The business ISP analyzed traffic for its customers during the period and found them to be on the receiving end of 146,491 attempted attacks each, on average. That’s 179% higher than the same period in 2018, when firms faced down 52,596 attacks on average.
IoT devices and file sharing services were most frequently targeted, hit by 17,737 and 10,192 attacks respectively during the quarter.
This chimes somewhat with a FireEye report from last month which revealed a dramatic increase in attacks exploiting file-sharing services to deliver malware via email. From hardly being used in any attacks in Q4 2018, OneDrive was seen in over 60% by Q1, it claimed.
In addition, the survey found that 15% of participants would delete files or change passwords upon exiting.
While a number of organizations have invested in technologies to help detect and defend against external attackers, many companies are starting to better understand the risks from insider threats, which a recently published whitepaper said may actually be a larger issue.
According to the report insider attacks are more difficult to detect and prevent than external ones, with 91% of respondents in a similar survey of IT and security professionals reporting they feel vulnerable to both malicious and accidental insider threats.
In 1648, the Treaty of Westphalia was signed, ending 30 years of war across Europe and bringing about the sovereignty of states. The rights of states to control and defend their own territory became the core foundation of our global political order, and it has remained unchallenged since.
In 2010, a delegation of countries came to an obscure agency of the United Nations with a strange request: to inscribe those same sovereign borders onto the digital world.
In 2010, a delegation of countries – including Syria and Russia – came to an obscure agency of the United Nations with a strange request: to inscribe those same sovereign borders onto the digital world. “They wanted to allow countries to assign internet addresses on a country by country basis, the way country codes were originally assigned for phone numbers,” says Hascall Sharp, an independent internet policy consultant who at the time was director of technology policy at technology giant Cisco.
After a year of negotiating, the request came to nothing: creating such boundaries would have allowed nations to exert tight controls over their own citizens, contravening the open spirit of the internet as a borderless space free from the dictates of any individual government.
Released over the Easter weekend (April 21, 2019), the report also found that the most-used password from global cyber breaches was “123456,” with “ashley” the most-used name as a password. The global password-risk list was published to disclose passwords already known to hackers.
The polling was independently carried out on behalf of NCSC, a part of GCHQ and the Department for Digital, Culture, Media and Sport (DCMS). The findings, as well as 100,000 passwords already known to have been breached by hackers, were released ahead of NCSC’s CYBERUK 2019 conference, which will be taking place in Glasgow this week.
These will inform government policy and guidance offered to the public.
Read entire post Password “123456” Used by 23.2 Million Users Worldwide | Phee Waterfield | InfoSecurity
Before the next WannaCry or NotPetya cyber-attack strikes, potentially resulting in widespread damage for which few are actually prepared, law enforcement in the EU have established an incident response protocol, according to a Europol press release.
“To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union. The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises,” Europol wrote.
“It serves as a tool to support the EU law enforcement authorities in providing immediate response to major cross-border cyber-attacks through rapid assessment, the secure and timely sharing of critical information and effective coordination of the international aspects of their investigations.”
Discovered by a user of Reddit, as these things often are, it’s emerged the Epic Games Launcher scans for your Steam install during each start-up and then grabs a snapshot of user files in the Steam Cloud, including data on game saves, play history, Steam friends lists, name history, and groups you’re part of.
In accordance with GDPR, you can request Epic removes all of your personal data, or they could face legal ramifications.
Steam Cloud data is stored locally in Steam>userdate>[account ID]. Epic feeds into this, pulls the data and then creates an encrypted copy which is placed into C:ProgramDataEpicSocialBackupRANDOM HEX CODE_STEAM ACCOUNT ID.bak
The purpose of this appears to be to provide friend suggestions in the Epic Launcher, effectively linking the two systems up. This is done with the user’s express permission according to Epic. It’s tucked away into the lengthy agreement when installing the Epic Launcher and signing up for an account.
The attraction of cybercrime to criminal hackers is obvious: tangled webs of interactions, relatively low penalties, disjointed approaches on money laundering and potentially massive payouts.
The key is preparation and seeing vulnerabilities, and resilience, in terms of interactions with overall management systems, and that’s where Information Security Management Systems (ISMS) standard ISO/IEC 27001 comes in.
This is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago.
It has been constantly updated and expanded to include more than 40 International Standards
Developed by ISO/IEC JTC 1, the joint technical committee of ISO and the International Electrotechnical Commission (IEC) created to provide a point of formal standardization in information technology, it has been constantly updated and expanded to include more than 40 International Standards covering everything from the creation of a shared vocabulary (ISO/IEC 27000), risk management (ISO/IEC 27005), cloud security (ISO/IEC 27017 and ISO/IEC 27018) to the forensic techniques used to analyse digital evidence and investigate incidents (ISO/IEC 27042 and ISO/IEC 27043 respectively).
Love is in the air this week, but cyber-criminals are reportedly targeting user accounts on dating sites like OkCupid ahead of Valentine’s Day. Multiple news outlets have reported that OkCupid users say their accounts have been hacked, which the company says is likely the result of credential stuffing.
“There has been no security breach at OkCupid. All websites constantly experience account takeover attempts and there haven’t been any increases in account takeovers on OkCupid. There’s no story here,” a spokesperson shared in a statement.
According to the website’s Help page, “Account takeovers… happen because people have accessed your login information. That can happen in a few ways. The simplest, of course, is using a password that’s easy to guess. Another option is because of a breach on another site. If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach.”
Cyber-attacks or IT malfunctions in manufacturing can pose risks to the safety measures in place, thus having an impact on production and people. New international guidance to identify and address such risks has just been published.
“Smart” manufacturing, or that which takes advantage of Internet and digital technology, allows for seamless production and integration across the entire value chain. It also allows for parameters – such as speed, force and temperature – to be controlled remotely. The benefits are many, including being able to track performance and usage and improved efficiencies, but it also exacerbates the risk of IT security threats.
ISO/TR 22100-4, Safety of machinery – Relationship with ISO 12100 – Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects, is designed to help machinery manufacturers identify and address IT security threats that can impact on the safety of their product. It complements ISO’s flagship standard for machine safety, ISO 12100, Safety of machinery – General principles for design – Risk assessment and risk reduction, which lays down the fundamentals for risk assessment, hazard analysis and documentational requirements.
The GDPR replaces the 1995 EU Data Protection Directive, forcing every company around the globe to abide by strict rules when handling European subjects’ personal data. The regulations were adopted to protect EU residents and arm them with awareness about how companies use their information.
While GDPR addressed tech companies that have dealt with and make money off user data, like Facebook and Google, the expansive definition of “personal data” — everything from names and email addresses to biometrics and IP addresses — means that gaming companies have had to comply, too. And that has cost them time and money to avoid incurring fines.
This is good for gamers in the EU, who will have a much better idea what information is collected when they play, buy products or use services. Game enthusiasts outside Europe will benefit, too, as some organizations, like Razer, treat the GDPR as a privacy bellwether and adopted it globally.
25 November 2018 marked the six month anniversary of General Data Protection Regulation (GDPR) officially coming into effect. Quentin Hunt has been examining the implications of early high profile test cases under the regulations – and reporting on what this might mean for organisations in the future.
Although it adopts the same principle-based approach as the preceding Data Protection Act 1998, GDPR has significantly increased the ability of regulators to impose fines – with the maximum for some offences now set at 20 million euros or 4% of global turnover, whichever is highest.
GDPR has also rendered obligations on data controllers as more onerous they were before, with the consequences for non-compliance more severe and, crucially, less predictable. This renders GDPR a significant business risk that is difficult to assess and mitigate, as three of the early legal cases demonstrate, Hunt says.
Australia has passed controversial laws designed to compel technology companies to grant police and security agencies access to encrypted messages.
Why are encrypted messages an issue?The government says the laws, a world first, are necessary to help combat terrorism and crime. However critics have listed wide-ranging concerns, including that the laws could undermine the overall security and privacy of users.
The laws were rushed through parliament on its final day of the year. The Labor opposition said it had reluctantly supported the laws to help protect Australians during the Christmas period, but on Friday it said that “legitimate concerns” about them remained.
See also Why intelligence services need access to your phone by Phil Gurski
Cyber-security experts have warned the laws could now create a “global weak point” for companies such as Facebook and Apple.