The week in security: Bitcoin targeted as Korea cyberwar heats up

Document sharing giant Scribd was hacked this week, with as many as 1 million passwords compromised. Little wonder security vendors have been changing their tack when it comes to the advice they’re offering, advising that security these days is about risk management and minimisation rather than absolute blocking.

This change in approach is a recognition that hackers and malware authors are getting smarter every day: for example, the latest attacks leverage a user’s browsing history to look more convincing, while others are targeting emergency centres with ‘TDoS’ attacks – telephony denial of service – targeting VoIP systems.

Another piece of clever malware monitors the infected system for mouse clicks, using them as a barometer of human interaction and hiding its own activity when there’s no clicking going on.

Mobile threats are equally problematic: a newly discovered piece of Android spyware appears to have targeted a prominent Tibetan political figure in an effort to figure out the user’s exact location. Another genre of malware, one-click-fraud apps, has also moved to Android. Little wonder the US Army is copping flak about its mobile-security program, which was panned in an Inspector General report that was subsequently pulled offline, then reposted as the Army protested its mobile-security credentials.

The Army isn’t alone: a new report suggests companies experience a malware event, on average, every three minutes. This sort of activity may be bad enough, but European privacy regulators are concerned about a different form of breach as they launch investigations into Google’s privacy policy.

Facebook, sensing an impending privacy issue, posted a Q&A on its site about the privacy implications of its new Facebook Home software. And Harvard University was doing its own privacy soul-searching after revelations of additional secret email searches, while a privacy group was calling for changes in the CISPA cyberthreat sharing bill and privacy advocates locked horns with the California Chamber of Commerce over an evolving online privacy bill.

Asian governments are in the news as some in the US believe concerns about Chinese hacking justify limits preventing four government agencies from sourcing IT products from Chinese manufacturers. Also on the international front, two of Japan’s major Internet portals were hacked, compromising as many as 100,000 user accounts.

North Korea was reportedly hit by attacks and password leaks by hacking collective Anonymous. At the same time, the US and South Korea had joined forces to prevent North Korean cyberattacks, while Australian police charged an unidentified juvenile, and suspected Anonymous member, on hacking-related offences.

Better online controls will be crucial as online interactions become more sophisticated and important: online electronics retailer Bitcoinstore, for one, has seen enough success in its trial of bitcoins for payment that it will make the scheme permanent – clearly increasing the need for effective security protections. Such experiments may show promise for online currencies, but there were warnings that the implementation of Universal Credit could leave the public sector ‘vulnerable to fraud’. And, in separate rebuffs to bitcoin, hackers were able to compromise the database of bitcoin storage service Instawallet – even as the largest bitcoin exchange, Mt Gox, fought a DoS attack designed to manipulate the price of virtual currency and new malware for mining bitcoin was seen spreading online.

Sophos was urging customers to apply a security update for its Web Protection Appliance, while Russian firm Yandex launched a public DNS service with malicious URL filtering. Microsoft’s Patch Tuesday, this week, will address critical vulnerabilities in Windows 8 and Windows RT, while BlackBerry was spruiking the security credentials in its new platform.

Google has done its part to support the fight against mobile baddies by transferring the license for its 3LM security technology to mobile device management (MDM) vendor BoxTone, allowing that company to exclusively build out the 3LM technology. Samsung made its own MDM move, striking a deal with Absolute Software to challenge Blackberry Enterprise Server in the business market.

Organisations wanting to hire staff to help with their security processes may be wondering whether the myriad security certifications on the market are worth their salt. They need to be checked very carefully – particularly if organisations are to become intelligent contributors to national cybersecurity frameworks, as the US NIST has requested.

Even as a new spearphishing campaign targets energy companies, some enterprising organisations are building their own security capabilities, finding ways to repurpose old iOS smartphones as remote-controlled security cameras. Others may want to find security inspiration from the activities of Intel, which received top honours in the CSO40 awards for a big-data project that helps protect its information.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about Absolute SoftwareAbsolute SoftwareBlackBerryFacebookGoogleHarvard UniversityIntelMicrosoftSamsungSophosUS Army

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place