As a former Air Force information warfare officer, and a member of the military’s red and blue teams for many years, I believe the Department of Defense’s new “Strategy for Operating in Cyber-Space” is a small step towards developing a security plan for protecting our nation from cyber attacks. What leaves me a little perplexed, however, are the realities the DoD is up against in achieving the five strategic initiatives that have been outlined in the document.
As I was going through the plan, what struck me first was the fact that the U.S. has publicly called out to the world that cyberspace will be added as one of the operational domains, retaliating to any attacks against it in the same way it would to attacks by land, sea, air and space. Saying that it plans to aggressively train, organize, collaborate, and strengthen relationships with global partners sends a strong message to the international community about its intentions to take full advantage of cyberspace’s potential, as well as how the government plans to deal with and respond to threats against this domain. While the plan still leaves many questions around attribution and countermeasures against any such attack, I think the clear and unambiguous addition of the domain is an important step to deter cyber attacks targeting the U.S. government and our nation’s critical assets and infrastructure. Continue reading this post…
Computer hackers by and large focus on the weakest link of an organization’s security system. Whether it’s an unprotected server, a newly discovered system vulnerability, or an unsuspecting employee’s computer that is connected to the corporate network, cyber criminals are experts at sniffing out the weakest link.
On the surface, this week’s breach of 90,000 military e-mails and password hashes may look the same. After all, the hackers claiming responsibility for the break-in did so through an unsecured server in a network that basically had no security measures in place. What’s different about this attack, however, is the exploited server was not the military’s. The server belonged to government contractor, Booz Allen Hamilton. In other words, this criminal strategy went beyond the walls of an organization’s own network defenses.
In the case of the Epsilon security breach, where millions of customer email addresses were compromised, hackers targeted a single entity to steal private data on many of the marketing giant’s big-name customers like Chase, Citi and Target. The Booz Allen hack reverses that scenario. Instead of going after one to get to many, cyber criminals targeted multiple entities to get to one. Continue reading this post…
I know this will come as a shock to all security experts, but our systems and networks are constantly under attack by an ever-expanding list of malware that threatens just about everything we do online — from working and shopping to communicating and governing. It’s true that hackers never sleep, which means that every corner presents a potential danger each time we go online. If we aren’t adequately prepared to protect the systems we rely on and get ahead of more harmful, targeted attacks, we will continue to fall victim to evolving cyber crimes that are out to exploit our systems to steal sensitive and proprietary information for personal gain, corporate espionage or international deception. We need to move to a modern, proactive security suite. Continue reading this post…
In February, Dan Teal discussed here on WhiteSpace why today’s Mac users have to change their way of thinking when it comes to malware attacks. Once operating with the mindset that malware writers were only interested in Windows systems, Mac users need to understand that there is a new trend emerging. As the number of Mac users continues to steadily increase, cyber criminals are expanding the types of systems and platforms they target.
That message was reaffirmed this week in the Wall Street Journal. In the article, “Time For Mac Users To Think About Viruses,” Ben Rooney makes the point that Mac lovers should no longer feel smug about not getting viruses, or at the very least begin thinking about virus protection. Continue reading this post…
There’s always a way in.
That’s the straightforward, yet disturbing message that hacker-for-hire, Marc Maiffret, made after his team, hired by a large California-based water system to probe the vulnerabilities of its computer networks, took control of the equipment to add chemical treatments to drinking water within one day, hypothetically making the water undrinkable for millions of homes. Continue reading this post…