Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Shylock Taken Out
Financial Trojan Demands
For Pound of Flesh Cease

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

APT is a Hacking Strategy

When you have something that someone else wants, you’re forced to protect it if you want that something to remain yours. Since the beginning of time, theft has been our unfortunate reality. As our world moved online and everything became digitally interconnected, thieves quickly recognized that’s where real value resides. To swipe it, they have gotten increasingly creative with their tactics and,

> Read More

Whitehat Lessons from $300M Cyber Crime Spree

By now you’ve read about the new indictment of five hackers from Russia and Ukraine in what is being called the “largest data breach scheme in the US.” You can read the DOJ press release here and/or a redacted copy of the indictment here [PDF]. In what is really a continuation of the Albert Gonzalez saga,

> Read More

Hacking the Hacker: The Downside to Vigilante Justice

Imagine you woke up one morning to find all of your possessions gone. Someone broke into your house in the dead of night and stole all of your things. You don’t know how they did it or who it was, but the fact remains: your stuff is gone. You might step outside, see the broken window or the ruined lock,

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

July 4th – Hurrah!
But Cybercrime Does Not Rest
Beware of Phishing

 

### Notes ###
*  Thanks to Ms. Etsuko vdH for the translation.
*  Thanks to everyone who’s contributed their haikus … watch this space to see if yours is published.

> Read More

Changeup Information Sharing

We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp since it flared up again at the end of 2012.

> Read More

CISPA, FISMA Passed the House. Now What?

CISPA, the Cyber Intelligence Sharing and Protection Act, passed the US House of Representatives late last week and will move to the Senate for further debate. If this rings a bell, it should. Last summer, CISPA passed the House before stalling in the face of a Senate filibuster. Of course, it was not the only failed attempt at cyber security legislation.

> Read More

What Businesses Need to Know About Cyber Security

  • What laws are in place for cyber security and are they enough?
  • Are the Chinese the only foreign nation hackers we need to worry about? Who are the real perpetrators?
  • How big of a problem is stolen IP for the U.S. and other countries and what is being done about it?

> Read More

Ransomware is Back with a Vengeance and Targeting Business

Ransom-ware has matured since it was first seen in 1989 with the PC Cyborg Trojan. Today, it is big business for cyber criminals; and for good reason. A September article reported cyber criminals could earn between $50,000 and $60,000 a day by focusing their efforts on just a couple of countries.

The severity of ransom-ware’s impact depends on the specific software used in the attack.

> Read More

Tis the Season! Holiday Online Shopping Tips

Cyber Monday is expected to set all time high sales records this year, much to the delight of online retailers – and cyber criminals – everywhere. (Arguably, the shopping starts earlier now, with Thanksgiving Day deals.) While the readers of Optimal Security may be very well aware of steps to minimize risk, a few reminders never hurt.

> Read More

APTs and Acquisition

You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with the proliferation of these sophisticated attacks?

> Read More

Sensational Headlines or Real Threats?

Yesterday, I was joined by a great group of IT security industry pros for a discussion on the recent, highly-sophisticated cyber attacks that continue to make headlines by hitting major U.S. banks and global companies like Saudi Aramco, Adobe and others. Dialing up the rhetoric on these spectacular headlines, the Pentagon jumped in last week with strong language from  U.S.

> Read More

Why Go Corporate? Choices in How to Earn The Big Bucks

Hacking, like most things, is cyclical. In its earliest days, it was about proving a point; breaking a system that was said to be unbreakable and awarding bragging rights to the one who could do it. What began as an ego boost then became something much different in the 90s. Once hackers figured out how to make money off security breaches,

> Read More

Cyber Security and Hollywood: More In Common Than You May Think

Several months ago, I discussed the decline of the U.S as an innovator as part of my Industry Evolution: Innovation vs. Spending series. While a tough pill to swallow, it was true then and it continues to be the case today – the U.S. is lagging in innovation and our title of world thought leader is being stripped away by other countries.

> Read More

Calling All CEOs: Cyber Crime Hits Your Bottom Line

Frequent readers of Optimal Security know I have very strong opinions on our nation’s need to improve cyber security at all levels. Information security professionals agree today’s threat landscape pales in comparison to what existed only a few years ago. Increasingly savvy hackers seek to disrupt business and quietly steal everything, from your financial transactions and customer credit card data to your intellectual property.

> Read More