Cyber Security Trends 2016

| April 26, 2016

article image
What do new technologies and the ever increasing cyber threat hold in store for business and the public sector in 2016? How should organizations be preparing themselves? What should IT security leaders be doing as a priority in the coming year? These are the questions we asked our leading security analysts and consultants at OpenSky to tackle. 2016 will see an increasing number of attacks and the emergence of new targets. The complexity and sophistication of attacks, initiated by increasingly capable and technically wellequipped cyber criminals, will continue to rise.

Spotlight

Cyberworld (Asia) Limited

Founded in 1991, Cyberworld (Asia) Ltd. has steadily established itself as a reputable IT products distributor in Hong Kong and obtained trust from both our valued customers and suppliers alike. We focus on distributing Network Infrastructure, Network Security, Remote Access Solution, Application Acceleration, Proxy Solution and Content Security.

OTHER ARTICLES

Single Layers Of Security Aren’t Enough To Protect Your Organization’s Data

Article | May 3, 2020

Next to your employees, your organization’s data is its most important resource. A data breach can devastate an organization’s finances and reputation for years. According to the 2019 Cost of a Data Breach Report, conducted by Ponemon Institute, the average total cost of a data breach in the U.S. is close to $4 million, and the average cost per lost data record is $150. Hackers are more sophisticated than ever and the value of data seems to rise every day. In fact, McAfee believes that 92% of organizations unknowingly have credentials for sale on the Dark Web or “dark net.”

Read More

5G and IoT security: Why cybersecurity experts are sounding an alarm

Article | March 2, 2020

Seemingly everywhere you turn these days there is some announcement about 5G and the benefits it will bring, like greater speeds, increased efficiencies, and support for up to one million device connections on a private 5G network. All of this leads to more innovations and a significant change in how we do business. But 5G also creates new opportunities for hackers.Gartner predicts that 66% of organizations will take advantage of these benefits and adopt 5G by 2020 — with 59% of them planning to use 5G to support the Internet of Things across their business. Already, manufacturers including Nokia, Samsung, and Cisco have either started developing 5G enterprise solutions or have publicly announced plans to do so. In the enterprise, full deployment of private 5G networks will take time, as it requires significant investments to upgrade legacy network infrastructures, observers say. In the meantime, there are instances of devices in the workplace already operating on a 5G network.

Read More

NATO Adds Cyber Commitments, Potential Ransomware Response

Article | August 30, 2021

As President Biden prepared to meet with Russian President Putin this past week in a high-profile summit in Geneva, Switzerland, cyber-attacks originating from criminals within Russia were near the top of a list of contentious issues on the agenda. However, there were important events that received minimal media attention that strengthened the U.S. President’s position. President Biden walked into those meetings with something new and bold: the strong backing of NATO countries on a series of new cyber commitments. In a NATO Summit held in Brussels on June 14, 2021, the heads of state and government participating in the meeting of the North Atlantic Council reaffirmed their unity and commitments on a long list of mutual defense topics. And there was also a major new commitment discussed in the press release — cyber-attacks against critical infrastructure within any NATO member country were now on the table. That is, online (Internet-based) attacks could result in the same response as physical attacks (with guns and bombs.) Yes, this is a very significant global development which highlights another way that the physical world and online world are merging fast, with ramifications in both directions. HOW DID WE GET TO THIS MOMENT? The ransomware attacks that recently struck critical infrastructure companies such as Colonial Pipeline and JBS resulted in more than just long lines for gas and meat price hikes. It raised alarm bells in countries all over the globe regarding the susceptibility of the majority of countries to ransomware and other forms of malware. These ransomware incidents led to NATO’s new Comprehensive Cyber Defense Policy. The big news: Cyber-attacks against critical infrastructure might (on a case-by-case basis) now trigger the famous Article 5 clause. “The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all and consequently they agree that, if such an armed attack occurs, each of them, in exercise of the right of individual or collective self-defense recognized by Article 51 of the Charter of the United Nations, will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area. …” Here are two sections I’d like to highlight from last week’s communiqué (take special notice of section in bold): “In addition to its military activities, Russia has also intensified its hybrid actions against NATO Allies and partners, including through proxies. This includes attempted interference in Allied elections and democratic processes; political and economic pressure and intimidation; widespread disinformation campaigns; malicious cyber activities; and turning a blind eye to cyber criminals operating from its territory, including those who target and disrupt critical infrastructure in NATO countries. It also includes illegal and destructive activities by Russian Intelligence Services on Allied territory, some of which have claimed lives of citizens and caused widespread material damage. We stand in full solidarity with the Czech Republic and other Allies that have been affected in this way. “Cyber threats to the security of the Alliance are complex, destructive, coercive and becoming ever more frequent. This has been recently illustrated by ransomware incidents and other malicious cyber activity targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm. To face this evolving challenge, we have today endorsed NATO’s Comprehensive Cyber Defence Policy, which will support NATO’s three core tasks and overall deterrence and defence posture, and further enhance our resilience. Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law. We reaffirm that a decision as to when a cyber-attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis. Allies recognize that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack. We remain committed to act in accordance with international law, including the UN Charter, international humanitarian law and international human rights law as applicable. We will promote a free, open, peaceful and secure cyberspace, and further pursue efforts to enhance stability and reduce the risk of conflict by supporting international law and voluntary norms of responsible state behavior in cyberspace.” MEDIA COVERAGE OF NATO ANNOUNCEMENTS Global media coverage leading up to this NATO Summit was rather limited, especially when compared to the U.S.-Russia Summit and many of President Biden’s other European meetings – such as the G7 Summit and the his meeting with Queen Elizabeth II. Nevertheless, Meritalk offered this article: “Cybersecurity, Ransomware Climb Policy Ladder at NATO, G-7 Meetings,” which said, “cybersecurity in general, and ransomware in specific, climbed high onto the ladder of major policy issues at both the weekend meeting of G-7 nations this weekend, and the NATO Summit that concluded on June 14. “The increasing importance of cybersecurity on the national stage tracks with U.S. policy in recent months, including federal government responses to major software supply chain cyber assaults and ransomware attacks against U.S. critical infrastructure sector companies that are believed to have originated from organizations based in Russia. President Biden has promised to confront Russian President Vladimir Putin with cybersecurity and ransomware issues when the two leaders meet on June 16. …” Also, Info security Magazine ran an excellent piece entitled: “NATO Warns it Will Consider a Military Response to Cyber-Attacks,” which said, “NATO has warned it is prepared to treat cyber-attacks in the same way as an armed attack against any of its allies and issue a military response against the perpetrators. “In a communique issued by governments attending the meeting of the North Atlantic Council in Brussels yesterday, the military alliance revealed it had endorsed a Comprehensive Cyber Defence Policy, in which a decision will be taken to invoke Article 5 “on a case-by-case basis” following a cyber-attack. Under Article 5 of the NATO treaty, first signed in 1949, when any NATO ally is the victim of an armed attack, it will be considered an attack on all alliance members, who will theoretically take any actions necessary to defend that ally….” When I posted this NATO cyber topic on LinkedIn, the responses were all over the map. You can join that discussion here. Here are a few comments worth noting: Michael Kaiser, president and CEO at Defending Digital Campaigns: “Attribution better be 110 percent.” Paul Gillingwater, management consultant, Chaucer Group: “A cyber counter-attack *is* a military response. It's now one battlefield, from sea, land, air, space to cyberspace. Next: your AI will be trying to persuade my AI that it was actually a pacifist.” Kaushik (Manian) Venkatasubramaniyan, project manager, Global Business Research (GBR): “These kind of cyber-attacks targeting hospitals etc. are acts of war anyway.” FINAL THOUGHTS ON IMPORTANCE OF NATO ANNOUNCEMENT For many years, cyber pros have been talking about a “Cyber 9/11” or “Cyber Pearl Harbor.” Many experts still believe that those major cyber incidents are inevitable. Still, “smaller” cyber-attacks are now happening all the time all over the world — with very serious consequences. Bad actors are asking for larger ransoms and causing more harm. Ransomware is evolving, and future cyber-attacks may not be ended by paying a ransom to the cyber criminals. With many cyber-attacks against governments, hospitals and now critical infrastructure like gas pipeline companies and food processing plants taking place, new government actions were a must. These ransomware attacks via different types of malware are becoming more frequent and serious, and are a growing global challenge for public- and private-sector leaders. Many questions must be answered quickly, such as: Where are the “red lines” that cannot be crossed? Once the lines are identified, what happens if they are crossed? When does a cyber-attack become an act of war? Make no mistake, NATO’s new policy on cyber-attacks against critical infrastructures is a big deal. Expect more ransomware attacks to occur and those global commitments for action to be tested in the years ahead. Article Orginal Source: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/nato-adds-cyber-commitments-potential-ransomware-response

Read More

New ‘Haken’ Malware Found On Eight Apps In Google Play Store

Article | February 21, 2020

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which have since been removed, had collectively been downloaded 50,000 times. The apps were mostly camera utilities and children’s games, including “Kids Coloring,” “Compass,” “qrcode,” “Fruits coloring book,” “soccer coloring book,” “fruit jump tower,” “ball number shooter” and “Inongdan.” The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions. “Haken has shown clicking capabilities while staying under the radar of Google Play,” said researchers with Check Point Research, in an analysis on Friday. “Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.

Read More

Spotlight

Cyberworld (Asia) Limited

Founded in 1991, Cyberworld (Asia) Ltd. has steadily established itself as a reputable IT products distributor in Hong Kong and obtained trust from both our valued customers and suppliers alike. We focus on distributing Network Infrastructure, Network Security, Remote Access Solution, Application Acceleration, Proxy Solution and Content Security.

Events