The week in security: Cyber Monday threat looms; Australia sets data-collection standard

Australia is apparently setting the gold standard when it comes to aggregating personal information on its citizens, with the UK said to be using the controversial Australian data-retention regime as a model for its own legislation. There's no telling how that will be received by the US National Security Agency, which was arguing that its own online surveillance programs are legal and carefully scrutinised by other parts of the government.

Speaking of surveillance: Symantec revealed details of a new spyware tool called Regin, which it says has espionage features comparable to Flame and Stuxnet and may date back to 2006. Regin has been linked to attacks on Belgian telecommunications company Belgacom, and consensus about the “mysterious' malware was that it potentially had links with state-sponsored hacking.

A new study found that IT professionals are more confident than they should be that they know how to prevent security breaches. One professional who is definitely confident is the developer of a Web site that aggregated video feeds from unsecured Web cams, who is now looking for work as a remote programmer.

Many malware authors aren't waiting for legitimate jobs, though, but rather prefer to pretend they already have one: an Italian group called Hacking Team, for example, has disguised surveillance malware as a bookmark management application called Linkman. There's no telling whether they will face the same penalties as a European company producing a spyware app called StealthGenie, which was fined $US500,000 for selling its software to US consumers.

In many other cases, the software and hardware out there is doing the job for the malware authors: cheap Android tablets, for example, are often plagued with dangerous and hidden security flaws, while a commonly used Linux command has been found to have its own potentially problematic consequences.

Even as the Australian government announced a complete review of its cyber-security protections, European Union regulators were weighing up potential restrictions on a data-sharing agreement with Canada that might have repercussions on a similar deal between Australia and the US. Yet despite no less than the UN calling for protection of the right to privacy, the high-level concern over privacy doesn't necessarily trickle down, with one survey suggesting that US Internet users have a limited understanding of Internet privacy.

One organisation that was getting a completely new understanding of Internet privacy was US retail giant Home Depot, which revealed that its prior data breach had cost $US43 million ($A51 million) to deal with in the third quarter of this year alone. Authorities were warning for other retail scams on Cyber Monday, when a surge of online shopping raises the incidence of online fraud. As if on cue, researchers detected a new point-of-sale malware family and found that cybercriminals are using POS malware to also infect ticket vending machines and electronic kiosks.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt @simplenomad Register today

Join the CSO newsletter!

Error: Please check your email address.

Tags StealthGenieUS National Security Agencystate-sponsored hackingcybercriminalsAustralian GovernmentmalwareUKPOS MalwareEnex TestLabCyber MondayUS retailsymantecdata-collectionStuxnetHome DepotgovernmentCSO Australia

More about CSOEnex TestLabHome DepotLinuxNational Security AgencySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place