The week in security: Wi-Fi targeted as CIOs prioritise security spending in 2015

Educators like to talk about the importance of teaching coding to students, but the network security protocols in place on some UK school networks are holding them back, according to some reports. No word on whether those same protocols will do much to stop the use of a new, free tool that automates the process of phishing for Wi-Fi passwords on open networks.

Proponents of the bitcoin online currency were reassuring the world after an attack on a bitcoin exchange forced it to shut down, even as hackers made off with $US5 million ($A6.1m) worth of bitcoin.

In-flight Internet provider Gogo Internet was taking a somewhat contentious approach to security, targeting in-flight video streaming by rerouting users' requests for some high-traffic Web sites – substituting their HTTPS certificates with other certificates signed by the company in a novel man-in-the-middle attack. That makes airline Wi-Fi less secure than you think in the same way that hotel Wi-Fi is, by reports, less secure than you think.

Back down on Earth, security-focused operating system vendor Qubes patched some security bugs and formally advised that it has not in fact been ordered by a government to install a back door into its environment. Online seller Moonpig didn't need to intentionally do so, after it was revealed that a fault in its API had jeopardised the data of millions of its customers. And if ever employees needed a reason not to skimp on information security, investment firm Morgan Stanley has provided one – terminating the employment of an employee who briefly posted the details of 900 of the company's clients online.

Speaking of leaking details online: Sony's CEO broke his silent streak with a public statement praising the work of the company's staff and partners for getting the company's movie, The Interview, into theatres despite the work of cybercriminals that aired a large quantity of the company's confidential information and intellectual property. The US FBI restated its conclusion that North Korea-sponsored hackers were responsible for the attack, saying that “sloppy” work by the hackers left clues that pointed straight to them.

Indeed, according to IBM, such highly-productive attacks are becoming more common, even as the number of attacks seems to be reducing. That is a good-news-bad-news situation that, unsurprisingly, is likely to correlate with an overall increase in security spending during 2015. Much of this will be in the mobility area, where ever-faster app sales are expanding the potential attack surface for corporates – and driving privacy authorities to push vendors to make privacy policies more obvious when users buy new apps.

Such investments should increase the proactivity of major online companies in protecting their online assets: AOL, for one, moved to stop the delivery of malicious ads from its advertising platform after it was informed of the goings-on – which affected users including GameZone and Huffington Post – by a security company. Yet there was little done to change another innovation that users might consider to be a security issue: the use of so-called 'super cookies' that can track users despite the protections afforded by browsers' 'private browsing' modes.

Speaking of security workarounds, there were suggestions that macro-based c – an early scourge of Microsoft Office users – is making a comeback. Also in the what's-old-is-new-again department was CryptoWall, the stubborn ransomware that has been appearing in new forms that are frustrating security researchers. Even Apple may need to do some careful fixing, blocking a tool that brute-forces iCloud passwords but facing a new flaw in its Thunderbolt ports can be used to write custom code directly into the boot ROM of a target Mac computer.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Upcoming IT Security Events

Feb 3rd, Feb 4th, Feb 6th 2015

Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective. 

Register Today Seats are limited

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt

Read more: Record-pace app sales reinforce urgency of authorities' mobile app privacy push

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Join the CSO newsletter!

Error: Please check your email address.

Tags Qubesbitcoin onlineGogo InternetCryptoWallUK schoolWi-Fi passwordssonyransomwareCSO Australianetwork securityEnex TestLabhighly-productive attacks

More about AOLAppleCSOEnex TestLabFBIgogoIT SecurityMicrosoftMorganMorgan StanleySony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place