Weekly Security Roundup #38: How Big the Iceberg Really Is
The more we discover about cyber criminal tactics, the better we can calibrate our efforts to counteract attacks.
Cyber security is a field that requires a multidisciplinary approach, because it involves complex aspects related to the world we live in.
This is precisely why the Weekly Security Roundup can help you get a bird’s eye view of what’s happened in the past 7 days.
This week, we put together a cyber security guide for bloggers, to show them what tools and tactics they can use to protect their work and critical data.
And the Cyber Security for Beginners course is getting more and more applicants by the day! If you’d like to enhance your cyber security skills, consider it as an option!
Security articles of the week
1. How infected are the computers we use?
TopTenReviews recently published an infographic highlighting the levels of cyber infections around the world.
You’ll be surprised to find out that roughly 32% of computers around the globe are infected. Moreover:
Last year, in the United States alone, malware cost us an estimated $4.5 billion, and one million U.S. households lost money or had accounts misused due to malicious software.
You can read more about the startling statistics in this article.
2. After installing the last update, Firefox will scan your downloads for malware
It’s great to see that browsers are becoming an aid for fighting cyber threats, and Mozilla is certainly interested in this direction:
Mozilla has released a new version of Firefox which fixes 22 security leaks including the so-called Logjam attack. The browser will from now on also check downloads of Mac and Linux users for malware. Of the 22 vulnerabilities, 13 have been marked as critical, which means an attacker can fully take over the computer if an users with a vulnerable Firefox version visits a hacked or malicious website, according to the release notes of Firefox 39.
3. Dyreza strikes again, targeting various European banks
19,000 malicious emails have been sent in three days from spam servers worldwide, inviting users to download an archive containing a malicious .exe file.
Keep in mind these 15 Steps to Maximize your Financial Data Protection that you can apply to conduct financial transactions with peace of mind when such a situation is announced in the media – and not only then, of course.
4. A new malware building toolkit threatens to create a new wave of botnets
Zeus GameOver may have been taken down, but the tools to create it still exist.
The source code for the builder and control panel of ZeusVM version 18.104.22.168 was leaked sometime in June, according to a malware research outfit called Malware Must Die (MMD). The leak was kept under wraps by the researchers as they tried to stop the files from becoming widely available, an effort that ultimately exceeded their resources.
This may cause a sure of botnets, and we already have a lot to worry about with the multiplication of social botnets:
Cyber criminals use social media botnets to disseminate malicious links, collect intelligence on high profile targets, and spread influence. As opposed to traditional botnets, each social bot represents an automated social account rather than an infected computer. This means building a legion of interconnected bots is much quicker and easier than ever before, all accessible from a single computer.
5. How Hacking Team was hacked and why it made the news all week long
Last Sunday, the Italian Hacking Team, specializing in surveillance technology, was hit by cyber criminals who “published a Torrent file with 400GB of internal documents, source code, and email communications to the public at large.”
And while this may seem unimportant, what followed plastered the company’s name across online and offline media the entire week:
- their business practices and their primary surveillance tool Da Vinci came under scrutiny
- their emails have become widely available on Wikileaks
- their attitude towards the breach was not ideal
- and their misfortune uncovered a previously unknown Flash vulnerability.
The story might still continue and is worth following.
6. Adobe Flash – new patches for old, unknown, critical vulnerability
If you haven’t updated your Adobe Flash software, there’s not a moment to waste!
As you just read, the data breach suffered by Hacking Team also exposed a Zero Day vulnerability in Adobe Flash that could be exploited to launch dangerous cyber attacks.
We’ve updated our recent article on Flash and its troubled recent history to include the details.
7. Mysterious cyber criminal gang is attacking huge corporations
The purpose? To get steal valuable business intelligence – or so it seems.
Variously known as “Wild Neutron” or “Morpho”, the gang is thought to be a highly organised professional organisation, uninterested in stealing credit card data or customer databases, but instead focused on high-value corporate information which could be exploited for insider dealing.
And the even more unsettling fact is that these attacks have started 4 years ago and haven’t really stopped ever since.
8. Public Wi-fi is a menace! Don’t believe it yet? Watch this:
Using public wi-fi to browse the web may be convenient, especially because it’s free, but it may cause more trouble than it’s worth.
That’s why encryption is important, and so are the various tips you can apply to keep safe on public Wi-fi hotspots.
If you’ve never understood just why it’s so important to encrypt your communications from criminal hackers when using WiFi to log into your email, make a VOIP call, or simply browse the web then you need to watch this video.
9. The cyber security market continues to grow around the world
As the malware economy evolves, so does the cyber security industry, as a natural and much needed response to growing cyber threats.
The cyber security market is estimated to grow to $170 billion (USD) by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8% from 2015 to 2020, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical continues to be the largest contributor to cybersecurity solutions.
There are a lot more important statistics to explore in this CSO Online article depicting cyber security growth in North America, Latin America, EMEA, and the Asia-Pac region.
10. CFOs talk about cyber security risks
Even though a cyber security breach may not happen in your organization, it doesn’t mean that you won’t be affected directly.
If a supplier, business partner or a part of the infrastructure you use is affected by a cyber breach, your organization may also suffer the consequences.
Hidden in the murky depths, however, are dangers that could really bring down the ship: suppliers, partners, systems, and internal actors. To fully protect a company, CFOs should lead it in a thorough review of these areas of vulnerability.
Read more about this issue in this thought-provoking article.
What other piece of news surprised you this week? Share it and we’ll add it to the list!