Cybersecurity stories and insights for the second week of December 2017
Comment: NiceHash, a cryptocurrency mining organization that pools the distributed resources of global 'miners', was hacked at a cost of $64 million. The skyrocketing valuation of cryptocurrency, which now exceeds $420B (was only $14B a year ago) is getting the attention of cybercriminals. Let us not forget the axiom "Where there is value there will be crime". Users, miners, and organizations must increase security practices as the value goes up.
Comment: Not a win, but not a total loss either. North Carolina county government declines a hacker's ransom demand. The key can be found in the managers statement "I am confident that our backup data is secure and we have the resources to fix this situation ourselves,". That my friends is Disaster Recovery and Business Continuity at its finest. When you can say No-Thanks to extortionists, it is a good day. Yes, it would obviously better if they did not get hacked in the first place, but eventually it will happen to everyone. Those who are able to respond and recover quickly are the winners in that scenario.
Comment: The most accurate description of the Five Cybersecurity Stages that organizations progress through. 1. Denial of Risk 2. Worry and Spend 3. False Confidence 4. Hard Lessons of Reality 5. True Leadership (or crash back to #1). Recommended read for the day.
Comment: Did you think Mirai botnet writers were done? Say hello to Satori, the next gen IoT botnet which is already 100k strong. Successful malware, such as Mirai, always evolves over time. It is just the next move in the adversarial game between cybersecurity professionals and cyber attackers. Satori has some new features and is not just trying to exploit default passwords. It is a glimpse into the future of IoT malware.
Comment: Apparently this is where old passwords go to retire. Hackers aggregating 1.4 billion login/passwords, exposed from previous breaches, and sharing them to the threat community. Such a large number of records, made openly available, makes for an interesting resource to both attackers and security researchers.
Comment: A win for the good guys! Mirai authors plead guilty. That code hijacked tens-of-thousands of IP cameras, DVD players, and other insecure IoT devices as part of a massive Denial-of-Service botnet. Responsible for some of the largest DDOS attacks and severely impacted Internet on the East coast last year. Sadly, this is just the beginning for IoT based attacks. New variants are already active to fill the void.
Comment: Doctor, it hurts when you suffer a data breach! 83% of doctors report having a "cyber incident". Healthcare is vulnerable to cyber attacks. As patients, we must talk to our medical providers about the privacy of our data (records, cameras in exam rooms) and potential risks for medical devices (pacemakers, implanted defibrillators, IV pumps, and many others). We own our health, we must also advocate for our privacy and safety. Patient concerns drive healthcare innovation
Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit