News in review: has PRISM made the cloud unsafe?

A survey found that data encryption practices amongst cloud providers vary widely, while a privacy advocate was suggesting that the recent revelations about the US government’s PRISM data-filtering program should make businesses think twice about their use of cloud computing and a European Commission report suggested PRISM was harming the business of US cloud providers. Even as planned July 4 online protests against PRISM seemed to fall flat, caution was being advised regarding disaster recovery as a service (DRaaS) services, even more so because of the increasingly apparent number of ways that governments are spying on citizens online. Things have gotten so bad that the European Union approved stricted penalties for cyber-attacks and suspended data-sharing deals with the US in the wake of the PRISM revelations.

The Google Play app store is still serving up Android adware, one audit has found – something that will come as no surprise to the more than half of consumers that say they’ve been the victim of bad apps. Games are the most common vector for attack, even as BYOD is increasingly fingered as leading to widespread security threats. With BYOD and other security issues continuing, one CSO was emphasising the importance of business-focused security metrics.

An Android lock-screen vulnerability highlighted the ongoing issues with that platform, as did researchers who found a way to turn an Android phone into a spy tool, while a vulnerability was found that allows malware authors to modify Android apps without breaking their digital signatures – which means a malware-laced mobile app can be posted but remain signed by its original author.

Even BlackBerry was reportedly causing security concerns after reports said it had been hacked. Ransomware called ‘Darkleech’ reared its ugly head, while a tenacious two-pronged malware attack was causing consternation for antivirus researchers, who are already declaring 2013 a particularly nasty year for cyber-security. That’s saying a lot, given that the maiden data-breach report by the US state of California found that last year there were 131 separate data-breach incidents that threatened the data of 2.5 million of the state’s citizens.

Even that is small beans in the context of the Pony botnet, which according to one analysis has stolen the Web credentials of 650,000 victims in the course of a few days. Recognising the growing prevalence of such attacks, Google’s Transparency Report has been bolstered with a new section highlighting the number of malware and compromised Web sites detected by the firm. Microsoft was also strengthening its anti-malware efforts, declaring its new bug-bounty program a success before it had even paid out any rewards.

The US federal Trade Commission (FTC) was considering how to fight the data plundering, proposing a ‘Reclaim Your Name’ program that would let consumers control use of their information, then won a $US7.5 million judgment against a company that violated Do Not Call list requirements, while that country also saw revised rules about protecting children’s online privacy.

On the military front, there were reports that a US general is being investigated for leaking information related to the use of Stuxnet against Iran’s uranium refinement program. South Korea suffered a cyber attack on its war anniversary, with Symantec reporting on a new piece of malware designed to delete files from South Korean users’ hard drives. Even China is seeing a surge in the level of Trojan and botnet attacks from other countries, according to one analysis.

Little wonder that, amidst concerns that the government isn’t prepared for a major cyberattack, the US military is planning to completely overhaul its network architecture. Working along similar lines, the UK government gained support for similar efforts from security heavy-hitters like BAE Systems, Lockheed Martin and BT. Signalling a broader range of cybersecurity cooperation, the Commonwealth Telecommunications Organisation joined cyber-security group ICSPA in a pact to work together on cybersecurity initiatives amongst Commonwealth countries.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about BAE Systems AustraliaBlackBerryBT AustralasiaCSOEuropean CommissionFTCGoogleLockheed MartinMicrosoftSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place