The week in security: The final count: hackers one, Australian Census zero

There was no bigger cybersecurity story over the past week than the disaster that was Census 2016, which was supposed to be a showcase of the goverment's digital ambitions but became a nationwide fiasco after the Census site was unavailable – brought down, reports suggested, by a series of DDoS attacks that led to a poorly handled response by the site's administrators. Confusion about early claims – that the Census was targeted by overseas hackers – became even more confusing when it was revealed that the supposedly intense DDoS attacks hadn't even registered on global sensors that continually track DDoS activity around the world. The growing forces of cybersecurity collaboration are already well documented – and reinforced by the likes of the US Department of Homeland Security's advice for securing businesses – but consumer authority the US Federal Trade Commission popped up in a surprising place to appeal to hackers to help them crack down on manufacturers and service providers with poor security. There is certainly no lack of candidates: many Bluetooth-driven door locks were found to be vulnerable to attack, as were millions of Volkswagens built over the past 20 years. And hundreds of millions of Android devices running Qualcomm chipsets were judged likely to be exposed to one of four critical vulnerabilities that allow them to be compromised. Without the latest patches from Google, your phone or tablet is likely to be completely rooted. Little wonder bug bounties have become big business, with a security firm beating Apple's bug bounty by offering up to $US500,000 ($A655,000) for iOS zero-day vulnerabilities. Security experts warned of a Linux flaw that could affect anyone that uses the Internet, while a survey of patching habits found that self-patching systems are successfully reducing vulnerabilities but that most applications are getting patched less frequently as a result. Research suggests complex layers of accountability are helping download providers turn a nice profit by sneaking adware into the downloads they offer. Adware remains only one of many potential problems for businesses, however, with a Cisco analysis warning that for even more malicious activity. Better control over identity remains a key recommendation from security experts about how to fix the problem, and investments in identity-related technologies will form a significant part of the $US82bn that Gartner believes will be spent on information security this year. Much of that spend, some advisors have recommended, can be well directed to building cloud security response protocols and confounding phishing attacks just enough so that online attackers move on to easier targets – like the Dota 2 forum, which was hacked in a compromise that has seen the leakage of 2 million user passwords. Likewise, social engineering is proving extremely productive for hackers; CISOs, as always, need to be vigilant in their protections. Apple used claims over security to fight Australian banks' efforts to collectively negotiate for access to the NFC chip in its iPhones, while as if fulfilling its prophecy rival Samsung both denied and admitted a mobile payment vulnerability that it said was rare enough that the risk was worthwhile. For its part, Bitcoin exchange Bitfinex took an unusual approach to risk management after it was hacked, reducing its account holders' balances by 36 percent to compensate for its losses. Meanwhile, Microsoft patched 27 security flaws in its core products even as security experts warned that Web Proxy Auto-Discovery Protocol (WPAD) – supported on Windows and other platforms – has serious security problems and should be disabled immediately.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian censusweek in securityvunerablitiesUS Department of Homeland SecurityhackerAustralian Governmenthackingcyber securityDDoS attacks

More about AppleCiscoFederal Trade CommissionGartnerGoogleLinuxMicrosoftNFCQualcommSamsungUS Federal Trade Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts