Lifeboat Foundation

To keep an organization safe, you must think about the entire IT ecosystem.

The ever-expanding range and diversity of cyber threats make it difficult for organizations to prioritize their offensive and defensive strategies against attackers. From malware, ransomware, and other attacks coming from the outside, to insider threats and system vulnerabilities from within, today’s expanded attack surfaces cut across the whole enterprise landscape — and that means an enterprise’s threat intelligence strategy must address the entire IT ecosystem.

To be effective, threat intelligence must be proactive, comprehensive, and done in a way that doesn’t inadvertently create more risk. Unfortunately, as a recent Ponemon survey illustrates, most organizations fall short of this goal — tripped up by a range of challenges, including a lack of expertise and overwhelming volumes of data. Improved threat intelligence comes from improving the strategy, techniques, and tools employed by enterprises to probe their networks for weakness and shore up defenses and resiliency.

Continue reading “How to Structure an Enterprise-Wide Threat Intelligence Strategy” »

A commercially available “quantum computer” has been on the market since 2011, but it’s controversial. The D-Wave machine is nothing like other quantum computers, and until recently, scientists have doubted that it was even truly quantum at all. But the company has released an important new result, one that in part realizes Richard Feynman’s initial dreams for a quantum computer.

Scientists from D-Wave announced they have simulated a large quantum mechanical system with their 2000Q machine—essentially a cube of connected bar magnets. The D-Wave can’t take on the futuristic, mostly non-physics-related goals that many people have for quantum computers, such as finding solutions in medicine, cybersecurity, and artificial intelligence. Nor does it work the same way as the rest of the competition. But it’s now delivering real physics results. It’s simulating a quantum system.

Cryptocurrency fraud and other kinds of cyber-fraud, too.

President Donald Trump has assigned an official task force to investigate the pervasive fraud within the cryptocurrency industry.

On Thursday, the president signed an executive order for a new task force within the Department of Justice with a mandate “to investigate and prosecute crimes of fraud committed against the U.S. Government or the American people, recover the proceeds of such crimes, and ensure just and effective punishment of those who perpetrate crimes of fraud.”

Continue reading “President Donald Trump assigned a task force to investigate cryptocurrency fraud” »

Is your internet moving a little slower than usual? Are you seeing hints of devices you don’t recognize in Windows Explorer, or when you cast media to your TV? If you suspect a neighbor is stealing your Wi-Fi, here’s how to check (and boot them off).

“So someone’s watching Netflix on my internet,” you may say. “What’s the big deal?” Even if you have a little bandwidth to spare, you probably don’t want other people on your network, especially if it’s unsecured. If someone has access to your network, they have access to all the computers on that network, and that’s dangerous. They could access files you’re unknowingly sharing, they could infect you with malware, and in certain situations they could even steal your passwords and other personal information.

As a result, you should take care to make sure each device connected to your network is one you can trust. Thankfully, there are free tools that’ll help you see everyone on your Wi-Fi right now.

There is increasing chatter among the world’s major military powers about how space is fast becoming the next battleground. China, Russia, and the United States are all taking steps that will ultimately result in the weaponisation of space. Any satellite that can change orbit can be considered a space weapon, but since many of the possible space-based scenarios have yet to occur, cybersecurity experts, military commanders, and policymakers do not fully understand the range of potential consequences that could result.

During the Cold War, the Soviet Union was interested in paralysing America’s strategic forces, strategic command, and control and communications, so that its military command could not communicate with its forces. They would do so by first causing electromagnetic pulse (EMP) to sever communication and operational capabilities, and then launch a mass attack across the North Pole to blow up US Intercontinental Ballistic Missiles (ICBMs).

In 1967, the US, UK and Soviet Union signed the Outer Space Treaty, which was either ratified by or acceded to 105 countries (including China). It set in place laws regarding the use of outer space and banned any nation from stationing nuclear warheads, chemical or biological weapons in space. However, the Treaty does not prohibit the placement of conventional weapons in orbit, so such weapons as kinetic bombardment (i.e. attacking Earth with a projectile) are not strictly prohibited.

Continue reading “Why Space Warfare is Inevitable” »

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union’s law enforcement agency. The string of thefts, collectively dubbed Carbanak—a mashup of a hacking program and the word “bank”—is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that’s become the stuff of legend in the digital underworld.

Carbanak’s suspected ringleader is under arrest, but $1.2 billion remains missing, and his malware attacks live on.

Government news resource covering technology, performance, employment, telework, cybersecurity, and more for federal employees.

The attack on Rockport is one example in a rising tide of similar invasions of municipal systems across the U.S.—from major cities like Atlanta, which got hit in March, to counties, tiny towns and even a library system in St. Louis. Local governments are forced to spend money on frantic efforts to recover data, system upgrades, cybersecurity insurance and, in some cases, to pay their online extortionists if they can’t restore files some other way.

Hackers are targeting small towns’ computer systems, with public-sector attacks appearing to be rising faster than those in the private sector. Online extortionists demand bitcoin ransom in return for decryption keys.

As the Equifax hack last year showed, there’s a lack of legislation governing what happens to data from a breach. And ultimately, a breach of genetic data is much more serious than most credit breaches. Genetic information is immutable: Vigna points out that it’s possible to change credit card numbers or even addresses, but genetic information cannot be changed. And genetic information is often shared involuntarily. “Even if I don’t use 23andMe, I have cousins who did, so effectively I may be genetically searchable,” says Ram. In one case, an identical twin having her genetic data sequenced created a tricky situation for her sister.

This week, DNA testing service MyHeritage revealed that hackers had breached 92 million of its accounts. Though the hackers only accessed encrypted emails and passwords — so they never reached the actual genetic data — there’s no question that this type of hack will happen more frequently as consumer genetic testing becomes more and more popular. So why would hackers want DNA information specifically? And what are the implications of a big DNA breach?

One simple reason is that hackers might want to sell DNA data back for ransom, says Giovanni Vigna, a professor of computer science at UC Santa Barbara and co-founder of cybersecurity company Lastline. Hackers could threaten to revoke access or post the sensitive information online if not given money; one Indiana hospital paid $55,000 to hackers for this very reason. But there are reasons genetic data specifically could be lucrative. “This data could be sold on the down-low or monetized to insurance companies,” Vigna adds. “You can imagine the consequences: One day, I might apply for a long-term loan and get rejected because deep in the corporate system, there is data that I am very likely to get Alzheimer’s and die before I would repay the loan.”

Continue reading “Why a DNA data breach is much worse than a credit card leak” »