During times of peak cybersecurity, it is important to keep track of the latest developments in the industry. This is what is happening right now:
In the US, the tallest tree catches the most wind, also in cybersecurity:
Amazon is one of the most successful companies on the planet today, and its innovative technology has transformed the way we live and shop. Its owner, Jeff Bezos, is the richest man in the world and considering that his business relies on cybersecurity, it was shocking to read that his phone was hacked last week, revealing personal messages and photographs. Indeed even newspapers can be involved in cyberextortion, which is a nasty game.
We all can’t help but wonder at how someone so powerful cannot be fully protected, but it just shows that cybersecurity technology can only protect individuals as far as they are willing to protect themselves. It seems that educating the consumer is the most difficult task to be accomplished by cybersecurity firms.
Alpine Security, a leading cybersecurity firm, offers cybersecurity strategy and trains candidates for important cybersecurity positions around the world. The company CEO, Christian Espinosa, recently said: “We’re seeing more companies go beyond the minimum requirements to be a step ahead. Organizations are increasing salary levels in cybersecurity and focusing on workforce development. Cybersecurity is now a more attractive career than ever before. Alpine Security’s cybersecurity training empowers our students with skills to greatly enhance their careers and have a positive impact on society.”
Cybersecurity news from Europe:
Earlier this year, a 30 year old Portuguese man was detained in Budapest, Hungary after he was suspected of hacking documents, emails specifically, from the Portuguese football club of Benfica, Sporting and Porto. The details which he allegedly managed to hack provided him with information about players’ contracts and other private information concerning the clubs. Besides gathering and leaking the information, he also demanded money from the clubs, in exchange for not leaking the details.
UK cybersecurity chiefs feel that any risks posed by Huawei’s Chinese technology can be managed. Most of the UK’s mobile companies have approached them to develop their new 5G networks, but are awaiting the government review next month. This follows efforts by the US to persuade its allies to ban the supply of Huawei’s 5G communications networks, as they believe that the technology giant is acting as a spy for the Chinese government.
The company has already been blocked by Australia and New Zealand, while Canada is still reviewing whether the company poses a security threat. The US has restricted federal funding toward Huawei equipment purchases.
In the meantime Huawei denies these accusations and maintains that they have no link with the Chinese government except for paying their taxes to the Beijing government. In an interview with the BBC, John Suffolk, the company’s security chief said that Huawei was the most transparent organization in the world and invited governments to verify this buy running tests.
Electoral campaigns have not been immune to hacks and leaks in recent years. Former US presidential candidate, Hillary Clinton, French President Macron and both of the Italian parties, which have formed the recent government, have been victims. In January this year, German politicians were targeted in a mass data attack, including Chancellor Angela Merkel.
The members of the German parliament had personal details stolen and published online. It is still unclear as to who was behind the attack but other public figures, including journalists and celebrities also had data leaks.
Since the leaks appeared on Twitter, in the style of an advent calendar, German authorities are working closely with the Irish Data Protection Commissioner to get to the bottom of these leaks. Twitter’s European Headquarters are based in Dublin and that is why the Irish data protection authority is part of the investigation.
It appears that the data stolen in the attack was from before October 2018. The only political party not affected by the leaks was the far-right AfD.
Initial suspicions fell on the right wing and the Russians, who have previously been accused of cyber-attacks in Germany before. This is not the first time that Russia has been implicated in a cyber attack and it has been alleged that their intervention helped determine the outcome of the 2016 US presidential elections and the outcome of the Brexit vote.
Other major developments:
Australia, it has been revealed, is also investigating a cyber breach of the Federal Government’s computer network. It is not certain at this stage if any data was stolen during the breach, but the Australian security services believe that it could have been instigated by China.
The attack was swift, but it appears that the attackers were more sophisticated than in previous attempts. The investigations may take some time and computer passwords have been reset and further cybersecurity measures will be taken.
WordPress has been fending off hackers, who have repeatedly been trying to breach old vulnerabilities to their commercial WP Cost Estimation plugin (helps to build e-commerce –centric forms). The hackers use these vulnerabilities to break into websites and plant what is called ‘backdoors’. They hijack incoming traffic and direct it to other websites. This was spotted by Defiant, the company behind the Wordfence firewall plugin. Older versions of the plugin are vulnerable, but the developer failed to warn in a timely manner, and even though these have been rectified in newer versions, many users were unaware of the danger.
Symantec has just launched “Email Fraud Protection” which will form part of the company’s Email Security Solution and Integrated Cyber Defense Platform. The solution offered will ease the workload for IT departments by eliminating the need to manually manage email security configurations.
In a letter to the US Department of Homeland Security and National Security Agency, US lawmaker expressed their concerns that the recent US government shutdown may have led to cybersecurity attacks. This is because many digital security certificates expired during this period and many government websites were exposed. They mention that the websites run by the US Department of Justice and NASA are included in the list with expired certificates.
The recent shutdown was the longest in the history of the US and lasted for 35 days, with over 800,000 federal employees furloughed or working without pay.
Meanwhile, Chinese and Iranian hackers continue to target banks, businesses and government agencies in the US. These attacks have become more aggressive since President Trump withdrew from the Iranian nuclear deal last year, and increased the animosity between the US and China with his trade wars. Some of the entities targeted by China include Boeing, General Electric Aviation and T-Mobile and Iran are believed to have targeted banks, businesses and government agencies. This has all led to concerns that we are entering a period of peak cybersecurity threat levels, where government agencies are under more pressure to take the lead.
These were ten big events that companies take note of. Be prepared for cybersecurity events by being proactive. Watch this space for future updates.