Elizabeth V Calise

Amazon to Let Delivery Drivers Open your Front Door

December 1, 2017 by Elizabeth V Calise 4 Comments

Recently, Amazon has announced that it will be offering a new service where Prime members can receive in-home delivery of packages. This can be done with the help of high-tech smart locks that allow Amazon drivers to open their front doors. The point of this service is to give customers peace knowing their orders have arrived safely to their homes.

In order for customers to receive this service, they are required to order the Amazon Key in-home kit, which included the Amazon Cloud Cam and one of the several compatible smart locked that are offered by Kwickset or Yale.

The way it works: when a driver requests access to a customer’s house, the cloud cam confirms the driver is at the correct address through an encrypted authentication process. Once authenticated, the cam starts recording the deliver and the door is unlocked. Customers have the ability to track the delivery by using the Amazon Key app where they can watch the delivery live or view a recording at a later time. The program will eventually provide features where customers can grant keyless access for family or friends and be able set the frequency and length of time for the access.

I have mixed feelings about this new service. I understand the benefits, but I easily see risks. I would like to know more about the cyber security piece to this because I can easily picture this backfiring and hacking incidents happening.

https://www.technewsworld.com/story/84911.html

Retail and Hospitality Breaches Declined Over Past 2 Years

November 28, 2017 by Elizabeth V Calise 1 Comment

Breaches in the retail and hospitality industries have decreased to less than 5 times per month. Previously, it was in the double digits over the past two years. The decrease is due to the merchants, hotels and restaurants improving their point-of-sale (POS) systems to accept EMV or chip payment cards. The POS systems were a large target for attacks for the hospitality industry. This accounted for almost 40% of the 181 breaches hotels and restaurants faced over the two-year period. The amount of attacks decreased to eight per month in 2015 then to two by the end of 2016.

For the retail industry, web apps were the main target for attacks. During the beginning of 2016, the retail industry saw an increase in web app attacks, but no POC system attacks. However, the hospitality industry experienced web app attacks in addition to the POS system attacks. Chip cards are more work for attackers to deal with. EMV cards do not hold a user’s data on a magnetic strip that could be skimmed and sold to the dark web. Also, special equipment is required to collect information off the chip payment cards. Due to this, it is easier for attackers to target web apps and intercepting an e-commerce transaction.

https://www.darkreading.com/mobile/retail-and-hospitality-breaches-declined-over-past-2-years/d/d-id/1330503

Half of Americans Unsure of Online Shopping Safety

November 27, 2017 by Elizabeth V Calise 2 Comments

This is a short article, but I decided to post this one because this was a past thought I had as the US was approaching Thanksgiving, Black Friday and Cyber week/ Cyber Monday. It may still be a too early for there to be stories on hacking for this time period since today is Cyber Monday, but I will be waiting for the stories to come out in a couple weeks or so. Consumers continue to not be able to identify the safety of online shopping websites which continues to put them at risk for holiday hacking. Only 50% of the American population claims they can determine the legitimacy of online shopping websites. This was discovered by a survey conducted by the Global Cyber Alliance (GCA). Over one-third of the survey respondents stated they have stopped online purchasing due to security concerns. 27% of them overly worry due to the fear of being scammed and 12% lose sleep over it. 60% have had their machine infected with malware. This is the time of the year for cybercriminals to scam. They launch more fake websites during holiday shopping than any other time of the year. In November 2016, over 100,000 fake websites were launched that targeted over 300 brands. The most “spoof-able” sites were Amazon, Walmart and Target. Typically, scammers trick their victims by creating websites that look like the actual brand websites. A major difference is the fake site has a different IP address. The GCA discovered that nearly 77% of users have mistyped the website into their browser, clicked on a suspicious link or both.

https://www.darkreading.com/endpoint/half-of-americans-unsure-of-online-shopping-safety/d/d-id/1330471?

South America the Target of ‘Snowbug’ Cyber Espionage Group

November 14, 2017 by Elizabeth V Calise Leave a Comment

Snowbug is a group that has been active since 2015 and seems to be highly interested in foreign policy information from diplomatic and government entities. The group’s victims include organizations in Brazil, Peru, Argentina, and Ecuador. The hacker group has also targeted Southeast Asia like Brunei and Malaysia. The group was first spotted in 2017 when Symantec discovered a brand new backdoor dubbed Felismus being used against a target in Southeast Asia. What makes this group a major focus is the hacker group’s target, South America, which is quite rare. The targets are usually within the United States or Europe. A big takeaway from this article is that this issue is a global issue and no region is safe.

https://www.darkreading.com/attacks-breaches/south-america-the-target-of-sowbug-cyber-espionage-group/d/d-id/1330349?

China has launched another crackdown on the internet — but it’s different this time

November 7, 2017 by Elizabeth V Calise 4 Comments

I found this article interesting since it relates to a prior discussion the class had about an organization’s data when having an international site in China. Even though China is the world’s second largest economy, a lot of things are becoming less free regarding digital communication. The country’s regulators are becoming more aggressive on what more than 750 million users can and cannot do online. This year, the country has become quite strict on the most popular video-streaming websites, cracked down on their VPNs, removed foreign TV shows from online platforms, required users to register to online forums with their real names and introduced laws that hold chat group admins accountable for what is being said in their spaces. Additionally, the new laws require online news websites to be overseen by the government. China internet users have expressed frustration towards these changes. A student from the mainland relied on VPNs to connect to the outside world. Another stated they utilized VPNs to allow them access to YouTube and other reference websites that helped them with their class work. I could not imagine the government pretty much controlling my every move on the internet. Like the one student from China explained, she used a lot of outside sites to help with course work as a lot of people do around the world. China seems to be taking the control to the next extreme, which based off feedback is hurting more than helping. I could never imagine not having access to Google at any point which is a source a majority of the people rely on to find websites and get questions answered.

https://www.cnbc.com/2017/10/26/china-internet-censorship-new-crackdowns-and-rules-are-here-to-stay.html

Cyberthieves Train Their Sights on US Mobile Phone Customers

October 31, 2017 by Elizabeth V Calise Leave a Comment

A new form of cybercrime has been hitting American citizens. Recently, mobile phone account numbers are being stolen and then transferring services to a different device. Additionally, hackers have being using mobile phones to steal digital wallets and various accounts. These types of attacks have been quite successful. Lorrie Cranor, the chief technologist of the Federal Trade Commission, is among many of the victims to encounter this theft. In the article it states, the number of mobile accounts stolen or opening if a new mobile account, increased from 1,038 (2013) reported to 2,638 (2016).

https://www.technewsworld.com/story/84772.html

Canada worries about infrastructure hacks: intelligence official

October 24, 2017 by Elizabeth V Calise Leave a Comment

This is a short article, but I found it pretty interesting. I haven’t read many articles involving cyber attacks in Canada. This article sums up why, which I find interesting that many attacks have not been leaked to the public. Very different here in the US since I think about all the articles I have read or stories on the news. The Canadian government is concerned about cyber-attacks that have targeted critical infrastructure. Due to this, it has helped organizations improve their security without revealing hacks to the public. Canada has seen a comparable level of hacking in the country as the US. The country does not report hacking activity to the public, but instead reaches out to the targeted organization in a quietly manner. The article mentioned that 60 nations currently can conduct offensive cyber warfare operations. Five years ago, only five nations had this ability.

http://www.reuters.com/article/us-cyber-summit-canada-infrastructure/canada-worried-about-infrastructure-hacks-intelligence-official-idUSKBN1CS2EZ

Small Companies Often in the Dark About Cyberattacks

October 17, 2017 by Elizabeth V Calise 4 Comments

Almost 60% of small businesses have been victims of a cyberattack in the past year; however, most them were not aware they were attacked. Nationwide conducted its third annual survey which included over 1,000 businesses with fewer than 300 employees for the study. 58% of participating companies were victims of a cyberattack. The types of attacks ranged from phishing scams to ransomware. Companies who are targeted tend to have fewer cyberdefense systems, lower budget for threat protection and less name recognition. The most common forms of attack were computer viruses (36%), phishing attacks (29%) and Trojan horses (13%). Many of these companies were not prepared for any type of cyberattack. Around 58% of the firms do not have a dedicated team or vendor to monitor for cyberattacks. 76% did not have a plan action for when an attack takes place, 57% did not have plan for protecting employee data and 54% did not have a plan for protecting customer/client data. Recovery was slow and expensive for these companies. Around 20% of the companies spent about $50,000 and recovery took over six months. Additionally, 7% spent over $100,000 and recovery took over a year.

https://www.technewsworld.com/story/84865.html

‘Invisible’ Technologies: What You Can’t See Can Hurt You

October 8, 2017 by Elizabeth V Calise Leave a Comment

There is more to technology than end-user experience. Aside from user experience, there are other considerations like maintenance, operations and 24/7 support. Even though some of these considerations are less visible, they are just as important. When one has a technology that is ubiquitous, it starts to fade and not be well noticed. People tend to notice when there are issues. Something to compare this to is when you only notice your plumbing system when there is a leak. Other than that you do not think twice about. There are technologies that are very important to the business environment and keep the organization running smoothly, yet the awareness for the technology falls under the radar. Since these technologies operate below the radar, it is a high possibility they are not being examined from a risk perspective. Some examples of this are TLS, SSH, SAML and Kerberos.

Using TLS to take the example further, there are several issues that may not come to mind instantly. Legacy protocol version are known to be susceptible to attack and usage related issues like HTTPS Interception.

https://www.technewsworld.com/story/84852.html

Recent Cyber Attacks Drive Growth in Cyber Security Markets

October 1, 2017 by Elizabeth V Calise 1 Comment

I was not able to find any new cyber attack article that was not already posted in the prior weeks and for this week. So I did not want to be repetitive and post the same thing again. However, I found this article that I thought students who are recently new to the cyber world or profession would find this article interesting. The article still has the focus on cyber attacks and discusses some of the top cyber security companies.

The cyber security market is on the rise and is expected to reach $187.77 billion in 2021. This is due to the increase in cyber attacks involving the internet and cloud computing. Now, there is high demand for cyber security solutions and products. Currently, North America is the world’s largest market for cyber security; however, emerging markets like in the Asia Pacific will have opportunities. There is a major need to protect confidential data for the government, military, financial institutions, hospitals and many other organizations. The cyber security market is divided into four areas: network security, cloud security, wireless security and others. As of now, network security is dominating the market.

http://markets.businessinsider.com/news/stocks/Recent-Cyber-Attacks-Drive-Growth-in-Cyber-Security-Markets-1002226467