10 – 14 July 2017
Read Cognosec’s round up of relevant news and happenings within the industry this week.
In the news this week…
Details of 108,000 customers deleted in Bupa data breach
Bupa revealed it has suffered a considerable data breach when details of 108,000 customers were copied and deleted by a disgruntled employee. According to reports, the security incident affects customers with international health plans. The data in question included names, dates of birth, nationalities and some contact details. The international healthcare group has confirmed that no medical or financial data was lost. The company has initiated a thorough investigation and is in the process of contacting customers whose information has been affected by the breach.
Highlighted threat to energy provider computer systems
The US Department of Homeland Security (DHS) and the FBI have advised nuclear and other energy providers that hackers may be trying to breach their computer systems, highlights a report in the Telegraph. The DHS confirmed in a statement that there is no threat to public safety however, it appears that hackers have tried to breach the business and administrative networks of the energy facilities. The Nuclear Energy Institute announced that no nuclear reactors have been affected. The institute confirmed that if a cyberattack were to occur, a report would have been made to the Nuclear Regulatory Commission.
Verizon data breach affects up to 14 million customers
U.S. telecommunications company Verizon has responded to a data breach which has affected up to 14 million customers, reports CNBC. Verizon customer data was publically available to download after an employee of one of its vendors, Nice Systems, left the information on an unsecure Amazon server. A Verizon spokesperson told CNBC the employee “put information into a cloud storage area and incorrectly set the storage to allow external access”. The company confirmed that no loss or theft of Verizon customer data was reported.
The changing face of cyber-attacks
The Washington Post recently highlighted the risk of chaos and disruption on the internet becoming the new normal due to the changing type of cyber-incidents. The article highlights the move from cyber-attacks which are focused on information acquisition, network infiltration or precision strikes and sabotage the opposition to disruptive cyber-actions, “with the apparent goals of signalling capability, disrupting normal systems and demonstrating the instability of Western democratic models.” The article goes on to discuss why the strategic logic of cyber has shifted from restraint to one of disruption and warns of entering a new era of cyberwarfare.
CopyCat malware exceeds 14 million infections
According to a report by Infosecurity Magazine, the CopyCat android malware has now infected more than 14 million devices. The malware uses code to generate and steel advertising revenues. The report states that the hackers have generated approximately $1.5 million in fake ad revenues in two months. Although the malware mainly infects users in Southeast Asia, more than 280,000 Android users in the United States have also been affected.
Microsoft patches released for 19 critical bugs
On Tuesday 11 July, Microsoft released patches for 54 vulnerabilities, 26 of which affect bugs in Windows says Infosecurity Magazine. According to the report, 19 vulnerabilities are rated as critical and can enable remote code execution. A highlighted vulnerability is within the Windows Search service.
Data breaches hurt stock market status finds study
A new study has found that data breaches not only affect the reputation of a company but also temporarily hurt a company’s stock market status too. A new study has found breached companies that have compromised an average of at least 1 million records, suffered an immediate decrease in share price of 0.43% - about equal to their average daily volatility. The one-year model study, carried out by Comparitech.com, revealed that share prices dropped 2.84% compared to the NASDAQ average. Recovery time was 38 market days. Following this, stocks outpaced the NASQAQ until day 175, after which they began falling again. The report also discovered that share prices had fallen 42% relative to the Nasdaq baseline three years following the breach.
Companies find new ways to address the cybersecurity staffing shortage
Companies are looking beyond traditional channels to hire new cybersecurity talent, reports CSO. The article compares the cost of cybercrime – which is expected to double from $3 trillion globally in 2015 to $6 trillion by 2021 – to the number of open cybersecurity jobs - estimated to grow from 1 million in 2016 to 1.5 million by 2019. The high demand for cybersecurity experts is making traditional recruiting very difficult. As a result, companies are turning to alternative sources such as prospective candidates in related technology professions including, application developers and operations people. The report also highlights women as unlocked potential to address the shortage. According to the ISC2 only 11 percent of the information security workforce is female. Another resource highlighted in the report is people with government and military experience due to their ability to master new skills and are less likely to succumb to pressure.