The week in security: Breach case studies boost learning, Android boosts breaches

Businesses and government organisations face a growing threat from freelance cybercriminals, one former US Department of Justice attorney has warned as turncoat security experts cause problems such as the recent malware attacks on Polish banks. No wonder financial giants are exploring the potential of Blockchain to improve the protection of data from manipulation and fraud.

The passage of long-stalled breach-notification laws is promising to expose many hacks that would have otherwise gone unnoticed – and there are already lessons to be learned from the sharing of case studies. Learning from the experiences of others will be particularly crucial for operators of water networks and other critical infrastructure.

Cloud-hungry Australian businesses must improve their identity and data protection, experts warned as they also offered recommendations for the US government to improve its security. Experts were also warning businesses to watch out for being compromised using their own data, while security researchers scored a small victory by tricking a business email compromise instigator into revealing his identity.

The need to address new risks posed by Internet of Things (IoT) endpoints has been widely recognised in theory, but the threat it poses became very clear after the takedown of a university’s network by hacking its vending machines. Small cities are also particularly exposed to the IoT threat, according to one report.

Such incidents highlight the changing notions of the network perimeter. On a similar note, US government security experts were concerned about the proper US response to foreign cybersecurity activity. Ditto the UK government, which opened a new National Cyber Security Centre at GCHQ.

Meanwhile, US authorities were concerned that president Donald Trump may be using a mobile phone running an insecure, old version of the Android operating system. Android was also blamed for an attack on Israeli soldiers and potential compromises of connected cars, even as researchers highlighted a way to jump between personal and business data secured using Google’s secure Android for Work containers.

Mobiles aren’t the only vulnerable devices: the same Russian spies that were blamed for hacking the US election were said to now be targeting Macs.

The use of machine learning offers great promise for improving security response, with IBM linking its Watson machine-learning platform with its security information and event management platform. Eric Schmidt was also talking AI at the RSA conference, where experts were offering their best cybersecurity advice.

Intel and McAfee were pushing towards settlement talks in their dispute over the use of John McAfee’s name, while Microsoft’s president was looking at a way to impose Geneva Convention-like rules on another kind of war. And tech groups were gearing up for a different kind of fight as they worked against a controversial provision in US law giving authorities the right to spy on people overseas.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Android boosts breaches

More about Department of JusticeGCHQGenevaGoogleIBMIntelMacsMicrosoftRSAUS Department of Justice

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts