The week in security: Aussie shoppers exposed as Christmas nears
- 28 November, 2016 15:49
The Christmas season is ramping up but Australian shoppers risk being victimised by scammers, new figures suggest, with many still unable to pick out phishing emails and unaware that their home Wi-Fi network can be compromised. This is a concern for anyone shopping online: with Black Friday and Cyber Monday sales being buried in a mass of scams, malware, and even fake Wi-Fi, it’s harder than ever for online shoppers to go about their business untouched.
There is some recourse for those that fall prey to online criminals, however: one report suggested that victims of ransomware have been somewhat successful in thwarting the attacks midstream. Others suggested that businesses can improve their cybersecurity risk profile by deleting data or pushing it to the cloud – where growing compliance with standards like PCI DSS offers better security than many companies can achieve internally.
The US election was weeks ago, but growing concern that the outcome was hacked has created a new twist in the campaign as voting-security experts called on Hillary Clinton to demand recounts in three key states. Wisconsin will be the first to recount, committing to the action after concerns were raised that its voting systems can be hacked.
The broad availability of the Mirai Internet of Things (IoT) attack vector has significantly ramped up the security threat, Akamai warned on the back of its latest update on distributed denial of service (DDoS) activity that, security specialists warn, requires a coordinated global response to subdue. Meanwhile, patches to Network Time Protocol (NTP), which has been widely exploited for DDoS attacks, were released in an effort to scale back potentially damaging attacks.
The US Department of Defense kicked off its Hack the Army program and laid down guidelines to help hackers avoid a knock on the door from police. Telstra has appointed an entire new division dedicated to security-testing its internal code, while there were intimations that Britain’s Bletchley Park could host a national cyber security college.
Even as US legislators introduced a bill to delay proposed enhanced government hacking powers, there were opinions that iPhones are better at encryption than Android devices – and suggestions that the US may look at weakening encryption if the tech industry doesn’t begin to work with authorities on the issue.
Symantec closed a deal to acquire identity-protection firm LifeLock in a $US2.3b ($A3.1b) acquisition, although some warned that LifeLock’s past was filled with problematic lawsuits. Such capabilities reflect the growing pantheon of security tools that providers are embracing to improve their security response, although the introduction of artificial intelligence-based hacking could provide yet another powerful foil to data-protection efforts.