Tag: Threat

It is not a secret that many people nowadays do not pay much attention when they surf the web at home or at work. There are new data breaches and exploits on a daily basis and still avoiding to take any precautions may result in a catastrophic consequences. Even the biggest corporations are paying millions of dollars so they can improve their cybersecurity and remain safe. However, if you still believe in some of the cybersecurity myths you may put your own computer or even your whole organization to a huge risk. We from CyberDB have decided to bust some of the top 5 cyber security myths and make it clear for you.

Continue reading

Department of Homeland Security Logo

In late July 2018, the Department of Homeland Security (DHS) announced the creation of the National Risk Management Center, a new organization dedicated to threat evaluation particularly as they pertain to potential hacking against the U.S. critical infrastructure.  According to news reports, the center will initially commence with narrowing its focus on the energy, finance, and telecommunications sectors.  This new initiative is designed to improve risk assessment across the critical infrastructures and serve as the primary “one-stop shop” to help private companies manage their cyber security risks.

 

Coinciding with this announcement is the Congress-lead “DHS Cyber Incident Response Teams Act of 2018” that seeks to create permanent incident response and threat hunting teams in the DHS.  Such a bill further empowers DHS to help improve cyber security via trained professionals to mitigate and remediate cyber incidents against Federal entities and critical infrastructure entities.  The bill passed the House of Representatives on March 19, 2018 and goes to the Senate for its consideration.

Continue reading

Cyber threat

Thus far, there has been no confirmed retaliatory cyber strikes conducted by a victimized government against a suspected aggressor state.  There has been some speculation that after the Sony Pictures attack, the United States “knocked” North Korea off the Internet for a brief period of time, although this has never been corroborated.  Despite being a cyber power, the United States has demonstrated restraint in punishing against those transgressor states it believes to have been orchestrators of cyber attacks against its interests, preferring to level sanctions as a punitive alternative.

The question that governments ask is how to deter hostile acts in cyberspace?  And while an important question to raise, perhaps the reality is that there is no viable answer.  There is a reason why international efforts continually fail when trying to gain consensus on cyber norms, Internet governance, and the legalities and criteria of hacking back – there is lack of a fundamental desire to actually find a solution.  Governments willing to agree to the standards and principles of any of these issues are stating their willingness to abide by them, and while that may fit the current situation, the dynamism of cyberspace has proven unpredictable.  Being cuffed to such an agreement that no longer has relevance while other governments operate without constraints is not an ideal situation.  Therefore, without an agreement in place, the status quo remains.

Continue reading

Vietnam Cybersecurity

In June 2018, Vietnam’s National Assembly passed a new cyber security law that has generated much concern for its stringent restrictions on popular social media organizations.  Per the law that will go into effect January 1, 2019, tech companies would be compelled to store data about Vietnamese users on servers in-country, a move designed to improve the security of Vietnamese nationals.  Vietnam has been historically weak when in it comes to cyber security, and has been ranked among the bottom regionally.  According to a 2017 report by the United Nations’ International Telecommunications Union Global Cyber Security Index (GCI), Vietnam ranked 101 out of 165 countries in terms of being vulnerable to cyber attacks.  The GCI is a survey that measures the commitment of member states to cybersecurity to classify and project development process at the regional and global levels.

There are several critics of the new cyber security law.  Such a move – as has been expressed with regards to China’s new cyber laws – can potentially impact economic development and deter foreign investment.  Perhaps more alarming, dissenters and even some Vietnamese lawmakers signed petitions and conducted peaceful demonstrations to denounce the new law.  At the crux of this protest is the potential for the government to use this law in order to stifle human rights and privacy concerns such as online freedoms of speech and expression.  According to the law, Vietnam’s authorities will have the discretion to determine when expression might be identified as “illegal” and restricted.  It bans Internet users in Vietnam from organizing to conduct activities for “anti-state purposes” or to be allowed to distort the nation’s history.  Unsurprisingly, Amnesty International has underscored how the law could empower the government to monitor everything people say online.

Continue reading

cyber battle fatigue

There is much concern about the realities of “Cyber Battle Fatigue” – a condition resulting from a never-ending process of defending networks and sensitive information from an onslaught of cyber attacks conducted by cyber criminals, cyber espionage actors, and hacktivists. These attackers continue to use a wide variety of tactics, tools, and procedures that span from being unsophisticated to very sophisticated and continue to have more successes than failures. Two things are certain in a constantly-changing domain – that no business that operates online is immune to being targeted, and two, the cyber security talent pool is sparse, and is contributing to the cyber battle fatigue reality.

The numbers are staggering and continue to outperform previous activity. In 2017, ransomware attacks demonstrated how prolific just one type of attack was. The WannaCry outbreak impacted computers in more than 150 countries that cost approximately USD $ 4 billion. According to one U.S. IT Company, in 2017, some notable cybercrime statistics illustrate the challenges facing those network defenders:

Continue reading

Some months ago I had the pleasure of attending a GDS Engagement Evening hosted by Admiral Patrick Walsh (ret) from iSIGHTPARTNERS (prior to its acquisition by FireEye). It was fascinating to hear from Pat the role that threat intelligence played from his direct experiences in the Navy and I think I can speak on behalf my peers on our table when I say that we could all benefit from those insights in our own work.

Continue reading