The week in security: Controversy, lessons from Ashley Madison hack; Australia joins worst DDoS offenders
- 24 August, 2015 09:09
A cyberattack on the US Internal Revenue Service, reported earlier this year, now seems to be worse than originally thought. Yet the most attention was on the publication of the records from the recent Ashley Madison hack, which set tongues wagging around the world and had the site's parent company scouring the records to confirm their authenticity. Analysis of the released records, which include source code and email records, showed that internal technical experts had raised concerns about the site's security as much as a year ago. And some believe the high-profile hack will lead to a tiered Internet, while others believe it has important lessons for CSOs and could lead to a wave of spear phishing attacks.
Meanwhile, Oracle was defending a controversial rant by its CSO, while IT-security body ISACA expanded its security skills certification program to include a hands-on breach environment. Other security experts may come from very different environments, however – while Symantec acquired two training forms to boost its virtual-reality training capabilities.
Burgeoning online company REA Group, whose properties include the popular RealEstate.com.au site, has moved 98 percent of its core systems to the cloud on the back of a new identity-management framework that securely ties everything together. This sort of security will become increasingly important as new advances in quantum computing threaten conventional encryption-based security.
An Italian teenager found two zero-day vulnerabilities in Mac OS X, while others warned that BitTorrent programs can be used to amplify DDoS attacks. Also on the DDoS front, gaming services and hosting companies were being hit with a new type of DDoS attack and the takeover of home routers was being credited for a surge in DDoS attacks. Australia joined the ranks of the world's 10 worst DDoS originators for the first time, while Portmapper-based DDoS attacks presented yet another looming problem for system administrators.
Over in the US, a man pleaded guilty to selling access to a botnet of Facebook accounts while the state of Alabama was the site of a cyber-attack linked to the war against Islamic State. Revelations suggested that a notorious gang of Russian hackers was spying on controversial punk band Pussy Riot, while a Chinese hacking group was seen to be having success in attacking Indian targets with a Word exploit and dating site Plenty of Fish was hit with a breach that redirected users to malware-bearing sites.
Even as Microsoft dropped an emergency Internet Explorer patch – which was quickly used by hackers to hit a Hong Kong church site – security experts were warning of key issues to consider before switching to Windows 10. Cisco Systems warned that Flash exploits are soaring, while a vulnerability in enterprise-managed iOS devices was putting business data at risk.
If you're concerned about your internal security, it may be time to take a good look at Kali Linux, a distribution designed specifically to hammer your security defences. You may also want to be looking at machine learning-driven analytics – which are proving increasingly important in mounting a proactive response to security breaches. It's all part of the corporate architecture, which must include security from the ground up instead of treating it as a bolt-on.