Exact figures on how much it is costing British firms vary but recent research from the UK government found that eight out of ten large companies had suffered a breach and most were seeing attacks on at least once a month.But nowadays it is increasingly attracting professional criminals.They can make good money from cybercrime and the risk of getting caught is low.Even if they do get caught the punishments are far less arduous than if you get caught robbing an actual bank or dealing drugs.The huge growth of Bitcoin and other alternative currencies have also made it much easier for the crooks to get paid.The traditional way of protecting a business against cyber-attack was to protect the perimeter.
Photograph: Robert Galbraith/ReutersA hacker claiming to have the log in details of millions of LinkedIn users is advertising the data for sale online.The extensive list of user IDs and passwords, which were allegedly sourced from a cyber attack on the networking site four years ago, is being advertised on the darknet – a sub-section of the internet not accessible through normal web browsers and often a platform for illegal activity.Around 6.5m details were posted online at that time – but LinkedIn s chief information security officer Cory Scott said he does not believe the extra data was gained as the result of a new security breach.In 2012, LinkedIn was the victim of an unauthorised access and disclosure of some members passwords.We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.News of the breach is the latest in a long line of cyber-attacks on major websites and companies, with telecoms firm TalkTalk and parental forum Mumsnet among those who have been the victims of security breaches in the last year.
A hacker affiliated with the notorious Anonymous collective has launched a series of cyberattacks against government portals in North Carolina to protest against the so-called 'bathroom bill' – which has been criticised by many as being anti-LGBT.Indeed, a number of businesses and high-profile celebrities have protested its advance into law – including Bruce Springsteen, Bryan Adams and Elton John.This type of cyberattack sends a tidal wave of traffic towards a single web server with the aim of taking it offline and is regularly used by Anonymous as a method of protest.Following the DDoS attacks, the hacker posted a JustPaste link that purported to hold a database compromised from the North Carolina State University www.ncsu.edu .The hacking group recently became embroiled in the ongoing US election campaign after planning operations against presidential hopeful Donald Trump.The latest campaign, however, looks set to continue.
Speaking at the Financial Regulation Summit in Washington DC, White warned the industry that their policies and procedures were not up to scratch and without them they faced the same fate as the Bangladeshi bank that recently lost $81m through a cyber attack."As we go out there now, we are pointing that out."The SEC is "very pro-active" in assessing how open those acting in the financial sector are to a cyberattack, she said, adding: "we can't do enough in this sector."She noted that companies are increasingly using non-Generally Accepted Accounting Principles GAAP to report their figures – an approach which enables them to keep what can be very large expenses out of public reporting.She also warned that the SEC was closely watching "fintech" – startups targeting the financial markets – name-checking in particular blockchain, automated investment advice and marketplace lending.It's not known whether the new crowdfunding rules will help revive the many startups across the country – but particularly in and around Silicon Valley – who are struggling to find funding through VC routes, or whether the rules will just sit on the books awaiting the next tech boom.
There were several tweets posted via the S1ege and Scrub Twitter handles about the exploits of the hacking group.On 13 May, Bank of France was hit by a DDoS attack, as tweeted by S1ege; the next day Ghost Squad hackers and S1ege tweeted about bringing down Bank of Kathmandu, Bank of Nepal, Central Bank of Chile, Central Bank of Kuwait and the National Bank of Philippines.In a related tweet, S1ege claimed the National Bank of Philippines was targeted in retaliation to the arrests of the Comelec hackers, who have been accused of breaching Philippines' Commission on Elections website and leaking millions of voters' records online.These were originally tweeted from yet another account speculated to be affiliated with Anonymous hackers that goes by the handle "@Banned Offline".While the NY stock exchange was reportedly down for four hours, Scrub claimed that Union Bank of Cameroon was down for over 48 hours.There is no information about the extent of damage the cyberattacks may have caused the banks.
The details were apparently taken when LinkedIn was hacked four years agoA hacker claiming to have more than one hundred million LinkedIn logins is advertising them for sale online.The extensive list of user IDs and passwords were allegedly sourced from a cyber attack on the networking site four years ago.According to news site Motherboard, a hacker calling himself "Peace" has placed the alleged details of 117 million LinkedIn users on "dark web" marketplace The Real Deal for the price of 5 Bitcoin - the digital currency - worth around £1,500.In the wake of the 2012 breach, only around 6.5 million details were posted online - but LinkedIn's chief information security officer Cory Scott said he does not believe the extra data was gained as the result of a new security breach."In 2012, LinkedIn was the victim of an unauthorised access and disclosure of some members' passwords," he said."We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords," he said.
The BoE ordered them to detail steps taken to secure computers connected to the SWIFT bank messaging network, according to insiders who spoke to Reuters.The orders included conducting a 'compliance check' to check whether they are following security procedures issued by SWIFT after an attack in February saw $81m £56m stolen from Bangladesh's central bank.On 13 May, SWIFT issued a notice saying that another instance of a malware-led attack on an institution had emerged, directed at banks' secondary controls.In addition to the two fraud attempts on the SWIFT network, major financial institutions have been targeted recently as part of hacking group Anonymous's Operation Icarus, a hacktivist project protesting the role of banks in global corruption.In 2014, Andrew Gracie, Executive Director, Resolution at the BoE, formally launched a new framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack.This was part of the BoE's response to the Financial Policy Committee's recommendation to test and improve resilience to cyber-attack.
Mary Jo White made the stark warning on cyber-security, or lack of it, at the Reuters Financial Regulation Summit over in Washington.As we go out there now, we are pointing that out."White also noted that the SEC is being active in reviewing cyber-security defences of the likes of brokers to ensure they are up to scratch.Bangladesh Bank suffered from woeful security and lacked basic measures such as a firewall, and also used bargain basement $10 switches in its internal networks, all of which made it a much easier target than it should have been – and also meant it was much more difficult to trace those who pulled off the online heist.Last week, global payments network Swift warned that a second bank had been hit by hackers using broadly the same tools and methods seen in the Bangladesh affair.Many more banks, particularly those in developing nations, are at risk according to Swift, and they need to be seriously looking at their security measures.
Hacktivist group Anonymous has threatened Turkey with heavy cyberattacks on numerous occasionsA hacker affiliated with the Anonymous collective has claimed to have compromised sensitive hospital data belonging to "more than 10 million" Turkish citizens in retaliation for recent ransomware attacks against healthcare facilities in the US.At the time, these were touted to be the work of Turkish hackers – however this assertion was never backed up with solid proof.According to news website Vocativ, which is in the process of analysing the trove of stolen files, the dataset contains a significant amount of patient information – including HIV status and abortion histories.In a statement provided to the Hurriyet Daily News, the health ministry confirmed a total of 33 hospitals were impacted by a cyberattack and admitted the incident brought operations on computer systems to "a complete halt."An 'Anonymous' twitter account linked directly to the data dumpHospital staff tried to reload backed-up data, but the hacking group allegedly prevented this by pre-emptively blocking restoring, the statement added.Security writer 'Dissent Doe', who collates news about leaks and hacks on databreaches.net slammed the "morally bankrupt" actions of the person responsible.
The extensive list of users' security details is thought to have been sourced from a cyber-attack on the business networking site in 2012.According to the news site Motherboard, a hacker called "Peace" is selling the data on The Real Deal, a dark web illegal marketplace, for five bitcoins £1,500 .Four years ago LinkedIn admitted to a security breach but said only 6.5 million users' account details were posted online."Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012," the company's chief information security officer Cory Scott wrote in a blog post.For LinkedIn, the lesson is the same as four years ago: "don't store passwords in an insecure way", says Motherboard.News of the breach is the latest in a long line of cyber-attacks on major websites and companies, with telecoms firm TalkTalk and parental forum Mumsnet among those who have fallen victim to security breaches in the last year.
The Bank of England issued an urgent warning to UK financial institutions after Bangladesh hackIn the wake of an orchestrated cyberattack found to be targeting numerous banks across the globe, the Bank of England issued an urgent call of all UK institutions to check for "indicators of compromise" on any computer connected to the Swift messaging service, it has emerged.Officials close to the UK central bank, who spoke to Reuters on condition of anonymity, said the warning was issued in mid-to-late April – however is only now being made public.In this case, which is still being investigated, hackers were able to compromise $81 £56m in a complex scheme.It also demanded a "compliance check" to ensure that security policies put forward by Swift are being followed, alongside a check of who exactly has access to its sensitive applications and web portals.Now, security firms – including FireEye – are in the process of investigating the landmark attack.Echoing calls from the Bank of England, other central banks around the world have been instructed to bulk up security measures and IT systems.
According to a online solicitation spotted by NextGov, the navy is inviting vendors to present quotes related to the expected cost of providing "high quality training services" to its officers, which would involve them being eventually certified as ethical hackers by the International Council of Electronic Commerce Consultants EC-Council .The navy describes a certified ethical hacker as "a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in networks and/or computer systems and uses the same knowledge and tools as a malicious hacker upon request from an organisation.The certification is for individuals who are responsible for securing or testing the security of computer networks".The navy, however, is aiming to train those who specifically work with its computer networks.The move comes just months after the US Air Force's chief technology officer, Frank Koniecnzy, called for the Pentagon to consider placing responsibility for the military's IT infrastructure with third-party contractors rather than completely relying on in-house support.Military and intelligence organisations have been under pressure to retain qualified security professionals, who, given the current atmosphere to widespread and varied cyberattacks, are considered highly valuable to such organisations.
Andrea Castillo, program manager in the Technology Policy Program at George Mason University s Mercatus Center, argues against such a mandate.Indeed, state requirements vary in 47 states, and federal rules are inconsistent across sectors and lack specificity.The Cybersecurity Act signed into law in December, as part of a broader spending bill, creates a framework for voluntary sharing of cyberthreat information.This is a significant step, but it, too, doesn't go far enough.The government should first focus on correcting policy missteps from the past.It should promote the use of strong encryption and reform counterproductive laws like the Computer Fraud and Abuse Act that chill security research.
According to Voice, OpIcarus has been in the making for five years and "is created with the input of many different Anons anonymous hackers over a number of years."Anonymous hacker claims OpIcarus was launched originally to coincide with the Occupy movement in efforts to digitise protestsThe inspiration and motives behind the OpIcarus campaignVoice revealed that the operation was "created to work hand-in-hand with the Occupy Wall Street movement.Website down: screenshots show bank targets offline after Anonymous cyberattacksOn the motives behind targeting banking systems, the Anonymous hacker revealed: "We want to bring people's attention back to financial terrorism which is caused by the elite rather than the corporate terrorism which created by the state.How Anonymous choose its targetsIBTimes UK spoke to ESET security researcher Cameron Camp about the Anonymous evolution as a hacktivist group and how they go about picking who to hit next.Since these attacks have shorter, less crippling lifespans before defences can be deployed, it is very difficult to continue a campaign long enough so the hacktivists can maintain their focus and retain media attention."The Voice provided IBTimes UK with several screenshots as evidence of having shut down various international banks, including the Reserve Bank of India, the State Bank of Hamburg, the Central Bank of UAE, the Vatican City Financial Services, the Rothschild Foundation and the World Bank.
Image caption Users were made to reset their passwords as a "precautionary measure" following the attacks in 2015A teenager has been charged with a hacking attack on Mumsnet, which caused the parenting site to reset its 7.7 million members' passwords.David Buchanan, 18, of Haslemere, Surrey, faces two counts of hacking and one of impairing the operation of or hindering access to a computer.Mr Buchanan is expected to appear at Guildford Magistrates' Court on 7 June.The Mumsnet homepage was redirected to a now suspended Twitter profile page and had some posts edited during a cyber attack in August.It was also subjected to a distributed denial of service DDoS attack, where an attempt is made to force a site offline by swamping it with internet traffic.The Metropolitan Police said two 17-year-old boys who were were interviewed under caution in relation to the incidents had been eliminated from the inquiry.
Experience has taught us that the vast majority of data breaches were not the result of failures in technology, but of poor decision-making by the people responsible for the victim organisation's security programme.In essence, we've been fighting the wrong battle.Here is a battle plan they can follow to change the course they find themselves on.Organisations should expect tremendous resistance at this stage of the process, where organisational leadership will face the question, 'Which is more important: your ego or the success of your organisation?'Let other people make bad decisions and be happy to learn from them:There are so many breaches that can be analysed that there really is no reason why the cybersecurity industry should not have volumes of post-incident review documentation to learn from.Instead, preventing breaches requires changing behaviour and reducing the number of opportunities for people to make mistakes.
In efforts to rebuild its reputation Swift s CEO Gottfried Leibbrandt is slated to announce the launch of a new five-point plan for improved securitySwift, the global financial communication service, has said that it intends to launch a new security programme, which will enable itself and its customers to better defend themselves against cyberattacks.The move comes after recent reports emerged of a slew of cyberheists, the most prominent of which is the Bangladesh Bank hack, which is currently being investigated by officials.In efforts to rebuild its reputation, which was brought into question by officials of the Bangladesh bank after hackers stole $81m £55m using Swift to send fraudulent money transfer communications, Swift has already warned its customers to be more cautious when conducting business.Leibbrandt is also expected to highlight Swift's response to the cyberattacks while also committing to "drastically improve information sharing among the global financial community".He is also expected to promise to "harden security requirements for consumer-managed software to better protect their local environment" and "to introduce certification requirements for third party providers."As part of Swift's five-point plan, which is likely to be revealed in the coming few days, the service also plans to provide the banking community with the ability to detect cyber fraud by encouraging them to use "payment pattern controls", which would help them identify suspicious activity.
The U.S. government could do several things to help states improve their response to cyberattacks, including increased funding for technology training programs, cybersecurity experts told a House of Representatives committee Tuesday.States have difficulty hiring top cybersecurity employees, said Steven Spano, president and COO of the Center for Internet Security.Cybersecurity workers are a "high-demand, low-density asset," the former Air Force general told two subcommittees of the House Homeland Security Committee.For four years in a row, states have ranked their ability to respond to cyberattacks at the bottom of a list of emergency response competencies when surveyed by the Federal Emergency Management Agency, noted Representative Dan Donovan, a New York Republican.Part of the problem for states is a lack of funding, said Mark Raymond, CIO for the state of Connecticut and vice president National Association of State Chief Information Officers.Another area of concern is cyberthreat information sharing, witnesses said.
Nothing scares an insurer more than a lack of data.The database ought to include some details of the company that had suffered a security incident, the type of attack and the damage caused, including clean up costs.Although breaches against big UK organisation such as TalkTalk and JD Wetherspoon have dominated the headlines they happen against a constant background noise of malware infections and hacking attacks that affect business large and small, as well as public sector organisations.Actual losses on the balance sheet of compromised firms tend to come in months or years later, often at a lot less than first estimates might suggest.About the best guide is Verizon s annual data breach report but that mainly covers trends rather than costs.As in other aspects of security, cyber insurance is partly driven by compliance concerns PCI for retailers, Sarbannes-Oxley, HIPA etc.
View photosMoreAn illustration picture shows a projection of binary code around the shadow of a man holding a laptop computer in an office in Warsaw June 24, 2013.REUTERS/Kacper PempelVIENNA Reuters - The head of Austrian aerospace parts maker FACC has been fired after the company was hit by a cyber fraud that cost it 42 million euros $47 million .The hoax email asked an employee to transfer money to an account for a fake acquisition project - a kind of scam known as a "fake president incident"."The supervisory board came to the conclusion that Mr. Walter Stephan has severely violated his duties, in particular in relation to the 'fake president incident'," FACC said.Robert Machtlinger was appointed interim chief executive.FACC fired its chief financial officer in February soon after the cyber attack.