email

Iran Games Google’s 2FA in Attacks on EFF, Others

In-brief: Hackers believed to be linked to the government of Iran are using sophisticated attacks on Google’s two-factor authentication technology to break into the e-mail accounts of individuals within the country and in the Iranian diaspora, according to Citizen Lab.

Everything Tastes Better with Bluetooth: Understanding IoT Risk

In-brief: Marc Blackmer of Cisco says that, with so much promise, it can be hard to anticipate how individual or company-wide decisions to embrace the IoT might bear on cyber risk. 

Was Malware Behind A Billion Dollar Heist?

In-brief: The New York Times reports on a massive online heist involving more than 100 banks worldwide and losses of between $300 million and $1 billion, according to the security firm Kaspersky Lab. 

Cyber Resilience? Sony Employees Back To Faxes and Face to Face

There’s a fascinating article on TechCrunch that cites a current (anonymous) Sony Pictures Entertainment employee talking about life at the company in the wake of a crippling November 24th cyber attack that wiped out thousands of computer systems and stole terabytes of data from the company. According to the story, Sony employees have resorted to using circa 1990s fax machines to transmit documents and – horror – having face to face communications in lieu of texting, e-mail or social networking, all of which are disabled within Sony’s environment. [Read more Security Ledger coverage of the Sony Pictures hack here.] “We had barely working email and no voicemail so people talked to each other,” the source tells TechCrunch. “Some people had to send faxes. They were dragging old printers out of storage to cut checks…It was crazy.” “That is what a major corporate security breach sounds like,” TechCrunch writes. “The squeal […]

Europol Warns of Internet of Things Risk

In a newly released report, Europol’s European Cybercrime Center (EC3) warns that the growth of the Internet of Things (IoT) threatens to strengthen the hand of organized cyber criminal groups and make life much more difficult for police and governments that wish to pursue them. EC3’s latest Internet Organized Crime Threat Assessment (iOCTA) says the “Internet of Everything” will greatly complicate the work of law enforcement creating “new opportunities for everything from cyber criminals to state actors to child abusers. The growing numbers of connected devices will greatly expand the “attack surface” available for cyber criminal activity, the EC3 warns. Cyber criminals may co-opt connected devices for use in common criminal activity (like denial of service attacks and spam campaigns). However, advancements like connected (“smart”) vehicles and infrastructure create openings for large scale and disruptive attacks. The report, which was published late last months, is a high level position paper and pulls data mostly […]