Tag Archives: Cybersecurity

Breach Brief: Cyberattack compromises the data of at least 4 million government workers


Four million current and former federal employees may have had their personal information hacked.


Hackers based in China breached U.S. Office of Personnel Management (OPM) computers, according to officials. One spokesperson has even described the incident as perhaps one of the largest thefts of government data ever.

635566102005778756-1392287189000-OPM

What happened? According to the Washington Post, the cyber intruders accessed information that included employees’ Social Security numbers, job assignments, performance ratings and training information. No direct deposit data was exposed. Unfortunately, they could not say for certain what data was taken, simply which information had been accessed.

How many were affected? It appears that at least four million current and former federal employees could have been impacted.

When did it occur? The hackers, who are believed to have ties to the Chinese government, gained entry into the federal computer system last September. However, the breach wasn’t detected until April.

How did it happen? The hackers are said to have used a previously unknown cyber tool, called “zero-day,” to take advantage of a vulnerability in the system.

What they’re saying: “We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace.” An FBI spokesman has said that the agency is working with other parts of the government to investigate the matter.

In addition, cybersecurity experts have also noted that the OPM was the target of another attack a year ago that was suspected of originating in China. At that time, authorities reported that no personal information had been stolen. This latest high-profile occurrence comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. With the number of cyber attacks on the rise and no apparent end in sight, how can you ensure that your network and its data are protected?

Report: Organizations not doing enough to prevent data breaches


Verizon’s annual Data Breach Investigations Report shows which threats — new and old — to watch. 


Just the other day, Verizon released its annual Data Breach Investigations Report, which analyzed more than 2,100 confirmed data breaches and approximately 80,000 reported security incidents. This year’s study offered an in-depth look at the cybersecurity landscape, including a first-time overview of mobile security, Internet of Things (IoT) technologies and the financial impact of intrusions.

150415_DBIR_Graphic_640x400

Upon delving deeper, the report revealed that though cyber attacks are getting a lot more sophisticated, decades-old tactics like phishing and hacking haven’t lost much ground either. According to Verizon, the majority of the cyber attacks (70%) used a combination of these techniques and involved a secondary victim, adding complexity to a breach.

Another troubling area singled out in the analysis is that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. In fact, many of those flaws go back almost eight years.

As in prior reports, this year’s findings again pointed out what Verizon researchers call the “detection deficit,” which refers to the time that elapses between a breach occurring until it’s discovered. Sadly, in 60% of breaches, attackers are able to compromise an organization within minutes. On the bright side, the study does note that a number of cyber attacks could be prevented through a more vigilant approach to security.

“We continue to see sizable gaps in how organizations defend themselves,” explained Mike Denning, VP of Global Security for Verizon Enterprise Solutions. “While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases. This continues to be a main theme, based on more than 10 years of data from our ‘Data Breach Investigations Report’ series.”

As expected, a hot topic that was added to this year’s report centered around security issues related to the burgeoning IoT. Verizon examined several security incidents in which connected devices were used as entry points to compromise other systems, with some IoT devices were co-opted into botnets that were infected with malicious software for denial-of-service attacks. The findings on connected devices “reaffirms the need for organizations to make security a high priority when rolling out next-generation intelligent devices.”

B290-VES.com_GraphicsDBIR2015-150417-06-01

Verizon security researchers also discovered that nearly all (96%) of the 80,000 security incidents analyzed this year can be traced to one of nine basic attack patterns that vary across industries. As identified in the 2014 report, the nine threat patterns include miscellaneous errors, malware aimed at gaining control of systems, insider/privilege misuse, physical theft or loss, web app attacks, cyber espionage, as well as point-of-sale intrusions and payment card skimmers.

This year’s report found that 83% of security incidents by industry involve the top three threat patterns — up from 76% in 2014. Needless to say, the longer it takes for organizations to discover breaches, the more time attackers have to penetrate defenses and cause damage, the report points out. More than a quarter of all breaches take an organization weeks, and sometimes months, to unearth and contain.

Want to continue reading? You can download Verizon’s entire report here. As if you needed any additional proof, it has becoming increasingly clear that embedded system insecurity affects everyone and every company. What’s worse, the effects of insecurity can be very personal like theft of sensitive financial and medical data. For a company the impact can be quite profound. Products can be cloned, software copied, systems tampered with and spied on, and many other things that can lead to revenue loss, increased liability, and diminished brand equity. Explore the SMARTER choice of embedded hardware-based security into your next design here.

Breach Brief: British Airways falls victim to frequent-flyer hack


A recent cyber attack has compromised thousands of frequent-flyer accounts.


British Airways has become the latest high-profile brand to fall victim to a large-scale hack. The company confirmed on Sunday that a security breach affected tens of thousands of its users’ frequent-flyer accounts.

DSC_5503-G-EUPZ_(10715364215)

How did it happen? According to reports, British Airways doesn’t know who hacked the system but believes that the attack could have been carried out by an automated computer program that might have been looking for vulnerabilities in the company’s online security systems.

Who did it affect? The airline acknowledged the issue and highlighted that the problem has impacted only a small number of customers out of its millions of customers worldwide. However, British Airways has temporarily frozen affected accounts; subsequently, some travelers may not be able to use their earned miles at this time.

What they’re saying: “British Airways has become aware of some unauthorized activity in relation to a small number of frequent-flyer executive club accounts. This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts. We would like to reassure customers that at this stage we are not aware of any access to any subsequent information pages within accounts, including travel histories or payment-card details.”

This latest high-profile incident comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. Thus, it is becoming increasingly clear that embedded insecurity affects everyone and every company. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network is protected?

Hackers make off with at least $300 million in bank heists


According to researchers, hackers have hit more than 100 financial institutions in 30 countries.


What were the worst passwords of 2014?


Watch these people give Jimmy Kimmel their passwords on national TV.


Undoubtedly, cybersecurity stole the headlines of 2014. It seemed every week, there was another high-profile breach, whether the aftermath of Target and Home Depot, attacks against big-box retailers like Michaels and Neiman Marcus, or the massive incidents around JPMorgan Chase and Sony. However, even at its most rudimentary level, we’re finding that a majority of people fail to abide by common login best practices when accessing their personal data.

Worst Passwords of 2014

According to SplashData’s annual list of the worst passwords, compiled from more than 3.3 million leaked codes throughout the web during the past year, many of us aren’t too concerned about our digital security… at least when it comes to sign-in credentials. And apparently, some of us are more than happy to share them national television. Jimmy Kimmel’s producers recently went around the streets of Los Angeles to assess people’s password security.

Surely enough, the Jimmy Kimmel Live cast was able to get those passing by to reveal their “secret” credentials directly into the mic. Don’t believe us? Watch it below! 

So what were some of 2014’s top passwords?

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 123456789
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1

 

The Internet of Things is getting a congressional caucus


The IoT is headed to D.C.


Congresswoman Suzan DelBene (D-WA) and Congressman Darrell Issa (R-CA) are launching the Congressional Caucus on the Internet of Things (IoT) to help educate people on the development of web-connected products.

capitol-building-1

The IoT refers to a world where products, or “things” other than mobile devices and computers, are web-enabled and typically controlled through an accompanying app. This ranges from smart thermostats and cooking equipment to fitness trackers and vehicles. Ultimately, these gadgets will come together to collect and analyze data with regards to use, habits and often times, provide feedback for improvement.

With billions of connections expected in the next five years, a number of questions linger around security, policies and laws related to the IoT era, and the newly-formed caucus aspires to address them.

“As someone with a long career in the technology industry and as an entrepreneur, I know firsthand how quickly technologies have developed to become critical to our daily lives. Policymakers will need to be engaged and educated on how we can best protect consumers while also enabling these new technologies to thrive. It’s important that our laws keep up with technology and I look forward to co-chairing the IoT caucus,” explained DelBene.

BqWo_-CCQAAedhQ

The IoT Caucus will focus on educating members on the development of innovative technology and public policy in this space, while also informing them about upcoming opportunities and challenges in health, transportation, home and the enterprise, as these embedded devices take advantage of network connectivity to create new value.

This announcement comes just days after President Obama himself emphasized the significance of cybersecurity, in the wake of recent attacks against Sony and the Pentagon’s Central Command. The proposal would allow increased sharing of information on cyber threats from the private sector with protection from liability, and subsequently, would criminalize the sale of stolen financial data, and require companies to notify consumers about data breaches.

Obama

“If we’re going to be connected, then we need to be protected,” the President stated.

At Atmel, the IoT is already at the heart of what we do. We started preparing for this smarter world nearly a decade ago, and now offer the industry’s most comprehensive, highly-integrated IoT solutions, which include hardware-based security.

Breach Brief: White House computer network hacked

The Obama Administration has revealed that hackers recently breached an unclassified computer network used by the President’s senior staff.

white-house

What happened? First reported by the New York Times, officials said the cyberattack “did not appear to be aimed at destruction of either data or hardware, or to take over other systems at the White House. That strongly suggests that the hackers’ intention was either to probe and map the unclassified White House system, find entry points where they connect to other system or conduct fairly standard espionage.”

What information was breached? According to the Washington Post“The breach was discovered two to three weeks ago… Some staffers were asked to change their passwords. Intranet or VPN access was shut off for awhile, but the email system, apart from some minor delays, was never down.”

Who’s behind it? Sources say the attack was consistent with that of a state-sponsored effort. The Post notes that a number of security firms have identified cyber-­espionage campaigns by Russian hackers thought to be working for the government. Targets have included NATO, the Ukrainian government and U.S. defense contractors.

What they’re saying: “In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network. We took immediate measures to evaluate and mitigate the activity… Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it… Our computers and systems have not been damaged, though some elements of the unclassified network have been affected. The temporary outages and loss of connectivity for our users is solely the result of measures we have taken to defend our networks.”

With the number of breaches on the rise and security at our core, learn how Atmel has you covered.

Report: Cyber breaches put 18.5 million Californians’ data at risk

The recent string of major data breaches — including the likes of Target, Home Depot, P.F. Chang’s and Nieman Marcus — have spurred a 600% increase in the number of California residents’ records compromised by cyber criminals over the last year, the latest California Data Breach Report revealed.

Breach

According to the study, a total of 167 breaches were reported in 2013 – where 18.5 million personal records were compromised – an increase of 28% from 2012 where just 2.5 million records were stolen. To put things in perspective, that’s nearly half of the state’s population (38 million).

These figures experienced a large uptick following recent incidents involving Target and LivingSocial, which together accounted for 7.5 million of the breached records. Out of the incidents reported in 2013, over half (53%) of them are attributed to malware and hacking.

“Malware and hacking breaches made up 93% of all compromised records (over 17 million records). The LivingSocial and Target breaches accounted for the bulk of those records . In April, the online marketplace LivingSocial reported a cyber attack on their systems that compromised the names, email addresses, some birth dates and passwords of over 50 million customers, including 7.5 million Californians. In December, Target reported a hacking and malware insertion into its network that resulted in the theft of the names and payment card data of 41 million customers, including 7.5 million Californians,” the report noted.

BReach

Even by factoring out both Target and LivingSocial, the amount of Californian records illegally accessed last year rose 35% to 3.5 million.

“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers. The fight against these kind of cyber crimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses,” California Attorney General Kamala Harris said in a statement.

While California residents aren’t any more susceptible to data hijacking than others, the state law requires businesses and agencies to notify customers of any breach involving more than 500 accounts. This law led to the creation of the California Data Breach Report.

The last 12 months weren’t a fluke either. In fact, “These data breaches are going to continue and will probably get worse with the short term,” emphasized Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency.

Aside from payment cards, which the Attorney General urged companies to adopter stronger encrypting and safeguard technologies, one of the most vulnerable sectors is the healthcare industry. Not only are a number of medical devices coming under siege by hackers, stolen health records are also plaguing the industry. Moreover, cyber thieves accessing unprivileged information can even be more harmful than other stolen data as it can be used for identity theft and fraud over a longer duration.

In 2012-2013, the majority of breaches in the healthcare sector (70%) were caused by lost or stolen hardware or portable media containing unencrypted data, in contrast to just 19% of such breaches in other sectors.

1573355_the-illuminati_jpeg890495712403ec5fef85b53b0a65a1ab

“By now, the problem should be obvious to anyone who is paying attention — data of any kind is vulnerable to attack by a wide variety of antagonists from hacker groups and cyber-criminals to electronic armies, techno-vandals and other unscrupulous organizations and people. The reason is simple. Yes, you guessed it: It is because data = money. To make it worse, because of the web of interconnections between people, companies, things, institutions and everything else, everyone and everything digital is exposed,” explained Bill Boldt, Atmel’s resident security expert.

To safeguard information and devices, authentication is increasingly coming paramount. As the latest incidents highlight, thinking about forgoing security in a design simply because that device isn’t connected to a network or possesses a wireless interface? Think again. The days of truly isolated systems are long gone and every design requires security. As a result, the first step in implementing a secure system is to store the system secret keys in a place that malware and bugs can’t get to them – a hardware security device like CryptoAuthentication. If a secret key is not secret, then there is no such thing as security.

Want to read more? Download the entire report here.

Infographic: 2014’s top data breaches (so far)

Dating back to last December, a string of major data breaches have affected nearly every sector, including a number of today’s most notable brands. This infographic from DataBreachToday highlights some of the most significant breaches, based on what each publicly disclosed around the incident.

Evident by the surge in cyber crime, the world has become a serious hackathon with real consequences; and, unfortunately, it is likely that it’ll only get worse with the rise of mobile communications, cloud computing, and the growth of autonomous computing devices and the Internet of Things.

So, what can be done about these growing threats against secure data? Here’s how to ensure trust in our constantly-connected world.

top-breach-timeline-infographic-100614-620-1

And, it appears that the general public is now cognizant of these threats, casting its doubts on the security of their data. With the growing number of breaches and vulnerabilities, a recent Gallup poll has revealed that Americans are more likely to worry about hackers accessing and stealing their personal information than any other crime, including burglary and murder. Specifically, 69% of these respondents claimed they frequently or occasionally fret over the notion of having their credit card information stolen by cyber criminals. These worries are justified, too. Over 25% of all Americans have experienced some form of card information theft, making it the most frequently cited crime on the infographic from Forbes below.

20141021_Executions_ID_02