Tag: Cyber

Top 10 Countries Best Prepared Against Cyber Attacks

Lock and network cable with computer keyboard background

Nowadays the cyber security is essential for individuals, companies, economies, governments and nations as a whole. The reality is that all of them are trying to stay on track against the latest cyberattacks, but there are some countries committing most to cybersecurity.

One of the best ways to determine where most of the cyber attack really come from in real time is by using the map created by Norse.

NORSE Heatmap

(Source:Norse.com)

Another great alternative if you want to find out which are the countries best prepared against cyberattacks is to use the Global Cybersecurity Index (GCI) created by the International Telecommunication Union (ITU).  As described by them it is “…a survey that measures the commitment of Member States to cybersecurity in order to raise awareness.” The GCI covers the five pillars of the ITU Global Cybersecurity Agenda (GCA): legal, technical, organizational, capacity building and cooperation.

Continue reading

Vietnam New Cyber Security Law

Vietnam Cybersecurity

In June 2018, Vietnam’s National Assembly passed a new cyber security law that has generated much concern for its stringent restrictions on popular social media organizations.  Per the law that will go into effect January 1, 2019, tech companies would be compelled to store data about Vietnamese users on servers in-country, a move designed to improve the security of Vietnamese nationals.  Vietnam has been historically weak when in it comes to cyber security, and has been ranked among the bottom regionally.  According to a 2017 report by the United Nations’ International Telecommunications Union Global Cyber Security Index (GCI), Vietnam ranked 101 out of 165 countries in terms of being vulnerable to cyber attacks.  The GCI is a survey that measures the commitment of member states to cybersecurity to classify and project development process at the regional and global levels.

There are several critics of the new cyber security law.  Such a move – as has been expressed with regards to China’s new cyber laws – can potentially impact economic development and deter foreign investment.  Perhaps more alarming, dissenters and even some Vietnamese lawmakers signed petitions and conducted peaceful demonstrations to denounce the new law.  At the crux of this protest is the potential for the government to use this law in order to stifle human rights and privacy concerns such as online freedoms of speech and expression.  According to the law, Vietnam’s authorities will have the discretion to determine when expression might be identified as “illegal” and restricted.  It bans Internet users in Vietnam from organizing to conduct activities for “anti-state purposes” or to be allowed to distort the nation’s history.  Unsurprisingly, Amnesty International has underscored how the law could empower the government to monitor everything people say online.

Continue reading

Best 10 Cybersecurity Books 2018 – Must-Reads Book List

Best Cybersecurity Books 2018

There are tons of books on our favorite topic, but it’s always impossible to squeeze them all into one cybersecurity book list. On top of that not all of them are good enough to feature them on CyberDB. We have created a list with the must-reads cybersecurity books 2018. Some of them are in print for years, but it’s never too late to read them now. If you think that we have missed something, feel free to contact us and share your recommendations! Without further delay and in no particular order here is our list:

Continue reading

10 Cybersecurity Podcasts You Should Listen to in 2018

Cybersecurity podcast

In the past couple of years podcast are gaining popularity and are one of the easiest and most convenient way to learn the latest news and information.

Cybersecurity podcasts didn’t have a particular influence on the boom of podcast popularity as a whole, but there are still plenty of good shows that deserve your attention. Many IT people from simple observes to some of the biggest experts in the field have used this method to provide useful advices to the audience. Even some of the major enterprises are looking for the best cybersecurity podcasts to listen and take care for their IT infrastructure.

On CyberDB we have created a fresh list with some of the best podcasts related to cyber and information security. Check it out next time when you have some free time or even when you are stuck in traffic and want to learn something useful. These shows cover everything from simple endpoint and data security matters to comprehensive security operations and incidents. You are about to find a great range of topics, different opinions and anything that suits your listening needs. With so many great podcasts out there it’s impossible to feature them all in our list. Feel free to contact us if you want to share with us your favorite cybersecurity podcasts and include them in our list.

Continue reading

Is the (Temporary) Elimination of a Cyber Coordinator a Bad Thing?

American Cyber Flag

In May 2018, the White House eliminated the position of National Cybersecurity Coordinator.  The move has been met with much pushback from some in the cybersecurity community and even politicians.  Democratic lawmakers were seeking to propose legislation to restore the position.  In a statement made by the National Security Council the move was to “streamline management in order to improve efficiency, reduce bureaucracy, and increase accountability.”  Nevertheless, given the fact that many security officials including the Director of National Intelligence have identified cyber threats as a national security priority, the removal of this position is largely considered a step backward and not forward.  However, this may be more of a kneejerk reaction than an honest assessment of the roles and responsibilities that have been undertaken by those individuals appointed to the position.

With roots starting as early as 1997, the position first emerged in 2009 and has had three individuals in the role of Cybersecurity Coordinator – Howard Schmidt (2009-2012), Michael Daniel (2012-2017), and Rob Joyce (2017-2018), who is looking to return to the National Security Agency (NSA).  The Cybersecurity Coordinator has been primarily a policy position lacking any day-to-day authority over any of the groups working on cyber security.  Critics have pointed out that while the Cyber Coordinator can make recommendations, the position has no direct authority as far as budgeting is concerned, nor can the position compel agencies to comply with guidelines.  This has been a systematic problem with the position – it can make all of the recommendations it wants, but if it cannot compel agencies to implement them within a specified amount of time, the title becomes largely ceremonial.  Government Accounting Office reports on government cybersecurity efforts consistently find shortcomings in the federal government’s approach to ensuring the security of federal information systems and cyber critical infrastructure.

Continue reading

Best Bay Area Cyber Security Meetups 2018

Bay Area Cyber Security Meetups 2018

Meetups are an amazing way to get together with people who share common interests. Of course, there are many websites that do the same, but nobody except Meetup has done something to help its’ users to meet offline as well. This platform brings individuals together and helps to create communities while having fun at the same time in a non-working environment. As a result, even the simplest ideas may become powerful movements when people are ready to share knowledge and improve their communication skills in real life, but not behind the PC. Most noteworthy, the moto of Meetup is to provide a way to explore your city, build your career and get creative.

Key benefits of Cyber Security Meetups:

  • Meetup helps you finding cool groups and events based on your current location
  • You can follow the local community or even organize events with a few clicks
  • It is a great way to meet people offline
  • Easy to advertise on and reach potential customers by promoting an event on Meetup
  • The user can distinguish between an ordinary member and an event organizer profiles
  • Meetup is useful for both individuals and companies

Therefore, the website can be quite useful for people with similar backgrounds who want to create new contacts and expand their network. It is very important especially among professionals in Information Technology and especially the Cyber Security industry. Cyber Security Meetups are becoming a very popular way for such professionals that usually work and live in the Bay Area. If you are one of them or just have some interest in the Cyber Security here is the list.

Continue reading

Will the U.S. Adopt Similar GDPR Privacy Concerns??

Recently, the U.S. Federal Trade Commission (FTC) is investigating whether Facebook, Inc. used personal data by an analytics firm associated with the Trump campaign.  Specifically, the FTC is trying to determine if the company violated terms of an earlier consent decree when 50 million users’ data was transferred to  Cambridge Analytica, a data and media consultancy firm.  To date, Cambridge Analytica has been accused of misrepresenting the purpose of some of its data mining, which yielded something like 30 million Facebook profiles it could comb for data.  This calls into question how consumer information is shared with other entities, particularly when consent was not provided.

 

Social Media & GDPR

 

This revelation has called into question how social media sights harvest the personal information from their platforms.  As one article pointed out, “Some large-scale data harvesting and social manipulation is okay until the election. Some of it becomes not okay in retrospect.”  This is indeed troubling in a time when personal information is constantly used by malicious actors for monetization purposes or used in support of the conduct of other operations (e.g., social engineering, spam, phishing, credential theft, etc.).  A recent report by a content marketing agency revealed that Facebook logins can be sold for USD $5.20.  Such access provides a criminal to a compromised individual’s contact list to target other individuals.  According to the same report, an individual’s entire online identity – to include personal identifiable information and financial accounts – could be sold for USD $1,200.00.  After initially denying the claim, Facebook acknowledged the breach and promised to take action.

Continue reading

ISIS May Be on the Run But What’s Our Message to Prevent Its Re-Grouping?

With the near-defeat of ISIS’ ground presence, speculation is that the group will rely more on cyberspace to maintain its relevancy.  This is unsurprising as ISIS has continuously demonstrated its proficiency on the Internet, particularly for propaganda and recruitment campaigns.  The group achieved considerable success in influencing target audiences, and at one time, was credited with being able to disseminate approximately 90,000 messages a day.  Many of the hacking incidents attributed to ISIS or its sympathizers focused on exploiting global news organizations, inserting pro-ISIS messages on websites and Twitter accounts.  Perhaps more impressively, individuals associated with the extremist organization were suspected of hacking the United States Central Command’s Twitter account, posting propaganda videos and threatening messages.

 

ISIS propaganda machine remains a cornerstone of the group’s resilience and survivability, making any attempts to eliminate individual accounts akin to what some have called “whack-a-mole” futility.  In 2017, ISIS supporters used more than 400 separate online platforms to pump out propaganda despite laudable efforts by social media platforms like Facebook and Twitter that actively search for and suspend suspected terrorist/extremist accounts.  Such hinderances have encouraged the development of technologies to assist in this effort.  The United Kingdom, for example, is leveraging software able to detect 94 percent of ISIS propaganda, scanning millions of video and audio files with a 99 percent accuracy rate.

 

While these efforts are very promising in reducing ISIS’ and other extremist groups’ presence in global social media platforms, they don’t address the root of the problem – the message itself.  This has been an ongoing problem for governments and one that has continually challenged U.S. counter-messaging strategies.  The lack of success by any government to mitigate the influence of ISIS propaganda has led some to conclude that perhaps governments’ tactics of trying to deny ISIS’ ability to use cyberspace may not be the key to success.

 

Indeed, these individuals have proven adept at using advanced technologies to such a degree that it may not be possible to truly mitigate their use of the Internet.  ISIS members and associates have been reported to use the latest and greatest  technologies including: anonymous-enabling communications, virtual private networks, encrypted e-mail services, and encrypted messengers, among others.  Short of trying to institute an authoritarian grip on all available technologies (which does not guarantee success), there are too many alternatives that are available or being developed to make denying use of cyber-related devices a credible course of action for the long term.

 

That leaves having the right message that can compete with the one being spread by ISIS and other extremist groups.  Thus far, nothing has proven effective in curbing recruitment or attracting lone-wolf actors to commit horrible acts of violence.  In order to understand why propaganda works, it’s necessary to understand its intended audience, the psychological effects of propaganda on the intended target, and the socio-political effects it will have both on the target and the surrounding environment.  Any counter-messaging strategy must take into account all of these considerations.  More importantly, there can be no “one size fits all” messaging, as any content needs to be tailored to address the unique diverse backgrounds and cultures of ISIS’ members and followers.  And that may be where previous efforts have fallen short.

 

There is an opportunity to investigate what causes people from different countries to respond to radical ideology, and to understand what in the message is attractive enough to unite different socio-cultural backgrounds under the banner of an extremist world view.   We must not be satisfied with having put ISIS on the run.  Instead, we should invest this time in interviewing the persons involved to get a better idea of why they committed to extremism in the hopes of preventing another group like ISIS to emerge.

This is a guest post written by Emilio Iasiello

5G Network – Will The USG Throwing It’s Hat into the Ring?

According to recent reports, the United States government is considering building a 5G network, a step designed to bolster the country’s cyber security posture and guard against attacks, particularly from nation states believed to be conducting hostile acts of espionage.  This information is alleged to have come from sensitive documents obtained by Axios. Per these documents, there appears some question as to whether the government would build and run it, leasing out access to national telecommunications carriers, or that wireless providers in the United States build their own 5G networks that would compete with one another.  Another news source, reported similar findings, conveying that the government is interested in building a secure 5G network and will work with industry to accomplish this objective.

 

5G networks are wireless networks designed to improve connectivity for home broadband networks, as well as mobile devices such as smartphones and tablets and even self-driving cars – essentially Internet of Things devices.  There are some indications that speed will improve 10 times that of current 4G capability.  To provide some perspective to this marker, that’s sufficient to stream “8K” video or download a 3D movie in 30 seconds, according to one news outlet.  A very substantial advantage is the closing the lag time between devices, making communication more streamlined and efficient.

There is skepticism if the government will actually fund such an endeavor, with estimated costs expected to balloon to hundreds of millions of dollars.  Making connections stronger and communications more fluid would require more technology to be installed almost everywhere.  Some believe that 5G networks will bolster current 4G network architecture supporting existing technology, indicating that a full 5G adoption an unlikely result.

Nevertheless, whether the government gets involved in this process or not, the four main carriers in the United States – Verizon, ATT&T, T-Mobile, and Sprint – are all engaged in developing 5G technology meaning that the move toward the fifth generation of mobile networks is forthcoming.  In late 2017, the first 5G specification was officially completed, covering a range of spectrum from 600 and 700 MHz bands to millimeter wave of the spectrum at 50 GHz.

Propelling forward on implementing a 5G network has been touted as a security consideration.  Being able to develop a secure 5G network has been categorized as helping to curb hostile nation threats posed by governments like China that have been accused of conducting industrial and traditional espionage against U.S. public and private interests.

But it is also seen as a way to compete with China, which is considered as the leader in developing 5G technology.  According to a company that tailors analysis and commentary for its clients, 5G technology will be in place by 2020 with more than a billion users by 2023, and more than half of that based in China.

It remains to be seen the extent – if any – of the United States government in spearheading a 5G rollout.  In December 2017’s National Security Strategy statement, the president promised to improve “America’s digital infrastructure by deploying a secure 5G Internet capability nationwide.”  Thus far, the president has tried to fulfill his promises, intimating that government may find a role for itself someplace in this effort.  However, potential government intervention is not without its detractors.  Critics, including the head of the Federal Communications Commission, believe that government involvement would be meddlesome, potentially hampering innovation and investment.

There are always reasons why something can’t happen – insurmountable obstacles, cost, disrupting the norm.  Unfortunately, as history has proven, these often have trumped security considerations.  Therefore, any government discussions of creating  a new network with security in mind at the design level rather than after its completion and installment is very promising.  Many times, new technologies are brought to market at the expense of its users for the sake of being the first and displaying innovation.  Security continues to take a back seat to capitalizing on market share and making profit.  This cycle needs to be broken if there is any true interest in improving cyber security.  In this regard, government working closely with the telecommunications carriers in creating a 5G network would be advantageous, as long as it ensures that 5G network security remains a priority.

This is a guest post written by Emilio Iasiello

Developing Countries Want a Seat at the Offensive Cyber Capability Table

As 2018 commences, cyberspace remains in constant flux, a dynamic landscape that still favors hostile actors’ freedom of movement over the efforts of network defenders. Nation states continue to leverage the anonymity afforded to them in the digital sphere to conduct an array of offensive operations.  Indeed, much attention has been focused on nation-state cyber activity by security vendors and news sites tracking suspected government or government-sponsored actors as they steal information and money, and conduct aggressive attacks on infrastructure, and influence national elections.  Perhaps unsurprisingly, the increased international attention on these events has not served to deter these actors, but in some instances, have reaffirmed the need for all governments to be able to conduct similar operations to support their own national interests.  In a recent United Kingdom intelligence report, Russian security services demonstrated a “go and see what happens” attitude towards conducting offensive cyber activities.  Such an assessment certainly suggests there is little cause to fear any serious repercussion for such actions.

Continue reading