The week in security: It's hack or be hacked as airplane rises, defences fall

Human expertise is becoming crucial to pick up the security chain where conventional antivirus solutions are dropping it, some argue as the overall online security threat increases and DDoS attacks get more sophisticated, by accounts. Yet even as Australia becomes the world's second most-attacked Web target and many companies perceive the value of security analytics in fighting DDoS and other attacks, the technology was the next to least actually-deployed security protection in one recent survey.

Far more common are virtual desktops, which are helping security-conscious government agencies, yet there were concerns about a different kind of desktop action as the FBI asserted that a cybsersecurity researcher had claimed he caused an airplane to climb after hacking its software. Some believe this suggests a role for hackers in testing public systems, while others are concerned that there are already too many vulnerabilities in routers and other common devices, and encouraging hackers to test them is a bridge too far. Yet many companies are looking for ways to give their security experts more opportunities to stretch their legs, with one Israeli company developing an on-premise version of a popular Web game, Game of Hacks, that [[xref:http://www.cso.com.au/article/575423/game-hacks-coming-white-labelled-version-after-strong-demand-from-security-challenged-businesses/ |proved to be hugely popular] as both a tutorial and a target for hackers.

Amidst reports that the volume of malicious adware more than doubled in 2014 – leading many to push advertisers to boost their security – the battle to keep ahead of cybercriminals was continuing in the face of “self-defeating” signature-based security, with companies like Vodafone introducing tighter identity management frameworks to bolster their overall security.

Indeed, many CSOs are working overtime to figure out next steps in the wake of another high-profile hack, this time of global coffee franchise Starbucks. Meanwhile, desperate ransomware victims are pleading with their attackers after being caught by their nasty code. Yet there are signs that such attacks are only going to become worse, with the Australian Crime Commission flagging in a major report that organised crime is increasingly turning to sophisticated online efforts to complement or replace conventional organised crimes. Little wonder, with the scale of attacks growing and US health insurer CareFirst admitting that 1.1 million people were affected in the cyberattack to which it recently fell victim.

Fresh on the heels of a vulnerability that lets attackers spoof the address shown in the Chrome address bar, Researchers were advising users not to type passwords into Android versions of Chrome until they've updated their browser or operating system. A new URL-spoofing bug in Safari was said to potentially enable phishing attacks, while other researchers developed a way to trick hackers by creating fake passwords to sit alongside the real ones in user databases. And no less than the US Federal Reserve was changing passwords after being hit by a DNS attack.

The controversial potential sale of data on millions of customers of failed US retailer Radio Shack had the US Federal Trade Commission weighing in to recommend conditions for any such sale and Radio Shack ultimately agreeing to some conditions. Dropbox was also tightening up its protection of personally identifiable information (PII), spruiking its compliance with the new ISO 27018 standard for PII security.

Apple and Google joined the voices of those pressuring US president Barack Obama to reject efforts to add encryption 'back doors' to mobile devices, even as questions were raised about the security of the Apple Watch and that popular device got its first security and feature update. And some in the US were proposing tighter export rulesfor computer security tools, raising the spectre of new limits to the distribution of powerful encryption technology. This, from a government that was reportedly planning to inject snooping malware into the Google Play Store and Samsung app store.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Vulnerabilitiessecurity threat#CSOAustraliacybercriminalshackerairplaneransomwareCSO AustraliaDDoS attacksmalicious adwarehackattackerssecurity

More about AppleAustralian Crime CommissionCSODropboxEnex TestLabFBIFederal Trade CommissionGoogleISOSamsungStarbucksUS Federal ReserveUS Federal Trade CommissionVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place