Legacy Id
52

Hacking Attacks Against Corporations Double as Employees Work From Home

Hacking activity against corporations in the United States and other countries more than doubled by some measures last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers said.

Corporate security teams have a harder time protecting data when it is dispersed on home computers with widely varying setups and on company machines connecting remotely, experts said. Even those remote workers using virtual private networks (VPNs), which establish secure tunnels for digital traffic, are adding to the problem, officials and researchers said.

Watch Out for Virus-Tied Cyber Attacks on Remote Workers, Warns Tech Professor

The heightened fear and anxiety that COVID-19 is causing people worldwide brings vulnerable targets for cyber hackers.

“We are living in a heightened time of cyber risk. Cyber criminals will take advantage of public fear and due diligence health measures to generate coronavirus-themed phishing attacks. We should be aware of unsolicited COVID-19 emails with specious links or attachments,” says Virginia Tech expert David Simpson.

Detecting Deepfakes by Looking Closely Reveals a Way to Protect Against Them

Deepfake videos are hard for untrained eyes to detect because they can be quite realistic. Whether used as personal weapons of revenge, to manipulate financial markets or to destabilize international relations, videos depicting people doing and saying things they never did or said are a fundamental threat to the longstanding idea that “seeing is believing.” Not anymore.

Most deepfakes are made by showing a computer algorithm many images of a person, and then having it use what it saw to generate new face images. At the same time, their voice is synthesized, so it both looks and sounds like the person has said something new.

The Baltimore Cyberattack Highlights Hackers' New Tactics

Cyberattacks on local governments are on the rise -- and they’re becoming more sophisticated. The latest case in Baltimore, where the city is still struggling to restore critical networks more than three weeks after being hacked, could be a harbinger of things to come.

Already this year, at least 24 municipalities have reported ransomware attacks, including Amarillo, Texas; Augusta, Maine; Imperial County, Calif.; Garfield County, Utah; Greenville, N.C.; and Albany, N.Y. That’s on pace to surpass last year’s total of 53, according to data collected by the tech company Recorded Future.

Electricity Grid Cybersecurity Will Be Expensive — Who Will Pay, and How Much?

Recently, a neighbor asked one of us whether Russia, China, North Korea and Iran really are capable of hacking into the computers that control the U.S. electricity grid. The answer, based on available evidence, is “Yes.” The follow-up question was, “How expensive will it be to prevent, and who will end up paying for it?”

The answers are: Likely tens of billions of dollars, and probably us, the electricity customers. This is a major — and, in our view, vital — investment in community and national security. But as scholars of grid cybersecurity, we understand it’s not very clear what consumers will be getting for their money, nor whether utility companies themselves should bear some share of the cost.

When it comes to cybersecurity, states are the weak link

Every year, we receive the same news: Cyber threats against the United States are on the rise. This year, though, we have some good news: Federal government officials are finally taking these threats seriously. These officials are committed to developing a cyber strategy and working hard to shore up the nation’s virtual defenses. Congress is exploring ways to reorganize its own technology research capabilities. The military is figuring out how to put Silicon Valley to use.

Governments at the state level, however, are lagging.

Cybersecurity suffers from the weak-link problem: Weaknesses in one area can put entire systems at risk. With cyberattacks affecting state and local governments every day, the United States cannot afford to let state-level cybersecurity go unaddressed.

How California Is Improving Cyber Threat Information Sharing

The California Cybersecurity Integration Center alerted its partners to the Thomas Fire along Interstate 5, before the largest wildfire in the state’s modern history was phoned in last December.

Someone had taken to Twitter to first report the blaze, and Cal-CSIC’s media scrapers—which plug into its automated threat feed—noticed.

Cal-CSIC, pronounced “cal-sick,” was created by Gov. Jerry Brown’s executive order in August 2015 to prioritize cyber threats to public sector agencies and expand into the private sector.

U.S. Seeks More Cooperation with Private Sector to Fight Cyber Attacks

The U.S. Department of Homeland Security on Tuesday said it will bolster collaboration with the private sector to defend the nation against cyber attacks by working more closely with industry to combat emerging threats.

Homeland Security Secretary Kirstjen Nielsen unveiled plans to set up a national risk management center where the government will initially work with financial firms, energy companies and telecommunications providers to help identify industry security weaknesses, develop response plans and run cyber drills.

The Two Biggest Disruptions To Cybersecurity Since The Invention Of The Firewall

One might consider the firewall the most significant invention in cybersecurity in the last 30 years. The firewall has certainly evolved since its inception in 1988 as simple packet filters, launching with stateful filters, then upgrading to its third-generation application layer firewall and more recently upgrading again to the next-generation firewall (NGFW).

While NGFW is certainly part of the cybersecurity stack, NGFW is no longer revolutionizing the way we protect our critical business assets.

Today’s cybersecurity strategies have been disrupted by two new models: the Zero Trust model and DevSecOps.