SUVs recalled in fear of hack attacks

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Fiat Chrysler Auto­mo­biles has recalled near­ly 8,000 SUVs to try to stop hack­ers from mount­ing remote attacks on the vehi­cles. The man­u­fac­tur­er said it need­ed to apply soft­ware updates to 7,810 Jeep Rene­gades that were sold in the U.S. mar­ket. It added that 2015 mod­els of the SUV, which comes loaded with cer­tain radios, were affect­ed by the soft­ware flaw. “The campaign—which involves radios that dif­fer from those impli­cat­ed in anoth­er, sim­i­lar recall—is designed to pro­tect con­nect­ed vehi­cles from remote manip­u­la­tion. If unau­tho­rized, such inter­fer­ence con­sti­tutes a crim­i­nal act,” Fiat Chrysler said. Source: The Reg­is­ter

Ready to picture this again

sh_costco_280Cost­co cus­tomers can order pho­tos online again, sev­en weeks after a secu­ri­ty breach at a third-par­ty host­ing com­pa­ny forced it and sev­er­al oth­er pho­to order­ing sites to go down in mid-July. The retail­er says cus­tomer pho­tos weren’t com­pro­mised in the hack, but the com­pa­ny warns in an FAQ, “At this point, we believe that the cred­it card infor­ma­tion of a small per­cent­age of Cost­co mem­bers was cap­tured.” The hack tar­get­ed PNI Dig­i­tal Media, a com­pa­ny owned by Sta­ples that han­dles online pho­to order­ing for sev­er­al sites. Cost­co reports the com­pa­ny was com­pro­mised for more than a year, from June 2014 through July 2015. Sam’s Club, CVS, Rite Aid in the U.S. and Wal­mart in Cana­da also were affect­ed. They said their pho­to ser­vices had not been restored yet. Source: Geek Wire

Taking a growing financial hit

sh_cybersecurity_280Cyber­se­cu­ri­ty is one of the fastest-grow­ing seg­ments of tech­nol­o­gy, and com­pa­nies that spe­cial­ize in this area are start­ing to get more atten­tion. Ana­lyst Sar­b­jit Nahal and team at Bank of Amer­i­ca Mer­rill Lynch said cyber­se­cu­ri­ty is one of the biggest glob­al risks today, with more than 90 mil­lion attacks a year. They report that there are near­ly 400 new cyber threats per minute, and that up to 70 per­cent of the attacks are not being detect­ed. Fur­ther, Amer­i­cans are more wor­ried about this type of crime than any oth­er, accord­ing to BAML. Last year in the Unit­ed States alone, hack­ers com­pro­mised 1 bil­lion data records. The BAML team thinks cyber­se­cu­ri­ty is one of the biggest threats to what they see as the “three pil­lars of cre­ative dis­rup­tion,” which are the Inter­net of Things, the shar­ing econ­o­my, and online ser­vices. They call this prob­lem “Cyberged­don,” as cyber breach­es cause up to $3 tril­lion in eco­nom­ic impacts, with the aver­age cost of cyber crime for U.S. com­pa­nies hit­ting a new record of $12.7 mil­lion last year. They esti­mate that cyber crime “extracts up to 20 per­cent of the val­ue cre­at­ed by the Inter­net.” Source: Val­ue Walk

Hey, we’re victims, too, China says

sh_us and china_280Cui Tiankai, China’s ambas­sador to the Unit­ed States, said he hoped that “nobody will do any­thing so non­con­struc­tive,” as eco­nom­ic sanc­tions in response to cyber attacks and that he hoped “the U.S. side will make the smart choice,” imply­ing that such sanc­tions would be the wrong choice. Cui said that both the U.S. and Chi­na are fac­ing cyber attacks, but that “Chi­na, as a devel­op­ing nation, is much more a vic­tim of” them. He said that “instead of mov­ing toward con­flict and con­fronta­tion, the U.S. and Chi­na have every rea­son to con­duct more com­mu­ni­ca­tions and coop­er­a­tion in this regard.” There have been reports that the Unit­ed States would announce eco­nom­ic sanc­tions against Chi­nese com­pa­nies for cyber espi­onage on U.S. com­pa­nies. Source: Forbes

Cyber insurance, a growth industry

Stricter data pri­va­cy noti­fi­ca­tion laws, gov­ern­ment incen­tives, cloud adop­tion and the increase in high-pro­file hacks and data breach­es con­tributed to an increase in the num­ber of com­pa­nies offer­ing and buy­ing cyber insur­ance. There are two can­di­dates for such poli­cies: com­pa­nies that store data from exter­nal sources, such as retail­ers, health care com­pa­nies and finan­cial ser­vices firms; and any com­pa­ny that stores employ­ee data. In 2014, cyber attacks and cyber crime against large com­pa­nies rose 40 per­cent glob­al­ly, accord­ing to Symantec’s Inter­net Secu­ri­ty Threat report. Pur­chas­ing cyber insur­ance can be an oppor­tu­ni­ty for com­pa­nies to take a clos­er look at their inter­nal tech­nol­o­gy and secu­ri­ty. Source: Beta News

Another brick in the firewall

sh_firewall_280One cyber defense tac­tic that has been under­val­ued is the Domain Name Sys­tem (DNS), says Simon McCalla, CTO of Nominet. The IT staff of any com­pa­ny with a large DNS infra­struc­ture could be look­ing for pat­terns in mil­lions, if not bil­lions, of requests to and around a net­work. How­ev­er, new tools that use advanced big data tech­niques to ana­lyze DNS data in depth open the pos­si­bil­i­ties for using such data to fight cyber crime. DNS analy­sis can reveal signs that com­put­ers on a net­work have become part of a bot­net by spot­ting large num­bers of requests for domains that do not exist. DNS analy­sis also has enabled the iden­ti­fi­ca­tion of aggres­sive mal­ware by track­ing infect­ed machines using a Domain Gen­er­a­tion Algo­rithm, which cre­ates domains for bot­nets to com­mu­ni­cate with. Decod­ing DNS data gives busi­ness­es a tool to fight hacks. Source: SC mag­a­zine

Going back to Ohio for help

Ohio’s attor­ney gen­er­al says his office got more than 3,500 com­plaints of iden­ti­ty theft in the first three years of a spe­cial unit designed to thwart it. Attor­ney Gen­er­al Mike DeWine also says the office’s Iden­ti­ty Theft Unit has helped to adjust more than $1 mil­lion in dis­put­ed charges for vic­tims. The unit helps vic­tims cor­rect prob­lems typ­i­cal­ly asso­ci­at­ed with iden­ti­ty theft by work­ing with cred­i­tors, col­lec­tors, cred­it report­ing agen­cies, law enforce­ment and oth­ers on their behalf. Some com­mon com­plaints includ­ed fraud­u­lent­ly opened accounts using per­son­al infor­ma­tion and tax iden­ti­ty theft. The unit lets con­sumers opt to have an advo­cate work on their behalf or get a self-help guide from the state to cor­rect their own prob­lems. Source: Asso­ci­at­ed Press via WTTW

Intensifying a flight plan

sh_flight plan_280Air­lines build­ing defens­es against hack­ers should not for­get the dan­ger to back­room tech­nol­o­gy such as reser­va­tion and flight-plan­ning sys­tems. Aon Risk Solu­tions cyber risks prac­tice leader Eric Lowen­stein says there already are exam­ples of such attacks in the avi­a­tion indus­try, includ­ing an inci­dent in June that saw 10 planes ground­ed at Pol­ish air­line LOT after com­put­ers that issued flight plans were hacked. Oth­er avi­a­tion cyber vic­tims have includ­ed Hobart Inter­na­tion­al Airport’s web­site and Japan Air­lines’ fre­quent-fli­er mem­ber­ship data­base. “I think there’s con­cern about avi­a­tion and hack­ing and how this is on the rise,” he said. “There’s this increased aware­ness of con­nec­tiv­i­ty to the Inter­net and the Inter­net of Things that is prompt­ing the fear that cyber ter­ror­ists could even take con­trol of planes remote­ly.” He pre­dict­ed the avi­a­tion indus­try would suf­fer increas­ing attacks from hack­ers, who were con­stant­ly inno­vat­ing and had mul­ti­ple points of ingress. Source: Phuket News Online