You are here: Home / Archives for Cyber

Study: Cybercrime Costs Jump 56 Percent | PCMag.com

August 3, 2011 By 1 Comment

The cost of dealing with cyber crime went up 56 percent this year, with organizations paying anywhere from $1.5 million to $36.5 million a year for protection and recovery, according to a study.

The “Second Annual Cost of Cyber Crime, conducted by the Ponemon Institute and funded by Hewlett-Packard, revealed that the median annualized cost of cybercrime is $5.9 million a year, which is 56 percent higher than the year before.

During a four-week period, organizations surveyed were hit with 72 successful cyberattacks a week, up 45 percent from the year before. Most of the attacks were in the form of distributed denial of service (DDoS), malicious code, stolen services, and Web-based attacks.

On average, each attack took 18 days and $416,000 to fix, which was 70 percent higher than last year, when it took an average of 14 days and $250,000 to recover.

“As the sophistication and frequency of cyberattacks increases, so too will the economic consequences,” Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said in a statement. “Figuring out how much to invest in security starts with understanding the real cost of cybercrime.”

Cybercrime incurs costs for detection, protection, containment, and recovery. Companies also have to shell out extra for consumer compensation.

via Study: Cybercrime Costs Jump 56 Percent | News & Opinion | PCMag.com.

Filed Under: From The News, Tech Bytes Tagged With: , , , , , , , , ,

McAfee: Hackers compromised 72 organizations since 2006 – Computerworld

August 3, 2011 By Leave a Comment

Security vendor McAfee published a detailed report on Tuesday about a hacking group that penetrated 72 companies and organizations in 14 countries since 2006 in a massive operation that stole national secrets, business plans and other sensitive information.

McAfee said the attackers are likely a single group acting on behalf of a government, differing from the recent wave of less sophisticated attacks from cyber activist groups such as Anonymous and LulzSec, according to the report.

McAfee did not say what country might have been working with the hackers, in contrast to companies such as Google, which as recently as last month blamed China for hacking into the Gmail accounts of several high-profile U.S. officials.

The intrusions, which McAfee called Operation Shady RAT, was discovered after the security vendor gained access to a command-and-control server that collected data from the hacked computers and logged the intrusions.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” wrote Dmitri Alperovitch, vice president of threat research at McAfee, and author of the report.

via McAfee: Hackers compromised 72 organizations since 2006 – Computerworld.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Pentagon: Cyber attack could prompt military strike | TG Daily

July 15, 2011 By Leave a Comment

The Pentagon has confirmed that a cyber attack against computer networks in the United States could prompt a retaliatory military strike.

“It would be irresponsible, and a failure of the Defense Department’s mission, to leave the nation vulnerable to a known threat,” Deputy Defense Secretary William Lynn explained during a recent briefing about the DoD’s new cyber strategy.

“[As such], the United States reserves the right, under the laws of armed conflict, to respond to serious cyber attacks with a proportional and justified military response at the time and place of our choosing.”

However, Lynn said the DoD’s cyber strategy ultimately emphasized “denying the benefit of [an] attack.”

“If an attack will not have its intended effect, those who wish us harm will have less reason to target us in the first place,” Lynn said.

He noted that any response to a cyber offensive would be “dictated by the effect,” rather than location.

Concurrently, the president would “consider all the tools he has” if the attack caused significant damage – such as human casualties and massive economic losses.

via Pentagon: Cyber attack could prompt military strike | TG Daily.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

More than two-thirds of UK companies hit by data breaches in past year – 11/19/2010 – Computer Weekly

November 20, 2010 By Leave a Comment

Some 70% of UK businesses have been hit by at least one data breach in the past year, according to digital forensics company CY4OR.

Increased exposure to the risk of cyber attacks has led the UK government to recognise cyber crime as one of the biggest threats facing the country.

In addition to the cost of downtime and recovery, UK businesses could be fined up to £500,000 for serious data breaches.

According to CY4OR, the problem of data breaches is worse in certain industries, with financial services, hospitality and retail accounting for 71% of all breaches.

via More than two-thirds of UK companies hit by data breaches in past year – 11/19/2010 – Computer Weekly.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

DHS, Defense Join Forces to Battle Cyber Threats | News & Opinion | PCMag.com http://bit.ly/9vTVXe #ediscovery

October 13, 2010 By Leave a Comment

DHS, Defense Join Forces to Battle Cyber Threats | News & Opinion | PCMag.com http://bit.ly/9vTVXe #ediscovery

Filed Under: Tweet Archive Tagged With: , , , , , ,

Video: DoD 2010 Digital Forensics Challenge

September 29, 2010 By Leave a Comment

The DoD Cyber Crime Center’s Digital Forensics Challenge is your chance to help digital forensic examiners solve real-world challenges and develop new investigative tools, techniques, and methodologies. To learn more about the Digital Forensics Challenge, visit: http://www.dc3.mil/challenge/2010/

See more DoD videos at http://www.dodvclips.mil.

Filed Under: From The News Tagged With: , , , , , , , , ,

Privacy group sues to get records about Google-National Security Agency relationship – latimes.com

September 14, 2010 By Leave a Comment

The nonprofit Electronic Privacy Information Center, which has tangled with Google in the past over the security of its Gmail e-mail system, filed a request under the Freedom of Information Act for documents related to any agreement between Google and the NSA. The NSA denied the request, and on Monday the privacy group took the agency to court, seeking to force it to hand over records.

“As of 2009, Gmail had roughly 146 million monthly users, all of whom would be affected by any relationship between the NSA and Google,” the privacy group’s request said. “In order for the public to make meaningful decisions regarding their personal data and e-mail, it must be aware of the details of that relationship. Neither Google nor the NSA has provided information regarding their relationship.”

There probably isn’t a significant privacy concern in the NSA’s dealings with Google, said Richard Clarke, a top national security official in the Clinton and Bush administrations and author of “Cyber War: The Next Threat to National Security and What to Do About It.”

“But the easy way for Google and NSA to prove that is by letting an outside group come in and find out,” Clarke said.

Lewis said the NSA still must overcome a lack of trust among consumers after it enlisted telecom companies to help with surveillance it conducted without warrants in the wake of the Sept. 11 terrorist attacks.

Beyond the privacy issue, the Google-NSA alliance shows that no single U.S. government agency is responsible for defending the country’s private computer infrastructure from the daily onslaught of foreign-based cyber attacks, Clarke and Lewis said. NSA gets involved only in select cases.

via Privacy group sues to get records about Google-National Security Agency relationship – latimes.com.

Filed Under: From The News Tagged With: , , , , , , , , ,

The quiet threat: Cyber spies are already in your systems – Computerworld

July 28, 2010 By Leave a Comment

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

[ Not all corporate espionage is high-tech; find out how to stop low-tech spies. | InfoWorld's Roger Grimes says you should lure spies with honeypots. | Master your security with InfoWorld's interactive Security iGuide. ]

Security experts believe that a growing number of companies are being spied upon electronically by sources from other countries, most notably China. What makes these attacks so troublesome is that their techniques are often undetectable by the usual security tools. Electronic spies try to get into systems without causing disruptions, so they can quietly gather information over a period of time.

via The quiet threat: Cyber spies are already in your systems – Computerworld.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

U.S. businesses need gov’t cyber security: official – The China Post

May 28, 2010 By Leave a Comment

A U.S. government computer security system that can detect and prevent cyber attacks should be extended to private businesses that operate critical utilities and financial services, a top Pentagon official said Wednesday.

William J. Lynn III, the deputy defense secretary, said discussions are in the very early stages and participation in the program would be voluntary. The idea, he said, would allow businesses to take advantage of the Einstein 2 and Einstein 3 defensive technologies that are being developed to put in place on government computer networks.

Extending the program to the private sector raises a myriad of legal, policy and privacy questions, including how it would work and what information — if any — companies would share with the government about any attacks or intrusions they detect.

Businesses that opt not to participate could “stay in the wild, wild west of the unprotected Internet,” Lynn told a small group of reporters during a cybersecurity conference.

And in the case of Einstein 2 — an automated system that monitors federal Internet and e-mail traffic for malicious activity — companies already may have equal or superior protections on their networks.

“Einstein 2 is like a 1999 Mustang with a little rust,” said James Lewis, a cybersecurity expert and senior fellow at the Washington-based Center for Strategic and International Studies. “For some companies it isn't a big deal. But for others who haven’t done much (to secure their networks) it would be a good idea.”

Lewis said the larger challenges would come with Einstein 3, a separate program being developed which would detect and actively block or prevent cyber intrusions.

via U.S. businesses need gov’t cyber security: official – The China Post.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Data Stolen From India, UN, Dalai Lama Traced To China — InformationWeek

April 6, 2010 By

Just as in January, computer hackers based in China are being accused of cyber espionage and the Chinese government is denying involvement and calling the charges groundless.

In January, the targets were Google, dozens of other companies, and the e-mail accounts of human rights activists. Following revelations about the incident, Google said it would stop censoring search results in China, a decision that led the company recently to redirect queries from mainland China to Google servers in Hong Kong.

This time, the targets are the Indian Ministry of Defense, the United Nations, and the Office of the Dalai Lama, among other organizations.

There's a noteworthy difference in the two attacks, however: The security experts who revealed the attacks managed to track the perpetrators over eight months.

As a consequence, the researchers were able to obtain copies of various sensitive and classified documents from the hackers. These documents included files taken from governments, businesses, academic institutions and other entities.

Some of the stolen data consisted of visa applications provided to Indian embassies, for example. Other data recovered included some 1,500 letters sent from the Dalai Lama's office between January 2009 and November 2009.

The researchers said they handled the sensitive files responsibly and notified affected organizations.

The report on the attack, published by Information Warfare Monitor — made up of Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, and the SecDev Group — and the Shadowserver Foundation, is called Shadows in the Cloud: An investigation into Cyber Espionage 2.0.

The authors of the report contributed to a similar investigation last year called GhostNet that found circumstantial evidence pointing to attackers located in China.

via Data Stolen From India, UN, Dalai Lama Traced To China — InformationWeek.

Filed Under: From The News Tagged With: , , , , , , , , , , , ,
« Older Posts