News in review: has PRISM made the cloud unsafe?

A survey found that data encryption practices amongst cloud providers vary widely, while a privacy advocate was suggesting that the recent revelations about the US government’s PRISM data-filtering program should make businesses think twice about their use of cloud computing and a European Commission report suggested PRISM was harming the business of US cloud providers. Even as planned July 4 online protests against PRISM seemed to fall flat, caution was being advised regarding disaster recovery as a service (DRaaS) services, even more so because of the increasingly apparent number of ways that governments are spying on citizens online. Things have gotten so bad that the European Union approved stricted penalties for cyber-attacks and suspended data-sharing deals with the US in the wake of the PRISM revelations.

The Google Play app store is still serving up Android adware, one audit has found – something that will come as no surprise to the more than half of consumers that say they’ve been the victim of bad apps. Games are the most common vector for attack, even as BYOD is increasingly fingered as leading to widespread security threats. With BYOD and other security issues continuing, one CSO was emphasising the importance of business-focused security metrics.

An Android lock-screen vulnerability highlighted the ongoing issues with that platform, as did researchers who found a way to turn an Android phone into a spy tool, while a vulnerability was found that allows malware authors to modify Android apps without breaking their digital signatures – which means a malware-laced mobile app can be posted but remain signed by its original author.

Even BlackBerry was reportedly causing security concerns after reports said it had been hacked. Ransomware called ‘Darkleech’ reared its ugly head, while a tenacious two-pronged malware attack was causing consternation for antivirus researchers, who are already declaring 2013 a particularly nasty year for cyber-security. That’s saying a lot, given that the maiden data-breach report by the US state of California found that last year there were 131 separate data-breach incidents that threatened the data of 2.5 million of the state’s citizens.

Even that is small beans in the context of the Pony botnet, which according to one analysis has stolen the Web credentials of 650,000 victims in the course of a few days. Recognising the growing prevalence of such attacks, Google’s Transparency Report has been bolstered with a new section highlighting the number of malware and compromised Web sites detected by the firm. Microsoft was also strengthening its anti-malware efforts, declaring its new bug-bounty program a success before it had even paid out any rewards.

The US federal Trade Commission (FTC) was considering how to fight the data plundering, proposing a ‘Reclaim Your Name’ program that would let consumers control use of their information, then won a $US7.5 million judgment against a company that violated Do Not Call list requirements, while that country also saw revised rules about protecting children’s online privacy.

On the military front, there were reports that a US general is being investigated for leaking information related to the use of Stuxnet against Iran’s uranium refinement program. South Korea suffered a cyber attack on its war anniversary, with Symantec reporting on a new piece of malware designed to delete files from South Korean users’ hard drives. Even China is seeing a surge in the level of Trojan and botnet attacks from other countries, according to one analysis.

Little wonder that, amidst concerns that the government isn’t prepared for a major cyberattack, the US military is planning to completely overhaul its network architecture. Working along similar lines, the UK government gained support for similar efforts from security heavy-hitters like BAE Systems, Lockheed Martin and BT. Signalling a broader range of cybersecurity cooperation, the Commonwealth Telecommunications Organisation joined cyber-security group ICSPA in a pact to work together on cybersecurity initiatives amongst Commonwealth countries.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about BAE Systems AustraliaBlackBerryBT AustralasiaCSOEuropean CommissionFTCGoogleLockheed MartinMicrosoftSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts