A Review of the Best News of the Week on Cybersecurity Management & Strategy
The Language and Nature of Fileless Attacks Over Time (Lenny Zeltser, Oct 12 2018)
I traced the origins of “fileless” to 2001, when Eugene Kaspersky (of Kaskersky Labs) used it in reference to Code Red worm’s ability to exist solely in memory. Two years later, Peter Szor defined this term in a patent for Symantec, explaining that this form of malware doesn’t reside in a file, but instead “appends itself to an active process in memory.”
Anthem will pay $16 million to settle HIPAA violation due to 2015 breach (Help Net Security, Oct 16 2018)
…after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of almost 79 million people.
60% of IT Security Professionals Looking to Leave Current Job (Mondo, Oct 19 2018)
According to the survey, other top reasons why IT security experts leave a job are: unhealthy work environment (53%); lack of IT security prioritization from C-level or upper management (46%); unclear job expectations (37%) and lack of mentorship (30%).
MITRE ATT&CKcon is next week
Sign up to receive the web links to watch all the action LIVE from MITRE ATT&CKcon on October 23-24, as they share best practices for using ATT&CK to demystify the complexity that cyber attackers hide behind. Watch Live Stream on Oct. 23rd and Oct. 24th at 8:55 a.m. EST.
Collection Strategies: The Key Differentiator Among Threat Intelligence Vendors (SecurityWeek, Oct 15 2018)
Most vendors’ collection strategies include Deep & Dark Web (DDW) and open web sources, but the manner in which these sources are often described to prospective customers can be confusing at best and misleading at worst.
Recent Cyber Attacks Demonstrate Why IRM is Critical for ERM Success (Gartner Blog Network, Oct 12 2018)
Gartner recommends an integrated risk management (IRM) approach that links the strategic focus of enterprise risk management (ERM) programs with the tactical steps necessary to secure the most relevant business assets.
Few organizations use cyber wargaming to practice response plan (Help Net Security, Oct 17 2018)
Nearly half (46 percent) of executive-level respondents to a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year, with more than 1,500 surveyed professionals feeling only “somewhat confident” in their organization’s ability to respond to and remediate a cyber incident.
Seven Security Activities You Should Automate (SecurityWeek, Oct 12 2018)
1. SIEM Escalation, 2. Reputation Lookups, 3. Risk Scoring, 4. Blocking Users, 5. Guided Investigations, 6. Reporting Thresholds, 7. Notifications and Task Assignments
Temasek acquires Sygnia, an Israeli cybersecurity startup, for $250M (Techcrunch, Oct 16 2018)
Temasek, the Singaporean government-controlled company that is one of the world’s biggest investors, is today announcing an acquisition to beef up its cybersecurity business. It is acquiring Sygnia, a startup out of Israel that keeps a low profile, but has built technology and services to help large organizations respond to cyber threats.
SEC Warns Public Companies on Accounting Control Use (Dark Reading, Oct 17 2018)
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
Former Equifax Developer Sentenced for Insider Trading (Infosecurity Magazine, Oct 18 2018)
Atlanta man worked on breach portal
After 2016 Hack, Illinois Says Election System Secure (SecurityWeek, Oct 17 2018)
Illinois officials assured voters Tuesday that their Nov. 6 tallies “will be securely counted” following a data breach that’s part of the Justice Department’s investigation of Russian meddling in U.S. elections.
IBM Takes Cybersecurity Training on the Road (NY Times, Oct 15 2018)
IBM on Monday is introducing its mobile cybercommand center, tucked into a heavily customized truck. What the company calls its “cyber tactical operations center” will make stops at colleges and security-focused events before heading to Europe.
Targeted attacks on crypto exchanges resulted in a loss of $882 million (Help Net Security, Oct 18 2018)
According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen.
WannaCry Cost NHS £92 Million (Infosecurity Magazine, Oct 15 2018)
Ransomware costs hit home for under-funded health service
Cybersecurity Salaries Rise 6% in One Year (Infosecurity Magazine, Oct 16 2018)
Wage rise is double the national average
Ex-Virginia Teacher Charged in 2014 ‘Celebgate’ Hacking (SecurityWeek, Oct 18 2018)
A former Virginia high school teacher is the fifth person charged in an investigation into the 2014 “celebgate” scandal in which hackers obtained nude photographs and other private information from more than 200 people, including celebrities.
RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin (Graham Cluley, Oct 18 2018)
A US court has sentenced a programmer to 30 months in a federal prison in connection with software that claimed to be a legitimate tool for Windows sysadmins to remotely manage computers, but was actually used by criminals to backdoor PCs and secretly spy on victims.