DoJ Cyber Task Force Report
The Department of Justice issued the first report of its Cyber-Digital Task Force on 2 July. The Task Force was created in February to provide an assessment of DoJ’s work in cybersecurity and make recommendations to improve the activities of federal law enforcement to improve the federal response to cybercrime and related incidents. The 156-page document addresses foreign influence operations, sophisticated cyber schemes, cyber threats, response to cyber incidents and other topics. Appendices cover recent disruptions of Botnets and Dark Web activities. The report provides details of topics and incidents ranging from ransomware to Internet of Things, summarizes changes in federal guidelines to pursue cyber criminals, and reviews DoJ frameworks for responding to various types of cyber incidents. Deputy Attorney General Rod Rosenstein previewed the report at the annual Aspen Security Forum in mid-July. Department of Justice website
Singapore Health Database Breach
Government officials in Singapore reported a major breach of a centralized database containing personal information of as many as 1.5 million individuals including Singapore’s prime minister, Lee Hsien Long. Compromised information included addresses and national identity numbers as well as prescription information for anyone who visited a health clinic or hospital between May 2015 and July 2018. Officials stated that this was not the work of amateur hackers, but rather “a deliberate, targeted and well-planned cyberattack.” Wall Street Journal, 21 July 2018
Information Security Specialists Reuse Passwords
A recent survey of information security practitioners revealed that 45% reuse passwords across multiple accounts, violating one of the most basic guidelines for maintaining good cyber hygiene. The survey, conducted at the Infosecurity Europe 2018 conference, also showed that 20% of information security professionals have used an unsecure WiFi, but 47% would be cautious about buying new technology because of security concerns. Help Net Security, 17 July 2018
Researchers Report Increase in Cyber Incidents
Positive Technology analysts reported a 32% increase in cyber incidents in Q1 2018 compared to the same period last year. Malware, especially spyware, was used in the majority of attacks, with malware increasing by 75% since last year. Analysts suggest that hackers use malware to obtain credentials for use in future attacks or to monetize by selling the information on the Dark Web. Attacks on governments represented 16% of the total number of attacks in Q1 2018, with phishing emails being the main attack vector. Financial targets were a major target of attackers, and over 60% of attacks on banks focused on stealing money. Positive Technologies, 17 July 2018
Malware Uses Digital Certificates Stolen from Taiwanese Firm
Security researchers at ESET discovered a new malware campaign that uses digital certification certificates stolen from D-Link, a Taiwanese network equipment manufacturer. ESET identified two strains of malware using the certificates, Plead – a remotely controlled backdoor – and a password stealer. TrendMicro has associated Plead with the Blacktech cyber espionage group that mainly operates in East Asia and is focused on Taiwanese businesses. Computer Business Review, 17 July 2018
Return to our HOME PAGE.
