Book of Lists
TOP SECURITY THREATS
The hits just keep on coming, the hits to our networks, that is, which today go beyond traditional endpoints to now include mobile and cloud.
Internet of Things – Today, it's not only our computers, smartphones and tablets connecting to the internet, but also everything from refrigerators, cars, medical devices and toys that are equipped with embedded circuitry. "Without better security, attacks on these devices are likely to have nasty real world impact," says a Sophos report.
Public Wi-Fi and network sharing – It's a well-known fact that public Wi-Fi networks are not to be used for banking or any other transaction where security is a factor since data can be easily pilfered. Particularly troubling, apps that sync up automatically with Facebook or Outlook contacts can be a treasure trove for data thieves.
Financial attacks – With the rapid rise of online commerce, criminals are continually devising new ways – and sticking with tried-and-true methods – to work their way into the servers of financial networks. Using malware, phishing and social engineering, the attack landscape is only increasing.
iOS bugs – Apple has generally been praised for the fortitude of its operating systems. Once it was ignored by attackers owing to its tiny market share, but in the past few years as Apple has grown into a powerhouse enterprise player, the criminal element has attached itself to the rich new possibilities. Researchers have recently pointed out that with the release of iOS 8.4, some critical holes were discerned in previous versions of Apple's OS that could allow phishing of users' data, even via VPN connections.
Cloud computing – The cloud has brought convenience and cost-savings to millions of businesses and everyday consumers. However, the security of using a central shared server capable of being accessed by workers spread across the globe is still a vital concern. Hackers might gain entry, critics warn, or insiders could abscond with data on a thumb drive to sell on a black market eager for personal information or intellectual property.
DDoS attacks – Denial-of-service attacks, in which web servers are flooded with heavy traffic in an attempt to knock a website offline, are a favorite tactic of hacktivists exacting revenge on a corporation they object to, or a nation-state in battle with a foe. Several toolkits are available on the internet, some for free. For example, LOIC (Low Orbit Ion Canon), one of the most popular, was employed by Anonymous in its campaign against a number of large enterprises last year. On a smaller scale, a British man was just sentenced to eight months in prison for his launching of several DDoS attacks against social service agencies after his children were removed from his care.
Florida teacher suspended for using jammer in class – In June, a Florida high school teacher was suspended without pay after he kept a signal jammer in his classroom to prevent students from using their cell phones. Science teacher Dean Liptak allegedly employed the device between March 31 and April 2. He was only found doing so when Verizon noticed a blockage on the campus's cell tower. Liptak argued the device kept students “academically focused,” as confiscating phones until the end of class caused disruptions and was unproductive.
Caitlyn Jenner cover kept on non-internet connected device – When Bruce Jenner officially transitioned to Caitlyn Jenner, she chronicled the change through a Vanity Fair cover and photo spread. The cover was coordinated and negotiated for months. The photos, however, were especially worthy of protecting with the magazine worrying about leaks. The editors kept the story and spread on one computer that was never connected to the internet, reports indicated. All article assets were also put on a thumb drive every night and then deleted from the computer. The story was also hand-delivered to the printer.
Pastor charged for hacking – A U.S.-based pastor was charged earlier this year as being the “linchpin of a sprawling financial and hacking conspiracy.” Vitaly Korchevsky of the Slavic Evangelical Baptist Church, in Brookhaven, Pa., allegedly worked with nine other to hack into the computer systems of Marketwired, PR Newswire and Business Wire to access corporate press releases before they were made public. This allowed them to glean earnings, gross margins, revenues and other proprietary financial information. The data was apparently sent to associates in the U.S. and Ukraine who parlayed the inside information to trade shares of dozens of companies.
Obama avoids Waldorf over hacking concerns – President Obama and the U.S. delegation to the United Nations General Assembly opted to not stay at the Waldorf-Astoria Hotel during the UN's annual assembly, a precedent that had been set decades prior. The reason for their hotel change? Hacking. A Chinese firm with strong ties to Beijing purchased the hotel in 2014 and instituted a “major renovation.” U.S. officials suspected the company of building in eavesdropping and cyberespionage capabilities. The delegation instead stayed at the New York Palace Hotel.
Surveillance blimp runs free – A military surveillance blimp broke free from a ground tether in Pennsylvania and was loose for four hours. Two F-16 fighter jets monitored the remote-controlled aircraft until it slowly lost helium and drifted back to ground level. Along with the 243-foot-long blimp itself was 6,700 feet of cable. The blimp took out power for 20,000 customers. The aircraft was a result of 17 years of research and $2.7 billion in funding. However, it was never fully used due to defective software, poor reliability and vulnerability to bad weather.