Tag Archives: today

[ISN] DDoS attacks knock Feedly offline for second day running


http://www.computerworld.com/s/article/9249064/DDoS_attacks_knock_Feedly_offline_for_second_day_running By Gregg Keizer Computerworld June 12, 2014 RSS aggregator Feedly today went dark for the second time in two days as another wave of distributed-denial-of service (DDoS) attacks knocked it offline. At approximately 10:30 a.m. ET (7:30 a.m. PT), Feedly acknowledged that it had again been targeted by cyber criminals, who seem bent on crippling the RSS provider. “The ops team has reviewed the attacks and is working on building a second line of defense to neutralize this second attack,” said company officials, including Edwin Khodabakchian, Feedly CEO, in a brief status update on the firm’s blog. After a four-hour outage, Feedly was restored at 2:30 p.m. ET, 11:30 a.m. PT. [...]

Tags: , , , , , , , ,

[ISN] The $10 Million Deductible – Why the cyberinsurance industry is a mess.

http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html By Josephine Wolff Slate.com June 12, 2014 Do you still shop at Target? There’s been controversy over how much of an impact the massive breach of 40 million credit and debit card numbers in late 2013 had on the company’s shareholders and customers. And that controversy speaks to a larger cybersecurity problem plaguing industry today: the difficulty of assessing the impact and costs of these sorts of security breaches and the challenges that presents when it comes to trying to buy and sell cyberinsurance. Yes, that’s a real thing—and a great business to be in, at the moment, if you can figure out how to develop accurate actuarial models, that is. A recent New York Times article touted cyberinsurance as the “fastest-growing niche in the [insurance] industry today.” Nicole Perlroth and Elizabeth Harris report: “[A]fter the breach at Target, its profit was cut nearly in half—down 46 percent over the same period the year before—in large part because the breach scared away its customers.” These enormous costs to brand reputation make it difficult for companies to get as much cyber risk coverage as they want, and the demand is only growing. The Times cites statistics showing a 21 percent increase in demand for cyberinsurance policies from 2012 to 2013, with total premiums reaching $1.3 billion last year and individual companies able to acquire a maximum of roughly $300 million in coverage. At the time of its breach, Target had only $100 million in coverage, with a $10 million deductible, and had been turned away by at least one insurer when it tried to acquire more cyberinsurance, Perlroth and Harris report. They suggest that this coverage may fall well short of the massive losses incurred by the company when it saw its profits nearly halved. But their piece comes less than a month after Eric Chemi argued exactly the opposite about the impact of Target’s security breach in a piece for Bloomberg Businessweek titled “Investors Couldn’t Care Less About Data Breaches.” He wrote: [...]

Tags: , , , , , , , , , , , , , , , , , , , , , ,

[ISN] Annual cost of cybercrime hits near $400 billion

http://www.networkworld.com/article/2360983/security0/annual-cost-of-cybercrime-hits-near-400-billion.html By Ellen Messmer NetworkWorld June 9, 2014 An estimate of the global cost of cybercrime — losses from cyber-espionage theft of intellectual property, plus all types of personal and financial data stolen and dealing with the fallout — is being tabbed at least $400 billion annually, according to the report published today by the Center for Strategic and International Studies. In its report “Net Losses: Estimating the Global Cost of Cybercrime,” Washington, D.C.-based think tank CSIS claims the countries hit most are the United States, China and Germany based on their overall national wealth in Gross Domestic Product (GDP). Those three countries together are estimated to have suffered $200 billion in cybercrime losses on an annual basis. CSIS acknowledges there’s going to be debate over how to calculate the cost of cybercrime the way it broadly defines it. But CSIS, whose research draws largely from the work of economists, argues it could not be lower than $375 billion and the maximum could actually be $575 billion. “Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow,” the report says. By coincidence, the CSIS report on the cost of cybercrime comes in the wake of the U.S. Department of Justice crime charges related to alleged cybercrime operations in China and Eastern Europe that are accused of stealing millions of dollars from U.S. businesses through either theft of trade secrets or outright financial fraud. [...]

Tags: , , , , , , , , , , , , , , , , , , , ,

[ISN] Banks: Credit Card Breach at P.F. Chang’s

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/ By Brian Krebs Krebs on Security June 10, 2014 Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide. On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014. Contacted about the banks’ claims, the Scottsdale, Arizona-based restaurant chain said it has not yet been able to confirm a card breach, but that the company “has been in communications with law enforcement authorities and banks to investigate the source.” “P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more,” the company said in an emailed statement. “We will provide an update as soon as we have additional information.” [...]

Tags: , , , , , , , , , ,

[ISN] LulzSec hacker ‘Sabu’ praised by FBI for helping stop more than 300 cyber attacks

http://www.independent.co.uk/life-style/gadgets-and-tech/lulzsec-hacker-sabu-praised-by-fbi-for-helping-stop-more-than-300-cyber-attacks-9438035.html By James Vincent The Independent 27 May 2014 A notorious former member of hacking group Anonymous has been praised by US prosecutors for providing “extremely valuable” assistance to the FBI and thwarting cyber attacks planned by his former associates. According to court documents Hector Xavier Monsegur, otherwise known as ‘Sabu’, helped law enforcement stop more than 300 separate attacks since his arrest for computer hacking in June 2011. Mr Monsegur is set to be sentenced today for his involvement in a number of major cyber attacks in the year of his arrest, with prosecutors recommending that he receive a reduced sentence. In May 2011 Mr Monsegur and five other members of the loosely-defined Anonymous movement formed what court documents describe as “an elite hack collective or ‘crew’ commonly referred to as LulzSec”. [...]

Tags: , , , , , ,

[ISN] Cyber warfare unregulated, says IDF adviser

http://www.haaretz.com/news/diplomacy-defense/.premium-1.591665 By Gili Cohen Haaretz.com May 20, 2014 Iyyar 20, 5774 Speaking at the CyberNight conference at the Shamoon College of Engineering in Be’er Sheva, Maj. A., the Military Intelligence legal adviser, described the role of legal consulting in the era of cybernetic warfare, saying that “Although the field is not regulated – and because the field is not regulated – the legal adviser plays a central role. This role is developing on the job, step by step, because there is no breakthrough convention or legislation” on the horizon. The IDF last year appointed a legal adviser for cyber warfare, whose main task is to regulate cyber warfare activities, based on principles of international law. The military has refused to confirm whether one of this adviser’s tasks is to approve targets, as it is for most of its legal advisers in operational positions. Many field commanders have been critical of these legal advisers’ work, said Maj. A. “Our ‘customers,’ at least some of them, perceive the jurists as interfering, rather than helping,” she said. “It’s no small challenge.” Maj. A. said that when providing advice “for various operations,” as she put it, she often had no choice but to rely on the Law and Administration Ordinance of 1948, “which has a clause that is still relevant, which says the army is allowed to take any legal step necessary to protect the State of Israel. That’s how we operate today.” [...]

Tags: , , , , , , , , , ,

[ISN] U.S. Department of Justice Indicts Five Members of the Chinese PLA ‘Unit 61398′ for Cyber Espionage

http://www.infosecnews.org/u-s-department-of-justice-indicts-five-members-of-the-chinese-pla-unit-61398-for-cyber-espionage/ By William Knowles Senior Editor InfoSec News May 19, 2014 For the first time ever, a U.S. grand jury in the Western District of Pennsylvania has indicted five Chinese military hackers for computer hacking, economic espionage, trade secret theft, aggravated identity theft, and other offenses directed at six American victims such as a labor union, critical infrastructure, metals and solar industries from 2006 to the present. The 56 page indictment alleges that the defendants, Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA) hacked into American entities, to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China. This including state-owned enterprises (SOEs). In some cases, it alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity. “For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” said FBI Director James B. Comey. “The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.” [...]

Tags: , , , , , , , , , , , , , , , , , , , ,

[ISN] How To Talk About InfoSec To Your Board Of Directors

http://www.darkreading.com/risk/how-to-talk-about-infosec-to-your-board-of-directors/a/d-id/1251100 By Steve Durbin Dark Reading 5/19/2014 In our global economy, the rapid evolution of technology has caused a massive shift in the information security landscape. Businesses are finding that they have more limited resources than ever before which must be prioritized to areas of greatest need or return. The task of determining priorities is difficult in itself; the imperative is delivering more for less, both in terms of new investment and existing resources. These monumental challenges cannot be met by a compartmentalized IT strategy because every piece of the modern enterprise runs on connectivity and data. Information technology runs through every department; so must information security initiatives. Today’s chief information security officers (CISO) need to be proactive in promoting and supporting new business based on strong information security and sound business-based risk assessment. As a result of these trends it is essential for CISOs to connect with the Board of Directors and approach technology and security initiatives with a risk vs. reward mindset. Too often new technologies are adopted as a way of differentiating to gain advantage over competitors. But without a robust, cost-benefit-risk analysis, organizations could end up standing out for all the wrong reasons. [...]

Tags: , , , , , , , , , , , , , , ,