While it has been in existence for years (which is another issue altogether), there is a “new” critical infrastructure attack in the news today: “Night Dragon”. In addition to naming this new attack with a really cool name, our friends at McAfee have done an excellent job analyzing every part of the multi-pronged attack in whitepaper titled “Global Energy Cyberattacks: Night Dragon”.
Night Dragon is a fascinating attack, with all sorts of international intrigue including links to entities in China (for a great primer on purported Chinese involvement in cyberattacks, check out Richard Stiennon’s blog). However, the multi-pronged attack is easily prevented by any good application whitelisting solution–just like Stuxnet. Continue reading this post…
If targeted cyber attacks weren’t already one of the year’s top security concerns, a new study revealed that they’re no longer limiting their focus on the corporate giants of the world. They’re becoming the norm for midsized businesses, as well. This was just one of several recent reports and newly surfaced malware like the Stuxnet worm that have security professionals on high alert. With more stealthier attacks aimed at beating forensic efforts, cyber crime continues to have a growing impact on organizations and their bottom line. Here are some of the top security stories from July 2010. Continue reading this post…
One of the hottest topics in cyberspace is the “Protect Cyberspace as a National Asset Act” (PCNAA), a bill the U.S. Senate is considering that would help strengthen the mechanisms by which government and private industry protect the safety and security of the Internet. According to the article, “Plan cyberwar defenses now, before any attacks succeed,” the flaws in America’s counterterrorism strategy continue to leave our cyber-communications network vulnerable to attacks aimed at breaching our personal privacy, stealing our secrets, and even physically harming us.
While it is good news that Congress is taking proactive steps before things explode, their solution to consolidate power within the government to legally monitor and respond to cyber threats as they occur is no way to get on top of the actual problem. Instead of proactively addressing the situation with a reactive set of solutions, they need to carry these measures through with proactive solutions that prevent the situations in the first place. Continue reading this post…
Cyber crime has evolved from mass attacks intended to wreck havoc and steal as much data as possible to highly targeted attacks looking for specific information from an organization. Custom malware, designed to bypass legacy endpoint security, forms the foundation of these attacks. As a result, these calculated attacks are becoming more dangerous for the businesses and government entities hackers are targeting. Continue reading this post…