[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
Unpacking the growing malware threats
Kathy Gibson reports from Kaspersky Labs’ conference in Lisbon – The threat of malware attacks on corporates and states is growing in 2015. While the first advanced persistent threats (APTs), Stuxnet, was detected in 2010, four new APTs have already been already recorded in 2015.The bulk of malware attacks is still on the individual user, however, with up to three new attacks being launched every second of every day – for a total of 350 000 per day.
In the first quarter of 2015 there were about 2,1-billion cyber-attacks globally, with about 130-million in the Middle East, Turkey and Africa region alone.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e8015ffeed&e=20056c7556
Unmasked: the six hacker ‘tribes’ you need to avoid
Hackers fall into one of six tribes: Secret Agents, Voyeurs, Hacktivists, White Hats, Glory Hunters and Cyber Thieves. Cyber security firm Cloudmark has identified six different hacker ‘tribes’, each of which has their own background, location, methods, motivations and potential targets.
By understanding the personalities and the methods these hackers use, as well as countermeasures across the board, businesses and individuals will be better placed to protect against them.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1434294eaa&e=20056c7556
The Seven Rules of Threat Intelligence Club
-The first rule of Threat Intelligence is: you need to understand what “Intelligence” truly means.
-The second rule of Threat Intelligence is: you MUST talk about Threat Intelligence ACCURATELY!
-Third rule of Threat Intelligence: you must talk about Threat Intelligence with the right people.
-Fourth rule: nothing exists in a bubble. There are always multiple factors to consider.
-Fifth rule: a data feed does not equal Intelligence.
-Sixth rule: no analysis = no intelligence.
-Seventh rule: The production and application of Threat Intelligence is cyclical.
And the eighth and final rule: it may not be cheap or easy, but you need proper Threat Intelligence.
-Chad Kahl, Targeted Threat Intelligence Team Lead
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1a442d653d&e=20056c7556
Getting to know the new GIAC certification: GCCC
Global Information Assurance Certification (GIAC) has launched yet another information security certification, called the GIAC Critical Controls Certification (GCCC), into this already crowded marketplace.
The GCCC is not a replacement for either the CISSP or CompTIA Advanced Security Practitioner (CASP), which focus on a wide range of information security topics. It focuses instead on the 20 fundamental critical controls as defined by the SANS institute. This concentration only on critical controls and risk management may seem elementary for seasoned security professionals, but this is not the target audience of the GCCC.
Link: [ http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=692a704eb3&e=20056c7556(UserUniverse:%201496356)myka-reports@techtarget.com&utm_source=ERU&src=5384001 ] ( http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=be23bc4981&e=20056c7556(UserUniverse:%201496356)myka-reports@techtarget.com&utm_source=ERU&src=5384001 )
Washington State Amends Data Breach Law
New requirements include:
– Expands coverage to hard copy data as well as electronic or “computerized” data;
– Requires notification of the Washington Attorney General if more than 500 Washington residents are required to be notified;
– Imposes a 45-day deadline for notification of affected consumers and, when required, of the Washington Attorney General;
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e9b4982057&e=20056c7556
Montana and Wyoming Expand Data Breach Notice Requirements
Companies that electronically store personal information about residents of Montana and Wyoming must now take note of additional notice requirements following data breach incidents. With the ever-increasing number of such occurrences, states such as Montana and Wyoming are striving to clarify what companies must do when the inevitable breach happens.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=88cc0e80c9&e=20056c7556
SEC urges advisers to draw up and implement cybersecurity plans
The Securities and Exchange Commission is pushing investment advisory firms to establish and implement formal, written policies to combat data breaches.
“Create a strategy that is designed to prevent, detect and respond to cybersecurity threats,” the SEC Division of Investment Management said in a guidance update released on Tuesday. “Implement the strategy through written policies and procedures and training … [for] officers and employees.”
The document recommends that firms conduct periodic assessments of the data it collects, the vulnerabilities of their information systems, the security controls they have in place, the potential consequences of a breach and their plan to manage such an assault. A cybersecurity strategy could include using credentials and authentication to restrict access to firm data as well as encrypting and backing up data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=18bb8a83c6&e=20056c7556
Cyber Threats Undetected On Government Networks Average Of 16 Days
In “Go Big Security,” MeriTalk and software provider Splunk Inc., surveyed 302 government cybersecurity professionals from federal, state and local agencies to examine current cybersecurity strategies and help organizations leverage big data for security.
The study found government IT managers estimate cyber threats exist on their networks for an average of 16 days before they are detected. More than three-quarters of respondents say their security team is often reactive instead of proactive.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e50fc788ad&e=20056c7556
Bank of England approves BAE Systems for financial sector cyber security testing
BAE already works closely with the UK banking industry, and said that the accreditation is an acknowledgement of the firm’s strong threat intelligence and penetration services, two areas which are key to protecting the modern enterprise regardless of its vertical industry.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9348463e7d&e=20056c7556
Dropbox strikes back against Bartalex macro malware phishers
hacker group using its cloud storage services to store and spread the Bartalex macro malware.
“We’re aware of the issue and have already revoked the ability for accounts involved to share links since they’ve violated our Acceptable Use Policy,” said the spokesperson.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=18f4158060&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=02e525868a)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)