Companies concerned about their exposure to cyber-security intrusions need to look beyond conventional insurance policies to ensure they are protected against the additional threats of online business, a new report from the Centre for Internet Safety (CIS) has warned.
Security tools from eight different vendors are struggling to detect modern malware threats, according to eThreatz testing by Enex Testlab that has shown big-name security tools are failing to detect up to 65 per cent of malware presented to them.
Hackers usually try to make their malware stick to victims’ PCs, but a group behind recent attacks exploiting an un-patched flaw in Internet Explorer (IE) are using malware that vanishes on reboot, signalling a shift in strategy to frustrate forensic investigators.
As many as 24,000 Australian-based PCs may have malware that exposes them to a new mass ransomware campaign which encrypts victims’ files until a $300 ransom is paid.
An August 20 distributed denial of service (DDoS) attack originating in Australia and spraying many gigabytes of data per second around the world has been highlighted in striking detail thanks to a real-time map developed by Google and using data from Arbor Networks.
Just a few short years ago, all a PC needed for protection was a basic antivirus program to guard against any malware that arrived via an e-mail attachment, embedded in a shareware application or piggy-backed on a floppy disk.
CSO Trend Micro Workshop
Prime Minister Julia Gillard was on hand in Sydney this week to launch a new cyber education module called bCyberwise. Developed by Life Education and McAfee, the program is designed to teach primary school students about online dangers such as becoming `friends' with strangers and cyber bullying. The program will be rolled out to Australian schools from 4 February.
Social engineers, or "human hackers", have been duping victims from the very beginning of human existence. Here are nine infamous con artists who made history with their scams and schemes.
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
Hackers, Matrix, Swordfish, Sneakers, Cypher - what's your favourite?
Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.
'Tis the season to begin ramping up online shopping activity, and for retailers that means doing all they can to ensure their websites are up, highly available and able to handle peak capacity. Looming in many IT managers' minds is the cautionary tale of Target, whose website crashed twice after it was inundated by an unprecedented number of online shoppers when the retailer began selling clothing and accessories from high-end Italian fashion company Missoni.
No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.
Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.
This is a real issue, and not just one for the well publicised attacks on major corporations such as Sony, Lockheed, Google, and Citi. It affects every business and organisation, large and small. More worrying still, it is now widely suggested that hackers and espionage organisations are moving away from directly attacking their target company, choosing instead to route their attack through suppliers to their target. Thus, even small and seemingly innocuous “third party” businesses who would not consider themselves as potential targets are now on the front line of this cyber war.
Balancing security priorities with business flexibility and agility is a tough challenge. But it’s a challenge every executive management team faces as it strives to drive business growth, achieve competitive advantage and maximise operational efficiency.
It used to be easy enough to spot a bank robber. With their balaclavas and weapons of choice, the criminals would simply storm in demanding money and everyone knew exactly what was happening. While criminals still occasionally resort to traditional methods, it’s rare to see the dramatic Bonnie and Clyde-style bank heists of the 20th century.
Each day, as the speedy evolution of technology emerges, newer, more complex and increasingly dangerous cyber threats come onto the battlefield, thus presenting an ever-thriving danger to organisations, governments and enterprises everywhere.
"How do you teach a person to duck a punch? You punch them in the face until they get it," said freelance information security consultant Dan Tentler, who designed Twitter's internal anti-phishing training program, at last week's Breakpoint security conference in Melbourne.
Some antivirus vendors recommend against scanning inside archives to avoid a performance impact. This is because scanning the archive can mean the computer appears unresponsive or slow, but following this advice creates an opportunity for malware authors.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.