The week in security: DNS compromise puts Melbourne IT in global spotlight

Australia hit the world security stage for all the wrong reasons after the Syrian Electronic Army hit the sites of major Web properties including Twitter and the New York Times was hacked due to a spear phishing-generated compromise at its DNS provider, Australian company Melbourne IT.

Such DNS vulnerabilities raised concerns among some about vulnerabilities in open-source infrastructure, while others said the hack is a lesson for all businesses and warned other top brands were at risk. As if to prove them right, hackers redirected the website of a Syrian telecommunications provider to the sites of AT&T and T-Mobile.

Such issues had security pundits worried about not only the need for registry locks, but the varying security levels amongst TLD servers in China and elsewhere. Also raising concern are figures suggesting half of all organisations were targeted by cyber-attacks last year.

Things are getting worse, so it’s hardly surprising that Gartner’s 2019 info-security crystal ball is looking cloudy indeed. It’s hardly surprising, with new compromises appearing daily and developers so confident in their ability to hack cloud-storage services like Dropbox that they published their technique – and raised the profile of reverse-engineering software as a means to facilitating security hacks.

Forget two-factor authentication: VMware security provider HyTrust has built a virtual appliance ecosystem in which entire actions can be delayed until a secondary approval has been given by a supervisor. VMware was also looking to improve virtualisation security, with the unveiling of network virtualisation software called NSX that has been embraced by vendors including FortiNet and McAfee.

Windows XP may be thrown out of its support window next year, but some were warning that hackers are sitting on a motherlode of patches that they will unleash on the XP-using community once Microsoft stops developing updates for the software. Ditto Office 2003, which will be cast into the zero-day wasteland when Microsoft stops supporting it next April.

With even Internet-connected cars potentially vulnerable to attack, cloud providers were tipped to be taking a more active role in providing secure data-management capabilities. Cloud-based quantum cryptography may still be a little while coming, though.

Security abuses by the US National Security Agency (NSA) have become a sub-genre of their own, with reports suggesting the organisation broke into no less than the United Nations’ videoconferencing system. The US government also lodged 25,000 requests for information about Facebook users with the company, a figure that emerged after Facebook followed through on promises of transparency in the wake of the NSA’s PRISM revelations.

Privacy campaigners were pushing the Irish High Court to review the Irish Data Protection Commissioner’s decision not to investigate Facebook or look into PRISM, particularly in the wake of legal pressure that forced Facebook to clarify how it uses your personal data.

Conscious of the potential for privacy issues, the Australian Customs and Border Protection Service has worked to comply with Australian and EU privacy-protection requirements for a new big-data passenger-matching system. Less concerned about privacy violations, however, is a Web-based service for cybercriminals that automates the process of generating fake scanned documents to help them through financial institutions’ identify verification processes.

Days after the FBI claimed it had shut down the Anonymous hacking group, said group struck back by leaking thousands of records online. Other groups were marking the occasion of the upcoming G20 summit to launch fresh spear phishing attacks, while Craigslist was also targeted by a malicious app pushing mobile spyware. There are more of them every day, with a study showing that many major-brand apps are putting customers’ personal data at risk. Such vulnerabilities are causing problems for organisations trying to protect confidential data against apathetic and mobile-enabled workers.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about AT&TAT&TCSODropboxEUFacebookFBIGartnerindeedMcAfee AustraliaMelbourne ITMicrosoftNational Security AgencyNSAT-MobileT-MobileUnited NationsVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts