This could be very useful for future Computer
Security classes. Since this is Finals week, it’s a bit late this
quarter.
Clare Ward writes:
Once again, Verizon has opened the doors on the reality of a data breach with the launch of the Verizon 2018 Data Breach Digest (DBD) series, enabling businesses to read undisclosed stories from the company’s cyber-investigative vault.
The Data Breach Digest series puts cybercrime in context, outlining the (anonymized) specifics of data breaches and cybersecurity incidents for cyber defenders across all businesses to benefit from Verizon’s insights.
Cybercrime victims often believe they are the victim of an isolated attack; however, in reality this is not the case – thousands of companies experience data breaches or cybersecurity incidents every month. Unfortunately, most breaches are never publicly disclosed, preventing others from learning from the facts. This plays to the advantage of cybercriminals, enabling them to reuse successful breach tactics time and time again on new, unsuspecting organizations.
By opening up Verizon’s cybercrime files via the Data Breach Digest scenarios, we are offering a panoramic insider’s view of the cyber threat activities in an effort to share what we have seen with other organizations around the global. Our hope is that we can learn together – and in doing so, better equip ourselves in the fight against cybercrime.
Read more on Verizon.
As of today, here are the stories available, as described by
Verizon:
-
Credential Theft – the Monster Cache: Credential theft is an increasingly common target for cybercriminals, but is actually relatively easy to prevent. This story outlines how the development of cyberattack models, which outline threat actor goals, capabilities, and methods were combined with organization profiling to help organizations protect themselves against attack. This case demonstrates how an awareness of an attack vector common to the target’s specific industry could have prevented a major data breach.
-
Insider Threat – the Card Shark: For this case, Verizon experts conducted a Payment Card Industry (PCI) forensic investigation on unauthorized ATM withdrawals. What they found was a network and physical security structure flawed from start to finish. This case walks readers through the investigation to see the many process and policy challenges that enabled this attack.
-
Crypto-Jacking Malware – the Peeled Onion: Sometimes attackers care less about proprietary information and more about processing power. This incident demonstrated how a strong firewall can be undone with missed security patches, turning a client’s system into a stealthy cryptocurrency miner.
-
Third-Party Palooza – the Minus Touch: Digital forensics starts with the data – but what if there’s no data to be found? A blank hard drive and an uncooperative co-location data center starts the Verizon team on a hunt for the what/where – and what was done with it!
Much easier than the con in the movie.
Phishing Is
the Internet’s Most Successful Con
… In this age, the online equivalent of
The Sting is a phishing site: a fake reality that lives online,
set up to capture precious information such as logins and passwords,
bank-account numbers, and the other functional secrets of modern
life. You don’t get to see these spaces being built, but—like
The Sting’s betting room—they can be perfect in every
detail. Or they can be thrown together at the last minute like a
clapboard set.
For my students.
The Ethics
of Artificial Intelligence: An Interview of Kurt Long
… I am delighted to be interviewing Kurt
Long about the topic of AI. Long is the creator and CEO of
FairWarning,
a cloud-based security provider that provides data protection and
governance for electronic health records, Salesforce, Office 365, and
many other cloud applications. Long has extensive experience with AI
and has thought a lot about its ethical ramifications.
The pendulum swings again.
EU approves
controversial Copyright Directive, including internet ‘link tax’
and ‘upload filter’
The European Parliament has
voted in favor of the
Copyright Directive, a controversial piece of legislation
intended to update online copyright laws for the internet age.
The directive was originally
rejected by MEPs in
July following criticism of two key provisions: Articles 11 and
13, dubbed the “link tax” and “upload filter” by critics.
However, in parliament this morning, an updated version of the
directive was approved, along with amended versions of Articles 11
and 13. The final vote was 438 in favor and 226 against.
… The directive itself
still faces a final vote in January 2019 (although experts say it’s
unlikely it will be rejected). After that it will need to be
implemented by individual EU member states, who could very well vary
significantly in how they choose to interpret the directive’s text.
The most important parts of
this are Articles 11 and 13. Article 11 is intended to give
publishers and papers a way to make money when companies like Google
link to their stories, allowing them to demand paid licenses.
Article 13 requires certain platforms like YouTube and Facebook stop
users sharing unlicensed copyrighted material.
Critics of the Copyright
Directive say these provisions are disastrous.
In the case of Article 11, they note that attempts to “tax”
platforms like Google News for sharing articles have repeatedly
failed,
and that the system would be ripe to abuse by copyright trolls.
Article 13, they say, is even
worse. The legislation requires that platforms proactively work with
rightsholders to stop users uploading copyrighted content. The only
way to do so would be to scan all data being uploaded to sites like
YouTube and Facebook. This would create an incredible burden for
small platforms, and could be used as a mechanism for widespread
censorship. This is why figures like Wikipedia founder Jimmy Wales
and World Wide Web inventor Tim Berners-Lee came out so strongly
against the directive.
Clever yes, but computer wizards?
Street
gangs turn to high-tech cybercrime to make a living
Street gangs are growing more sophisticated and
moving into cyberspace. Following an extensive three-year
investigation, the State of California Department of Justice arrested
and indicted 32 suspects on 240 counts, including identity theft,
fraud and hacking. The individuals are linked to criminal street
gangs the BullyBoys and the CoCo Boys, California Attorney General
Xavier Becerra announced
this week.
In total, the suspects are charged with “63
counts of conspiracy to commit grand theft; 54 counts of hacking,
computer access and fraud; 56 counts of grand theft; 59 counts of
burglary; and eight counts of identity theft,” according to the
press release.
No comments:
Post a Comment