The week in security: Controversy, lessons from Ashley Madison hack; Australia joins worst DDoS offenders

A cyberattack on the US Internal Revenue Service, reported earlier this year, now seems to be worse than originally thought. Yet the most attention was on the publication of the records from the recent Ashley Madison hack, which set tongues wagging around the world and had the site's parent company scouring the records to confirm their authenticity. Analysis of the released records, which include source code and email records, showed that internal technical experts had raised concerns about the site's security as much as a year ago. And some believe the high-profile hack will lead to a tiered Internet, while others believe it has important lessons for CSOs and could lead to a wave of spear phishing attacks.

Meanwhile, Oracle was defending a controversial rant by its CSO, while IT-security body ISACA expanded its security skills certification program to include a hands-on breach environment. Other security experts may come from very different environments, however – while Symantec acquired two training forms to boost its virtual-reality training capabilities.

Burgeoning online company REA Group, whose properties include the popular site, has moved 98 percent of its core systems to the cloud on the back of a new identity-management framework that securely ties everything together. This sort of security will become increasingly important as new advances in quantum computing threaten conventional encryption-based security.

An Italian teenager found two zero-day vulnerabilities in Mac OS X, while others warned that BitTorrent programs can be used to amplify DDoS attacks. Also on the DDoS front, gaming services and hosting companies were being hit with a new type of DDoS attack and the takeover of home routers was being credited for a surge in DDoS attacks. Australia joined the ranks of the world's 10 worst DDoS originators for the first time, while Portmapper-based DDoS attacks presented yet another looming problem for system administrators.

Over in the US, a man pleaded guilty to selling access to a botnet of Facebook accounts while the state of Alabama was the site of a cyber-attack linked to the war against Islamic State. Revelations suggested that a notorious gang of Russian hackers was spying on controversial punk band Pussy Riot, while a Chinese hacking group was seen to be having success in attacking Indian targets with a Word exploit and dating site Plenty of Fish was hit with a breach that redirected users to malware-bearing sites.

Even as Microsoft dropped an emergency Internet Explorer patch – which was quickly used by hackers to hit a Hong Kong church site – security experts were warning of key issues to consider before switching to Windows 10. Cisco Systems warned that Flash exploits are soaring, while a vulnerability in enterprise-managed iOS devices was putting business data at risk.

If you're concerned about your internal security, it may be time to take a good look at Kali Linux, a distribution designed specifically to hammer your security defences. You may also want to be looking at machine learning-driven analytics – which are proving increasingly important in mounting a proactive response to security breaches. It's all part of the corporate architecture, which must include security from the ground up instead of treating it as a bolt-on.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internal Revenue ServiceAshley MadisoncontroversyCSO AustraliaDDoS attackssymantecAshley Madison hackvulnerabilities-os-xDDoS offendersAustraliacheatingphishing

More about CiscoCSOFacebookInternal Revenue ServiceISACALinuxMicrosoftOracleREA GroupSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place