Hackers have found a devious new way to disseminate malware: They're using peer-to-peer networks.
Although U.S. government officials said the NSA's efforts to secretly collect phone records of millions of Verizon customers is nothing new, reports about its size confirmed long-standing fears among privacy and civil rights advocates.
Despite the growing threat of state-sponsored cyberattacks launched from China and other countries, U.S companies should not be allowed fight back on their own, security experts say.
Buried in a 100-page report issued last week by the Commission on the Theft of American Intellectual Property was a recommendation to copy a tactic cyber scammers use to extort money from innocent victims.
U.S. companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property.
China's remarkable success in infiltrating U.S. government, military and corporate networks in recent years shouldn't be seen as a sign that the country is gaining on the U.S. lead in cybertechnology, security experts say. They're just very persistent and very good at remaining undetected for long periods of time.
Alberto Yusi Lajud Pena, found dead in the Dominican Republic two weeks ago, was the leader of the New York cell of an international gang of cyber thieves that authorities allege stole a staggering $45 million from ATM machines around the world.
China is by far the most aggressive, but not the only, country attempting the sort of extensive cyberespionage described in security firm Mandiant's dramatic report, released this week.
More DDoS attacks on banks, cyberwarfare, and targeted attacks could well be in store in 2013, security experts warn.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.