With the rise of malware infecting IoT devices, DDoS defenders "have to assume that the attackers have an unlimited supply of machines that they can compromise," says Akamai's Michael Smith. But quarantines, ISP feedback loops and better patch management can bolster defenses.
Unprecedented hack attacks knocked three Ukrainian power providers offline in late 2015, and now a potential repeat hack has surfaced. Security experts recommend all power operators globally hunt carefully for related signs of attack.
This edition of the ISMG Security Report features an analysis of recommendations by a U.S. House Encryption Working Group that Congress should not enact legislation that requires technology companies to help law enforcement authorities bypass encryption on the devices they manufacture.
A variant of malware used to infect U.S. Democratic National Committee systems was also used to infect an Android app used by Ukraine's artillery forces, bolstering attribution of both attacks to Russia, says cybersecurity firm Crowdstrike.
A massive botnet run by a Russian cybercrime gang netted more than $3 million a day by generating fake views of online video advertisements, security firm White Ops warns. Cue new concerns over the prevalence of advertising fraud in the wake of fake news worries.
A federal court recently ruled that the structure of the Consumer Financial Protection Bureau, which is led by a single director, is unconstitutional. Cybersecurity attorney Chris Pierson assesses whether the potential restructuring of the CFPB could have any impact on the bureau's oversight of banks.
Memo to would-be cybercriminals: Want to move stolen funds internationally to bank accounts that you control? Need to route the funds to a few money mules to get it laundered? Don't do it from a system tied to an IP address registered to your home.
The County of Los Angeles is notifying 756,000 individuals of a breach stemming from a phishing scheme that tricked more than 100 county employees. Bank account and payment card information, Social Security numbers and health-related information was potentially exposed.
Three Romanian men accused of running a cybercrime ring that used custom-built "Bayrob" malware and money mules to steal at least $4 million from victims have been extradited to face charges in the United States.
Fifty-nine percent of security leaders believe their current ransomware defenses are above average or superior. Yet 53 percent also have been victim of ransomware attacks in the past year. Eduardo Cabrera of Trend Micro discusses this and other results of the Ransomware Response Study.
A third suspect alleged to be responsible for the 2014 JPMorgan Chase data breach, which affected more than 83 million customers, was arrested Dec. 14 after reportedly voluntarily returning to the U.S. from Russia.
The emergence of contactless chip payments on mobile phones is changing the way transactions are authenticated and secured, Jeremy King of the PCI Security Standards Council explains in this audio interview.
Ransomware attacks, which initially targeted Windows computers and then spread to Android mobile devices, are now targeting Linux servers as well, says Bob Lynch of Bitdefender, who describes a risk mitigation strategy in this video interview.
Over the years, HHS has released several guidance documents, but all are weak and without mandates as it relates to identity management and authentication of entities accessing protected health information. Guidance typically includes words like "may" and "should," but rarely include words like "shall" or "must."
Hack attack victims often ask two questions: "Who did it? And can we hack them back?" But after an attack, with time of the essence for blocking further damage, those are the wrong questions for breached organizations to be asking, data breach response expert Alan Brill says in this audio interview.