundup: August 27, 2018

Congress Continues Showing Bipartisan Interest in Hacking Back

Despite cybersecurity experts and CISOs warning against the risks of hacking back, Congress continues to show bipartisan interest in this concept. The latest push comes from Sen. Sheldon Whitehouse (D-R.I.) who talked about hacking back during a Senate Judiciary Subcommittee last Tuesday. According to The Hill, “Whitehouse, the top Democrat on the Senate Judiciary Subcommittee on Crime and Terrorism, says the idea is worth considering because hacking back can help prevent foreign actors from carrying out cyberattacks against U.S. entities. […] However, many people working in the cybersecurity field worry that hacking back would create more problems, such as harming unintended victims and escalating cyber feuds among companies and their attackers.”

AMI Research Says $8 Billion Spent to Secure Smart Utilities Inadequate

According to a press release summarizing AMI Research’s Cybersecurity in Smart Utilities report:

  • Digital security remains largely unimplemented during utility modernization due to cost, resource, and time constraints.
  • This is exasperated by issues with adapting cybersecurity to OT environments and an overall lack of knowledge and expertise in bridging these divides.
  • The lack of sustained public support sends a deflated message to operators in the field about the importance of cybersecurity.
  • While power and water grid stakeholders will spend over $8 billion globally on cyber-securing utility infrastructures in 2018, only a small portion of that will be dedicated to operational technologies and smart systems.

Encryption Déjà Vu As Department of Justice Wants Access to Facebook Messenger Data

In a case related to the MS-13 gang, the Department of Justice wants Facebook to provide access to encrypted Facebook Messenger data. According to Fortune, “Law enforcement officials want to listen to the voice conversations a suspect made in Messenger… […] If Facebook is forced to break its encryption as the DOJ is asking, it could have implications for other tech companies. Other messaging apps, such as Facebook’s WhatsApp and Signal, offer encryption to maintain the privacy of its users’ texts or voice calls. That could leave many messaging apps more vulnerable not only to law enforcement but also to hackers.”

More Investments Pouring into Cybersecurity Training

Even for organizations that invest in robust information security, employees remain a weak link that no technology or tool can solve. It takes human error to click on a phishing email, download a malicious attachment, or give sensitive information away over the phone. As a result, cybersecurity training becomes more essential every year and more investment money is going toward companies that provide it. According to Forbes, “While cybersecurity remains popular with investors, one of its many subsectors — awareness training for employees — has witnessed an avalanche of deal-making and investment in the last year, and those in the space are not anticipating a break. […] The training and awareness market is expected to grow from $370 million in 2017 to more than $1.5 billion by 2021, according to Gartner’s projections.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Hackers steal more than $1 million from global economy in a single minute: Reported in The Hill, “Hackers are able to steal more than $1 million from the global economy through cyber crime in a single minute, according to a new report… […] Approximately 1,861 people fall victim to cyberattacks in a span of 60 seconds, while some $1.14 million is stolen, cybersecurity firm RiskIQ found.”
  • 150 Billion Consumer Records At Risk: Reported in PYMNTS.com, “According to the latest installment of the Digital Identity Tracker, nearly 150 billion consumer records will be available to fraudsters and bad actors on the Dark Web by 2023.”
  • Hackers Use Public Cloud Features to Breach, Persist In Business Networks: Reported in Dark Reading, “A new body of evidence indicates threat actors are using increasingly advanced techniques to target unsecured cloud users and leveraging features common to public cloud platforms to conceal activity as they breach and persist in target networks. Data comes from the Threat Stack security team, which spotted the pattern over multiple years of observing behavior on client networks.”
  • Companies reliant on consumer data are at risk: Reported in Help Net Security, “Companies with business models reliant on the increasing quantity and scope of consumer data are at risk if public ambivalence about data privacy turns to opposition, according to a report prepared by Cornerstone Capital Group.”
  • Email Fraud Continues to Rise as the Number of Attacks Grew 36% in Q2: According to Proofpoint, “In Q1 2018, there was a 103% year-over-year increase in the number of attacks identified and blocked. The threat is not slowing down as made clear with the 36% quarter-over-quarter increase in Q2.”
  • Retail and finance top the list of vulnerable industries, increasingly targeted with credential threat campaigns: Reported in Help Net Security, “The finance, professional, and information sectors had the highest volume and most variety of malicious activity in Q2 2018, says Rapid7, and the manufacturing sector is steadily getting more and more targeted.”