Things I Hearted this Week, 19th October 2018

October 19, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

It’s been another eventful week in the world of cyber security. So let’s just jump right into it.

NCSC has Been Busy

NCSC collaborated with Australia, Canada, New Zealand, UK, and the USA to give us a report that highlights which publicly-available tools criminals are using to aid their cyber crimes.

The agency also commented on how it keeps criminals at bay by stopping on average 10 attacks on the government per week.

NCSC also published its Annual Review 2018 - the story of the second year of operations at the National Cyber Security Centre.

Targeting Crypto Currencies

It is estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen.

Twitter Publishes Data on Iranian and Russian Troll Farms

In an attempt to try and be more proactive in dealing with misinformation campaigns, Twitter has published its Elections Integrity dataset which includes attempted manipulation, including malicious automated accounts and spam. In other words it’s attempting to out - Iranian and Russian troll farms.

In light of this, it’s worth also revisiting this article by Mustafa Al-Bassam in which he researched UK intelligence doing the same thing targeting civilians in Iran.

Equifax Engineer Sentenced

An Equifax engineer gets eight months for earning $75,000 from insider trading. He figured out he was building a web portal for a breach involving Equifax, which turned out to be the 2017 breach, and so decided to ride the stock drop.

Mind the Skills Gap

(ISC)2 has released its 2018 global cyber security workforce study and it looks like the cyber security skills gap has widened to 3 million.

It’s worth bearing in mind that estimating the skills gap isn’t an easy task. You have to look into the types of organisations, the tools in place, the risk appetite, economic, political, environmental factors, a whole bunch of things. You need a pretty deep methodology (don’t get me started on survey methodologies) to accurately assess the skills gap - so, a survey of 1500 individuals won’t necessarily be completely accurate, but serves as a good discussion point to start from.

On the topic of the skills gap, there are plenty of free resources for learning available these days. Check out this awesome list:

GitHub Announcements

When Microsoft acquired GitHub, many speculated this was the end of the site. However, on the contrary, a series of new features and enhancements shows GitHub ploughing forward in leaps and bounds.

California to Change State Law for Connected Devices

In a bid to strengthen cyber security, California passed a state law requiring all manufacturers of internet connected devices to improve their security features. By 2020, in order to sell their products in California, manufacturers will need to ensure that devices such as home routers have a unique pre-programed password or an enforced user authentication process as part of the set up. Default passwords such as ‘password’ or ‘default’ will be deemed weak and in breach of the state law.

A great initiative, but part of me feels like it’s a bit premature.

Why tech companies need to reinvent themselves every three to four years

Former Cisco CEO John Chambers says doing the same thing, even if it’s the “right thing,” for too long is dangerous.

The CumEx Files investigation

Finally, a long, but fascinating read into a huge, months-long investigation that involved the cooperation of dozens of international partners to uncover how some of the wealthiest have swindled European taxpayers of billions.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL