11 ways ransomware is evolving
Ransomware detection and recovery tools and techniques are getting better. Unfortunately, so are ransomware developers. They are making ransomware harder to find and encrypted files harder to recover. One advantage that security operations have had over ransomware is that it’s predictable. It works in a linear fashion, which gives security tools and teams an opportunity…
WannaCry Re-emerges at Boeing
Computers at the aerospace giant were hit by the WannaCry malware but systems are back to normal WannaCry is still around and aerospace giant Boeing is the latest victim. In a flurry of activity on Wednesday, Boeing found itself infected, analyzed the infection, contained and cleaned the affected systems, and returned to normal operations.
Small hacks: Free coffee, spying taxis, and a vulnerable airport
News websites often feature stories about computer errors and vulnerabilities used to perpetrate sophisticated large-scale incidents like last year’s WannaCry and NotPetya attacks. But experts know that most successful hacks and cracks are the result of very basic blunders by system developers or installers. Incorrectly configured systems are everywhere, and only a few hours separate the moment when a…
PinkKite POS Malware Is Small but Powerful
A newly discovered piece of malware targeting point-of-sale (POS) systems has a very small size but can do a lot on the infected systems, security researchers reveal. Called PinkKite, the POS malware was observed last year as part of a large campaign that ended in December, but was only detailed last week at Kaspersky Lab’s…
Cryptomining: the new lottery for cybercriminals
Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous,…
Malware ‘Cocktails’ Raise Attack Risk
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports. It was good while it lasted. The drop in malware attack attempts seen in 2016 – from 8.19 billion in 2015 to 7.87 billion – is but a fond memory, as 2017 saw more than…
IIC Publishes Best Practices for Securing Industrial Endpoints
The Industrial Internet Consortium (IIC) has published a new paper designed to provide a concise overview of the countermeasures necessary to secure industrial endpoints; that is, the industrial internet of things (IIoT). The paper (PDF) is not meant to provide a checklist for compliance or certification, but rather a starting point to understand what is…
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure. There are times when you see or read something for the first time and it makes sense. But later, after you have had some time to think about it, the idea or proposal might not be as straightforward…
Olympic Destroyer: who hacked the Olympics?
Long ago, during the Olympic Games, the participating countries halted their wars and put aside their political disputes. Today, the opposite is increasingly likely. The PyeongChang Winter Olympic Games started with a scandal: unknown hackers attacked the servers just before the opening ceremonies and many spectators were unable to attend the ceremonies as they were unable…
Tracking Malicious Insiders: Catch Me If You Can
The idea of malicious insiders stealing valuable assets brings to mind a picture of masked men breaking into a bank vault or museum and making a getaway with their illicit stash. But what if the enemy is one of us — someone who knows exactly where we keep our most valuable items, how we safeguard…