US law enforcement authorities are urging Americans to remain calm after a massive spam campaign carrying bomb threats has scared people and caused building evacuations all day across the country. The source of all problems is a spam campaign that got underway today, and which was sent to millions of email inboxes, primarily in the US.
The emails had different subject lines and various text variations, but all carried the same threat. Extortionists threatened to blow up a person’s workplace or building unless the person paid the equivalent of $20,000 in Bitcoin to a specified Bitcoin address.
Read more about the disturbing bomb threat spam campaign on ZDNet.
Cybersecurity tends to focus on dangers that appear on networks or in messages. The attackers may be half a world away, so the threat is the only thing that matters. But what happens when the threat actor is walking through the front door or sitting next to you at an airport coffee shop? Firewall rules and DNSSec can have minimal impact on the thief sliding a company-owned laptop into his backpack and walking out the door.
“If we all took our computers, encased them in concrete, and dropped them into the middle of the Atlantic Ocean, nobody would ever steal our data, but it wouldn’t matter because our data would be on the bottom of the Atlantic Ocean,” says Tim Callan, senior fellow at Sectigo. The challenge, he says, is reconciling physical security with the fact that people need to use their computers and mobile devices for legitimate work.
Read about 7 real-life threats to cybersecurity on DarkReading.
Despite almost half of U.S. consumers (49 percent) believing their security habits make them vulnerable to information fraud or identity theft, 51 percent admit to reusing passwords/PINs across multiple accounts such as email, computer log in, phone passcode, and bank accounts. That is according to Shred-it’s Consumer Fraud Awareness Survey.
Consumers are not only putting their digital security at risk, but their habits toward physical information security also make them vulnerable to fraud or identity theft. While nearly two in 10 consumers (17 percent) are concerned that they could fall victim to a physical security breach, nearly three in 10 consumers (27 percent) admit they do not shred paper or physical documents containing sensitive information before throwing them away.
Kaspersky Lab has warned that the cyberattackers of the future may be able to exploit memory implants to steal, spy on, alter or control human memories. And while the most radical threats are several decades away, the essential technology already exists in the form of deep brain stimulation devices. Scientists are learning how memories are created in the brain and can be targeted, restored and enhanced using such implantable devices.
However, vulnerabilities exist in the connected software and hardware and these need to be addressed to be ready for the threats that lie ahead, according to a new report by researchers from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group.
Cyber-security researchers have identified a total of at least 57 different ways in which cyber-attacks can have a negative impact on individuals, businesses and even nations, ranging from threats to life, causing depression, regulatory fines or disrupting daily activities.
The researchers, from Kent’s School of Computing and the Department of Computer Science at the University of Oxford, set out to define and codify the different ways in which the various cyber-incidents being witnessed today can have negative outcomes. They also considered how these outcomes, or harms, can spread as time passes. The hope is that this will help to improve the understanding of the multiple harms which cyber-attacks can have, for the public, government, and other academic disciplines.
Read more about the findings of the innovative research on ScienceDaily.
At its core, cyberwarfare refers the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant damage, death or destruction. Perhaps unsurprisingly – considering that cyberwarfare involves spies, hackers and top secret digital weapons projects – it’s a still a shadowy and ill-defined area of conflict, but one that is increasingly important and dangerous.
Like traditional conflicts, cyberwarfare comes in many shapes and sizes, but it is increasingly clear that cyberwarfare is going to be a significant component of pretty much every present and future conflict.
Read everything you need to know about cyberwar on ZDNet.
A decade has passed since we learned about pacemaker hacks, but still implantable medical devices that can save patients’ lives can be hacked to potentially kill them. Even now, as was highlighted at Black Hat USA, attackers can cause pacemakers to deliver a deadly shock to the heart or deny a life-saving shock, as well as prevent insulin pumps from delivering insulin.
At the recent Black Hat and Def Con security conferences in Las Vegas, one set of researchers showed off hacks to pacemakers and insulin pumps that could potentially prove lethal, while another researcher explained how hospital patients’ vital signs could be falsified in real time.
Read more about the disturbing discoveries relating to medical device insecurity on CSO.
The increasing sophistication and power of state-backed cyber attacks has led some experts to fear that, sooner or later, by design or by accident, one of these incidents will result in somebody getting killed.
It might sound far-fetched, but a former head of the UK’s intelligence agency has already warned about the physical threat posed by cyber attacks and the potential damage they could do.
Read more about the big — and scary — question of what will happen when a cyber attack actually results in someone getting killed, the probability of which is ever increasing, on ZDNet.
More than two-thirds (69%) of cybersecurity experts predict a successful cyberattack will hit US infrastructure within the next two years – and a majority express low confidence both in security technology to protect their organizations and in the US government to defend the nation against attacks.
Respondents of the 2018 Black Hat Attendee Survey, a group of 315 IT and security pros who attended the conference in 2017 or who are registered for this year’s conference, were asked to rate the effectiveness of technologies available to enterprise security teams. It was the first time this question was included in the survey and responses indicate the security community sees ample room for improvement.
Read more about the 2018 Black Hat Attendee survey, which reveals worries over the effectiveness of enterprise security technology, and threats to US infrastructure, on DarkReading.
Pen Test Partners’ Ken Munro and his colleagues – some of which are former ship crew members who really understand bridge and propulsion systems – have been probing the security of ships’ IT systems for a while now and the results are depressing: satcom terminals exposed on the Internet, admin interfaces accessible via insecure protocols, no firmware signing, easy-to-guess default credentials, and so on.
“Ship security is in its infancy – most of these types of issues were fixed years ago in mainstream IT systems,” Pen Test Partners’ Ken Munro says, and points out that the advent of always-on satellite connections has exposed shipping to hacking attacks.
Read more about the dismal state of ship security as reported by Ken Munro and his colleagues on Help Net Security.