In this week’s article, a study was performed by Pew Research Center which examined the knowledge that American’s have of Cyber Security. Some of the questions asked in the survey were regarding botnets, ransomware, and WiFi. Even though this might not play a major role in the cyber security space as a whole, citizens need to begin to be more cognizant about their security online. Many might believe that are not susceptible to attackers, however EVERYONE who is connected to the internet can be infiltrated. Making citizens aware of cyber security education should be a priority in the digital age.
Verifone, a massive credit card point-of-sales machine manufacturer, has been breached. On Jan 23, 2017 an urgent email from Verifone’s CIO, Steve Horan required employees to change their password. Verifone supposedly was breached in mid-2016 and was just able to find out which systems were compromised. Fortunately the only systems that were compromised were internal networks in the corporate offices. No POS devices were compromised as of yet.
Researchers at Ben-Gurion University in Israel have developed a way to steal data off of someone’s hard drive by infecting the desired computer with malware and reading data through the blinking LED light that indicates hard drive activity. In their testing, researchers used a drone camera that would fly to the window of the office where the computer was infected. Once at the window, the drone can capture the blinking LEDs, which can blink up to 6,000 times per second. This allows the desired hacker to transmit data very fast over a long distance. Being able to infiltrate a system that is not on the internet is a major concern for highly sensitive systems that utilize the “air gap.” The “air gap” is sometimes seen as an impenetrable defense against highly sensitive systems which are not connected to the internet. By using the computer’s LED light it has the potential for hackers to use a stealthier, higher-bandwidth and longer distance method to infiltrating an air-gapped computer. The researchers believe that the easiest way to circumvent this is by taping the LED light or by keeping highly sensitive systems away from windows.
Article – https://www.wired.com/2017/02/malware-sends-stolen-data-drone-just-pcs-blinking-led/
Organizations across the world have a gap in cyber security talent. With the RSA conference concluding this week the news articles this week seem to have the same theme that cyber security talent is lacking. Christos Dimitriadis, ISACA board chair, says that companies are worried that these unfilled positions in their companies can make them vulnerable to attacks. In the UK the government has put a plan in place to develop a greater interest in cber security amongst younger people. For us as cyber security students this is good news, however, we should be weary that even though many jobs are available companies will want to make sure that you are the right fit and could require higher credentials in order for you to become employed in their company.
Arby’s Restaurant Group (ARG) was the latest victim to succumb to a credit card breach. This breach was due malicious software being installed on payment card systems throughout hundreds of its locations nationwide. Most of the stores affected by the breach were corporate stores, franchise stores were not affected. The PSCU (the payment solution manager for credit unions) has received long lists from Visa and MasterCard regarding over 355,000 credit and debit cards. PSCU says that with a number of cards compromised it is bigger than just one fast-food chain, they expect that another fast-food chain will be expecting to make a statement about another compromise shortly. Dan Berger, president and CEO of the National Association of Federal Credit Unions suggests that people use their credit cards, which are easier and faster to report fraud on. Using debit cards could run the risk of wiping out your bank account as well as bouncing checks.
Article – https://krebsonsecurity.com/2017/02/fast-food-chain-arbys-acknowledges-breach/
Eight days prior to President Trump’s inauguration, the Washington DC Police Department had to take their cameras offline from January 12 to 15. This is the result from a ransomware attack that plagued 123 of the 187 network video recorders that are used all across the DC area. After the system was rebooted the ransomware had been eliminated. This goes to show that ransomware attacks are increasing, not necessarily to gain access to the DC police’s network, but to extort money from them.
Article – https://www.bitdefender.com/box/blog/iot-news/70-washington-dcs-cctv-cameras-infected-ransomware
In today’s digital world cybersecurity is a necessity in every organization. However, there needs to be a balance between productivity of your employees and the security of the organization. If employees believe that the security team in the organization is making them go through drastic measures for the sake of security, then employees could circumvent these measures for their convenience. Newman states that an organization should “never sacrifice security for productivity,” which I believe is an extremely important point. Let’s say for example a user wanted to remote into their computer from a public WiFi hotspot that is not secure. If that employee did not want to go through the time and use a token to remote into their desktop and VPN in they could install Chrome Remote Desktop and circumvent these security protocols. This could create an unencrypted connection to your work PC that could easily be hacked by someone who is sniffing traffic on the network. Unfortunately, employees have stated that 92% of their organization’s remote-access policies hamper productivity. Organizations need to educate employees on how to not go against these policies as well teach them how to use these security measures properly as to ease the burden on them.