[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Evading cyber legislation: Jurisprudence cloaking is the future of cyber warfare
\nNow hackers have come up with virtual ways to be transparent \u2013 at least to the law: cyber cloaks.
\nCyber cloaks are most powerful for those engaged in criminal cyber activity, as it offers the freedom from consequence of persecution.
\nIn general, the cloak consists of one or more of five core ingredients, and there are almost immeasurable \u2018flavors\u2019 that can be combined with great care and precision.
\nI will not go into great detail as not to promote specific attacks, however the notion of how these techniques work is most important to help protect your organization against their use.
\nEach of the five techniques listed above carry the ability to cloak a perpetrator\u2019s real identity from a legal perspective.
\nYes, it\u2019s true that there are ways to find out who perpetrated the act beyond legal methods and mitigating the perpetrators, but these techniques are generally only available for national self-defense, and even those are highly restrictive.
\nIt\u2019s high time that the legal and security community understand that the IP address is dead for legal purposes and begin to work on rational ways to uncover malicious folks through the fog of technology and regional borders.
\nThe answer to this cloaking malaise is to leverage enterprising technologies, such as fingerprinting and other fraud-like enumerations, which expose the perpetrator and provide an indelible mark from which to arrest them.
\nLegal teams and security professionals alike must get beyond the lay of security technology and reach into the next generation to find answers.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1ddd80516e&e=20056c7556<\/p>\n
Cyber attacks threatening national security double in past year, GCHQ reveals
\nCyber attacks that threaten national security have doubled in a year with the UK now facing up to seven serious assaults every day, GCHQ has warned.
\nThe intelligence agency is identifying 200 cyber attacks every month that either target critical organisations and networks or come from significant sources, such as hostile states.
\nThat compares to 100 a month just last summer.
\nThe intelligence agency is identifying 200 cyber attacks every month that either target critical organisations and networks or come from significant sources, such as hostile states.
\nThat compares to 100 a month just last summer.
\nOfficials also warned that advanced hacking technology is increasingly available \u201coff the shelf\u201d online meaning more and more offenders will be able to launch more sophisticated attacks.
\nSimply technology for denial of service attacks can be bought for a few pounds, while more sophisticated technology can be up to \u00a3100,000.
\nGCHQ and the Government on Monday launched a \u00a36.5 million Cyber Invest programme, which will work with academic experts and the private sector to support research in to cyber attacks and how best to protect against them.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d04c1b31ee&e=20056c7556<\/p>\n
JPMorgan Chase CSO reportedly reassigned following data breach
\nJPMorgan Chase & Co’s CSO Jim Cummings was reportedly reassigned to a new position within the bank following the company’s major data breach this past year.
\nBloomberg reported that it obtained a memo indicating that Cummings would be moving to Texas to \u201cwork on military and veterans housing initiatives for the bank.\u201d During his CSO tenure, Cummings supervised more than 1,000 people.
\nHe formerly served as the head of the US Air Force’s cyber-combat unit.
\nGreg Rattray formerly served as CISO at the bank and was reassigned in June to become the head of global cyber partnerships and government strategy.
\nBloomberg reported that company insiders said both Cummings and Rattray brought military culture to the bank, which didn’t always mesh with JPMorgan’s Wall Street ways.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3849377f34&e=20056c7556<\/p>\n
DDoS attack only the tip of the iceberg: study
\nIn the survey, 28% of the respondents in Saudi Arabia most often cited malware and 36% cited hacking as the number one threats to their companies, while DDoS was chosen as the most dangerous threat by only 10%.
\nGlobally, DDoS attacks often coincide with malware incidents (in 45% of all cases), and corporate network intrusions (in 32% of all cases).
\nData leaks were also detected simultaneously with an attack in 26% of cases.
\nConstruction and engineering companies encountered this problem more often than others: according to respondents worldwide, 89% of DDoS attacks on these companies coincided with other types of attacks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0573183c94&e=20056c7556<\/p>\n
Connectivity and Cybercrime
\nLegal measures play a key role in the prevention and combating of cybercrime
\nIncreasing levels of cybercrime, as both individuals and organized criminal groups exploit new criminal opportunities.
\nLaw enforcement cybercrime investigations require an amalgamation of traditional and
\nnew policing techniques.
\nWhile high-level consensus exists regarding broad areas of criminalization, detailed analysis of the provisions in source legislation reveals divergent approaches.
\nA comprehensive study on Cybercrime was conducted by the UNODC (United Nations Office on Drugs and Crime).
\nReviewed here is the Executive Summary of this excellent report which covers all the aspects of Cybercrime in almost 300 pages.
\nIn 2011, at least 2.3 billion people, the equivalent of more than one third of the world\u2019s total population, had access to the internet.
\nOver 60 per cent of all internet users are in developing countries, with 45 per cent of all internet users below the age of 25 years.
\nBy the year 2017, it is estimated that mobile broadband subscriptions will approach 70 per cent of the world\u2019s total population.
\nBy the year 2020, the number of networked devices (the \u2018internet of things\u2019) will outnumber people by six to one, transforming current conceptions of the internet.
\nIn the hyperconnected world of tomorrow, it will become hard to imagine a \u2018computer crime\u2019, and perhaps any crime, that does not involve electronic evidence linked with internet protocol (IP) connectivity. \u2018Definitions\u2019 of cybercrime mostly depend upon the purpose of using the term.
\nA limited number of acts against the confidentiality, integrity and availability of computer data or systems represent the core of cybercrime.
\nBeyond this, however, computer-related acts for personal or financial gain or harm, including forms of identity-related crime, and computer content-related acts (all of which fall within a wider meaning of the term \u2018cybercrime\u2019) do not lend themselves easily to efforts to arrive at legal definitions of the aggregate term.
\nCertain definitions are required for the core of cybercrime acts.
\nHowever, a \u2018definition\u2019 of cybercrime is not as relevant for other purposes, such as defining the scope of specialized investigative and international cooperation powers, which are better focused on electronic evidence for any crime, rather than a broad, artificial \u2018cybercrime\u2019 construct.
\nLegal measures play a key role in the prevention and combating of cybercrime.
\nThese are required in all areas, including criminalization, procedural powers, jurisdiction, international cooperation, and internet service provider responsibility and liability.
\nAt the national level, both existing and new (or planned), cybercrime laws most often concern criminalization, indicating a predominant focus on establishing specialized offences for core cybercrime acts.
\nCountries increasingly recognize, however, the need for legislation in other areas.
\nCompared to existing laws, new or planned cybercrime laws more frequently address investigative measures, jurisdiction, electronic evidence and international cooperation.
\nGlobally, less than half of responding countries perceive their criminal and procedural law frameworks to be sufficient, although this masks large regional differences.
\nWhile more than two-thirds of countries in Europe report sufficient legislation, the picture is reversed in Africa, the Americas, Asia and Oceania, where more than two-thirds of countries view laws as only partly sufficient, or not sufficient at all.
\nOnly one half of the countries, which reported that laws were insufficient, also indicated new or planned laws, thus highlighting an urgent need for legislative strengthening in these regions.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=317ab9d089&e=20056c7556<\/p>\n
8 of top 10 vulnerabilities used by exploit kits target Adobe Flash Player
\nAccording to a new report by Recorded Future, eight of the top 10 vulnerabilities used by exploit kits target Adobe Flash Player.
\nThe remaining two non-Flash flaws favored in the crimeware as a service (CaaS) ecosystem were in Microsoft Internet Explorer versions 10 and 11 and other \u201cMicrosoft products including Silverlight.\u201d
\nAfter conducting threat intelligence analysis of 108 exploit kits, Recorded Future found that Adobe Flash Player had thousands of references and dominated the list of top vulnerabilities. \u201cUnderstanding what vulnerabilities are targeted by exploit kits can better inform patch management functions within organizations,\u201d explained the company.
\nFor this research, Recorded Future did not reverse engineer any malware; instead it focused on \u201cmeta-analysis of available information from information security blogs, forum postings, etc.\u201d from Jan. 1 to Sept. 30, 2015.
\nExploit kits may use \u201cdozens of other vulnerabilities,\u201d but Adobe Flash is the top target of popular exploit kits.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cc551de5f1&e=20056c7556<\/p>\n
Japan fights its own corporate pride, opaqueness in push to improve cybersecurity
\nImproving cybersecurity practices has emerged as a top national priority for Japan, stung in recent years by embarrassing leaks at Sony Pictures, the national pension fund and its biggest defense contractor, Mitsubishi Heavy Industries, which possibly suffered the theft of submarine and missile designs.
\nTo be sure, the cybersecurity industry around the world, not just in Japan, frequently echoes the call for greater transparency within and among organizations.
\nThe U.S.
\nSenate last month passed the Cybersecurity Information Sharing Act to ease data sharing between private companies and the government for security purposes, although civil liberties advocates warned it posed a threat to privacy.
\nBut the problem may be particularly acute for Japan’s private sector behemoths and government ministries.
\nThese sprawling bureaucracies are wrapped in a “negative culture that cuts against wanting to communicate quickly,” said William H.
\nSaito, the top cybersecurity adviser to Prime Minister Shinzo Abe.
\nIn 2013, the latest year of available data, the Japanese government network faced an eightfold increase in cyberattacks from two years prior, with attacks spreading into civil infrastructure, as well as the telecommunications and energy sectors.
\nA Cabinet-level cybersecurity agency in September published a strategy paper that proposed, among other things, extending government-run cybersecurity classes to companies, awarding financial incentives for firms that demonstrate improved security capabilities and requiring companies to fill a chief cybersecurity officer role.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b6edd66960&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage2.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=c3e63a1baa)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Evading cyber legislation: Jurisprudence cloaking is the future of cyber warfare Now hackers have come up with virtual ways to be transparent \u2013 at least to the law:…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1169","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1169"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1169\/revisions"}],"predecessor-version":[{"id":3656,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1169\/revisions\/3656"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}