Hacking and data breaches have been in the public mindset for a long time. But as more technology is integrated into our daily lives and the workplace, you and your firm have become even more susceptible to a hack – highlighting the importance of cybersecurity, an industry Arizona is on the frontline of shaping. You’ve probably seen the splashy headlines about data breaches hitting big names like Banner Health, Chick-fil-A, Equifax, Target, the U.S. Postal Service, Sony, Yahoo! and the list goes on. Like many other people, you might have brushed off those headlines or yawned, thinking you’re glad not to have to manage those damage control teams. But in this growing world of cybercrime and technology, it’s no longer a matter of if you’ll be playing damage control after a data breach at your firm, it’s a matter of when. “Small and medium-sized businesses are drastically underestimating the risk by just thinking, ‘They’re not interested in me,’” says Michael Cocanower, founder and president of Phoenix-based itSynergy. “In fact, hackers are very interested in you. They realize, ‘I can spend six months hacking into Target, or I can spend this afternoon hacking into your 20-person company and make $10,000 off that.’” Cybercrime has cost businesses, individuals, governments and the world game-changing amounts of money. Cost of cybercrime Cybersecurity Ventures, a research and market intelligence firm, reports the cost of cybercrime will grow from $3 trillion in 2015 to $6 trillion by 2021. United Kingdom-based research firm Juniper Research predicts cybercrime will cost businesses alone more than $2 trillion by 2019. However you cut it, cybersecurity will only get more serious and more important as time moves on. Many businesses are unprepared, with 87 percent of small businesses reporting that they do not have a formal written Internet security policy, according to the National Cyber Security Alliance. Also, The National Cyber Security Alliance reports that 60 percent of small companies are unable to stay in business six months after a cyberattack. Cocanower says business owners need to be much more aware of cybercrime and the importance of having their cybersecurity systems up to snuff. There are a variety of ways hackers can infiltrate your business and you need to be aware of them, Cocanower says. Phishing scams and downloading malware or viruses are probably the most common and known. But you could also be compromised by inputting your password on a website you think is real, using open Wi-Fi, the list of risks goes on. Nothing Web-connected is safe either. Your smart phone, watch, car and Web-connected toaster oven are just the newest items susceptible to attack. Sure, you can download the latest anti-virus software, hire a skilled cybersecurity team (if you can find people who are qualified and available) and do 100 different things to keep your company secure, but that’s still not enough. Why? “The weakest link in any system is the human being,” Cocanower says.
The Securities and Exchange Commission, the country’s top Wall Street regulator, announced Wednesday that hackers breached its system for storing documents filed by publicly traded companies last year, potentially accessing data that allowed the intruders to make an illegal profit.
The agency detected the breach last year, but didn’t learn until last month that it could have been used for improper trading. The incident was briefly mentioned in an unusual eight-page statement on cybersecurity released by SEC Chairman Jay Clayton late Wednesday. The statement didn’t explain the delay in the announcement, the exact date the system was breached and whether information about any specific company was targeted.
“Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems,” Clayton said in the statement.
The next major cyberattack could involve artificial intelligence systems. It could even happen soon: At a recent cybersecurity conference, 62 industry professionals, out of the 100 questioned, said they thought the first AI-enhanced cyberattack could come in the next 12 months.
This doesn’t mean robots will be marching down Main Street. Rather, artificial intelligence will make existing cyberattack efforts – things like identity theft, denial-of-service attacks and password cracking – more powerful and more efficient. This is dangerous enough – this type of hacking can steal money, cause emotional harm and even injure or kill people. Larger attacks can cut power to hundreds of thousands of people, shut down hospitals and even affect national security.
As a scholar who has studied AI decision-making, I can tell you that interpreting human actions is still difficult for AI’s and that humans don’t really trust AI systems to make major decisions. So, unlike in the movies, the capabilities AI could bring to cyberattacks – and cyberdefense – are not likely to immediately involve computers choosing targets and attacking them on their own. People will still have to create attack AI systems, and launch them at particular targets. But nevertheless, adding AI to today’s cybercrime and cybersecurity world will escalate what is already a rapidly changing arms race between attackers and defenders.
Beyond computers’ lack of need for food and sleep – needs that limit human hackers’ efforts, even when they work in teams – automation can make complex attacks much faster and more effective.
To date, the effects of automation have been limited. Very rudimentary AI-like capabilities have for decades given virus programs the ability to self-replicate, spreading from computer to computer without specific human instructions. In addition, programmers have used their skills to automate different elements of hacking efforts. Distributed attacks, for example, involve triggering a remote program on several computers or devices to overwhelm servers. The attack that shut down large sections of the internet in October 2016 used this type of approach. In some cases, common attacks are made available as a script that allows an unsophisticated user to choose a target and launch an attack against it.
AI, however, could help human cybercriminals customize attacks. Spearphishing attacks, for instance, require attackers to have personal information about prospective targets, details like where they bank or what medical insurance company they use. AI systems can help gather, organize and process large databases to connect identifying information, making this type of attack easier and faster to carry out. That reduced workload may drive thieves to launch lots of smaller attacks that go unnoticed for a long period of time – if detected at all – due to their more limited impact.
More than 10% of ether holdings for ICOs this year missing
More than 30,000 have lost about $7,500 each from ether crime
Here’s another reason to be leery of the initial coin offerings being done at a staggering pace in the cryptocurrency world: there’s a one-in-10 chance you’ll end up a victim of theft.
Phishing scams have helped push up criminal losses to about $225 million this year, according to Chainalysis, a New York-based firm that analyzes transactions and provides anti-money laundering software. In such scams, investors are tricked into sending money to internet addresses pretending to be funding sites for digital token offerings related to the ethereum blockchain technology.
More than 30,000 people have fallen prey to ethereum-related cyber crime, losing an average of $7,500 each, with ICOs amassing about $1.6 billion in proceeds this year, Chainalysis estimates.
“It’s a huge amount of money to generate in such a short period of time,” said Jonathan Levin, co-founder of Chainalysis, whose software and database are used by some of the largest bitcoin companies and U.S. law enforcement agencies. “The cryptocurrency phishers are doing pretty good against all the other types of criminals that are out there.”
Indeed, the huge amount of wealth that has fallen prey to cyber criminals is approaching the losses incurred by robberies in the U.S. for the entire year of 2015, which stood at $390 million, according to statistics released by the Federal Bureau of Investigation.
ICOs are digital token sales typically that raise ether, with users transferring the funds to addresses provided by startups. Investors, sometimes eager to get early access to new token offerings have been tricked into providing their credentials to fake websites through targeted email campaigns, twitter posts and Slack messages, said Levin.
Ether rose 0.3 percent to $324.92 on Thursday, according to data from coindesk, while bitcoin rose 0.4 percent to $4,151.47.
Most attacks involve creating websites or social media accounts that sound similar to the real ICO project. Levin gave the fictional example of a project named “illuminate,” which an imposter might fake by spelling it as “iIIuminate.” Using the fake account, they would solicit potential investors to send money to the criminal’s address.
His firm compiled the data by identifying so-called digital wallets used by scam artists. That information is usually public because criminals widely circulate it, hoping to fool investors into sending them money.
Other common forms of crime involve tapping into project loopholes. The DAO, or decentralized autonomous organization, is a smart contract project built on top of ethereum that was intended to democratize how ethereum projects are funded. A bug in the system was exploited and that led to the theft of $55 million worth of ether at the time.
Levin didn’t provide data for bitcoin-related cybercrime, and not because it is any safer. He said such data is harder to track as scams are usually specific attacks on individual holders, rather than ICO-related campaigns which try to dupe many people at once.
“The overall figures mean there are infrastructure that we need to build to help prevent people from getting abused,” said Levin.
Millions of Verizon customer records have been exposed by an Israeli technology company, a ZDNetreport claimed last night. According to the report, as many as 14 million Verizon customers who called the company’s customer service in the past six months may have their data exposed.
Verizon has now confirmed that 6 million records were compromised by Nice Systems – carrier’s partner company that handles customer service calls.
The data was found by a security researcher on an unprotected Amazon S3 storage server, which was controlled by an employee of Nice Systems. However, the data was accessible to anyone who knew the “easy-to-guess” web address. Speaking to CNN, Verizon claims that no other external party had access to this data and that there has been no loss of customer data. The company hasn’t explained how it’s certain that no one has had access to this data.
Read More at Source: Massive Security Breach Exposes 14 Million Verizon Subscribers’ Data
One of the world’s largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised.
Bithumb is South Korea’s largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea’s currency, the Won.
Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts.
Around 10 Million Won worth of bitcoins were allegedly stolen from a single victim’s account, according to the Kyunghyang Shinmun, a major local newspaper.
A survey of users who lost cryptocurrencies in the cyber attack reveals “it is estimated that hundreds of millions of won [worth of cryptocurrencies] have been withdrawn from accounts of one hundred investors. One member claims to have had 1.2 billion won stolen.”
Besides digital currencies, hackers were succeeded in stealing the personal information of 31,800 Bithumb website users, including their names, email addresses, and mobile phone numbers, the South Korean government-funded Yonhap News reported.
However, Bithumb claims that this number represents approximately 3% of its customers.
The exchange also told Yonhap that it contacted South Korea’s cybercrime watchdog on June 30, Friday after it learned of the hack on June 29.
Recently there have been numerous reports of people losing their bitcoins to hackers and malware as bitcoin’s price continues to grow in value. It is safe to assume that organizations and individuals trying to steal people’s bitcoin reserves will persistently increase because the decentralized cryptocurrency becomes more valuable to thieves.
‘Faster and More Lucrative Than Robbing a Suburban Bank’
At the time of writing one bitcoin is worth roughly $2900 as it has become a treasured digital asset. While bitcoin’s value has increased the number of people losing money to malware attacks and hackers cracking bitcoin accounts usually follows the price rise in unison. Just recently Cody Brown, founder of the virtual reality community Roomscale.org, lost $8000 worth of bitcoin held on Coinbase.
Brown’s attack vector was through Verizon where the hacker easily took over his cell phone number with a some “simple billing information.” After his phone was compromised the attacker swiped his Coinbase funds in less than fifteen minutes. Brown does detail that he did not use two-factor authentication with his email account, but feels that it shouldn’t be so easy to access Verizon information. He also believes that he may have been targeted after tweeting about bitcoin a week prior.
US TV manufacturer Vizio’s underhanded Big Data dealing may have just cost it $2.2 million but I think it is something we can unfortunately expect to see a lot more of.
The FTC this week announced that viewing data of individual households was monitored through a built-in spy device which used image recognition technology. Once every second, software in the Vizio TVs would read pixel data from a segment of the screen. This was sent home and compared against a database of film, television and advertising content to determine what was being watched.
The FTC has revealed that Vizio went further than this – matching data on what was being watched with IP addresses, and selling it, along with third party demographic data, to businesses and organizations with a need for audience measurement.
This week we heard that Vizio paid $2.2 million to settle the FTC complaint, agreed to stop collecting viewing data in this way, and to delete the data it had already collected from its servers. That might seem like a comparatively low figure, but this may be, as Vizio point out in their statement, because personally identifiable information wasn’t transmitted.
Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts. While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.
Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. “It’s as bad as that,” said one source. “Worse, really.”
The announcement, which is expected to come this week, also possible larger implications on the $4.8 billion sale of Yahoo’s core business — which is at the core of this hack — to Verizon. The scale of the liability could be large and bring untold headaches to the new owners. Shareholders are likely to worry that it could lead to an adjustment in the price of the transaction.That deal is now moving to completion, but the companies cannot be integrated until it is approved by a number of regulatory agencies, as well as Yahoo shareholders. But representatives of Verizon and Yahoo have started meeting recently to review the Yahoo business, so that the acquisition will run smoothly once complete.
But there’s nothing smooth about this hack, said sources, which became known in August when an infamous cybercriminal named “Peace” said on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses.
Abbott Laboratories (ABT), a global manufacturer of healthcare product, announced the acquisition of St. Jude Medical (STJ) in April 2016. The $25 billion deal is now in peril after a recently-released cybersecurity report alleged that STJ’s pacemakers and defibrillators – part of a category that represents 50% of STJ’s revenues – were vulnerable to wireless cyberattack by hackers, jeopardizing the safety of thousands of device recipients.
The author of the security report, MedSec Holdings, fed their findings to Muddy Waters Research, an investment research firm that subsequently shorted STJ stock. This arrangement financially benefited Muddy Waters and Medsec when the damaging report was made public and the STJ’s stock price dropped more than 10%. As a result of the report, more shares of STJ were traded on the date of the cybersecurity report release than on the day the acquisition was announced in April. Muddy Waters and other short-sellers stand to profit even more if the deal falls through because of these cybersecurity lapse disclosures.
Public scrutiny around acquisitions has heightened for both companies involved in a deal. Senior leadership, including the Board of Directors, must ensure that cybersecurity due diligence is conducted as faithfully as any other diligence area. In a 2016 NYSE Governance survey, three-quarters of respondents said that a high profile data breach at an acquisition target would have serious implications on a pending acquisition. Moreover, more than half of the respondents said that a high profile cyber breach would diminish an acquisition target’s value. Cybersecurity risk can be viewed and managed as a risk amplifier of other categories like financial, operational and strategic risk. Though cybersecurity issues sometimes surface during the early diligence phase, it is more often the case that issues don’t become apparent until after the deal closes – during the integration phase – leading to integration delays, cost overruns, and, worse case, a breach.