From expert insight into cybersecurity-related trends in 2016 to the ongoing attacks against Ukraine’s electric power industry and the persistent problem that is poor password behavior, we’ve got you covered for all the important security stories from the past seven days.
ESET Trends for 2016: Security is becoming a part of our lives
ESET released the latest edition of its annual trends report, observing that in 2016, security is going to “a problem involving more and more people”. The main topics covered in this year’s paper include the Internet of Things, which covers wearables and interconnecting homes; ransomware, which highlights the increase in the number of variants; and haxposure, an emerging threat identified by ESET’s Stephen Cobb as the “combination of criminal data theft via hacking and public exposure of internal secrets”.
More cyberattacks aimed at Ukraine’s power industry discovered
ESET’s Robert Lipovsky, who has recently covered the reemergence of the BlackEnergy trojan, revealed that Ukraine’s electric power industry has once again been targeted by cyberattacks. “What’s particularly interesting is that the malware that was used this time is not BlackEnergy, which poses further questions about the perpetrators behind the ongoing operation,” he stated. “The malware is based on a freely-available open-source backdoor – something no-one would expect from an alleged state-sponsored malware operator.”
Agent-based or agentless? Key considerations of managing security in virtualized environments
Before you embark on a virtualization project, it’s vital you consider, among other things, security, explained ESET’s Miguel Ángel Mendoza.The challenge, he continued, is deciding on whether to opt for an agent-based or agentless solution. It’s no easy decision, as both have their advantages and disadvantages. He advised that “the most appropriate option should be based on the infrastructure characteristics of each particular organization”.
Poor password security continues to be a major security problem
Despite every (ongoing) effort by the security industry to encourage people to be more vigilant and responsible when it comes to passwords, old habits are proving very hard to break down. SplashData’s fifth annual Worst Password List made for uncomfortable reading, with 123456 and password once again being identified as the most commonly used weak passwords. Interesting, the buzz around the new Star Wars movie, The Force Awakens, resulted in the appearance of Star Wars-related passwords like solo and princess for the first time.
Irish lottery and ticket terminals knocked offline by DDoS attack
Security analyst Graham Cluley reported on the story that Premier Lotteries Ireland (PLI), which runs the Irish Lottery, was the victim of a distributed denial-of-service (DDoS) attack. The result was that the main website went offline for a number of hours. “DDoS attacks against gambling websites are far from unusual,” he said. “In fact, they are commonly targeted by online extortionists who attempt to blackmail money out of website owners, threatening to blast sites offline (and thus prevent gamblers from handing over their cash) if the ransom isn’t paid.”
Retailers ‘capable of tracking shoppers through smartphones’
In a revealing blog, Simon Rice, group manager for technology at the Information Commissioner’s Office (ICO) in the UK, discussed that retailers are increasingly using technology that allows them to track the movements of their customers through their smartphone’s Wi-Fi. This allows them to target particular products at certain customers, which, needless to say, does raise concern about the use of personal data. He commented: “Just as it may be necessary to return to the changing room to ensure the correct fit, we need to ensure the correct balance between technology and privacy to ensure we don’t end up with a case of Wallace and Gromit’s Wrong Trousers.”