Attacks on U.S. elections more widespread than thought, targeting voter data, software

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Russia’s cyber attack on the U.S. elec­toral sys­tem before Don­ald Trump’s elec­tion was far more wide­spread than has been pub­licly revealed, includ­ing incur­sions into vot­er data­bas­es and soft­ware sys­tems in almost twice as many states as pre­vi­ous­ly report­ed. In Illi­nois, inves­ti­ga­tors found evi­dence that cyber intrud­ers tried to delete or alter vot­er data. The hack­ers accessed soft­ware designed to be used by poll work­ers on Elec­tion Day, and in at least one state, accessed a cam­paign finance data­base. In all, the Russ­ian hack­ers hit sys­tems in a total of 39 states. The scope and sophis­ti­ca­tion so con­cerned Oba­ma admin­is­tra­tion offi­cials that they took an unprece­dent­ed step—complaining direct­ly to Moscow over a mod­ern-day “red phone.” The White House con­tact­ed the Krem­lin on the back chan­nel to offer detailed doc­u­ments of what it said was Russia’s role in elec­tion med­dling and to warn that the attacks risked set­ting off a broad­er con­flict. Source: Bloomberg

Cyber weapon could disrupt, take down electrical grids

Hack­ers allied with the Russ­ian gov­ern­ment have devised a cyber weapon that has the poten­tial to be the most dis­rup­tive yet against elec­tric sys­tems that Amer­i­cans depend on for dai­ly life, accord­ing to U.S. researchers. The mal­ware, which researchers have dubbed CrashOver­ride, is known to have dis­rupt­ed an ener­gy sys­tem in Ukraine in Decem­ber. Hack­ers briefly shut down one-fifth of the elec­tric pow­er gen­er­at­ed in Kiev. Source: Wash­ing­ton Post

Municipal debt market starts to feel impact of cyber risks

A rise in cyber attacks on U.S. pub­lic sec­tor tar­gets is begin­ning to be felt in the $3.8 tril­lion munic­i­pal debt mar­ket. S&P Glob­al has begun to quiz states, cities and towns about their cyber defens­es, and some cred­it ana­lysts are start­ing to fac­tor cyber­se­cu­ri­ty when they look at bonds. Moody’s Investors Ser­vice is also try­ing to fig­ure out how to best eval­u­ate cyber risk. Source: Reuters

Middle Eastern nations buy surveillance, decryption technology

U.K. defense giant BAE Sys­tems has made large-scale sales across the Mid­dle East of sophis­ti­cat­ed sur­veil­lance tech­nol­o­gy. These sales also includ­ed decryp­tion soft­ware that could be used against the U.K. and its allies. While the sales are legal, human rights cam­paign­ers and cyber­se­cu­ri­ty experts have expressed con­cerns these pow­er­ful tools could be used to spy on mil­lions of peo­ple and thwart dis­sent. Source: BBC

North Korean hackers go after media, aerospace, financial sectors

A bul­letin from the U.S. Com­put­er Emer­gency Readi­ness Team warns that a North Kore­an hack­ing team, dubbed Hid­den Cobra, is active­ly tar­get­ing media, aero­space, finan­cial and crit­i­cal infra­struc­ture sec­tors in the Unit­ed States and around the world. CERT says it has been work­ing with the FBI and Home­land Secu­ri­ty and has iden­ti­fied IP address­es used by the Hid­den Cobra team in their attacks. Source: The Reg­is­ter

Thousands of University of Oklahoma students’ data exposed

The Uni­ver­si­ty of Okla­homa exposed thou­sands of stu­dents’ edu­ca­tion­al records—including Social Secu­ri­ty num­bers, finan­cial aid infor­ma­tion and grades in records dat­ing to at least 2002— through lax pri­va­cy set­tings in a cam­pus file-shar­ing net­work. There was no out­side breach, but lax secu­ri­ty mea­sures allowed email users access to edu­ca­tion­al records. Source: Okla­homa Watch

Attacks constant, but few get through

A report from secu­ri­ty start­up tCell shows that attack­ers seek­ing to breach orga­ni­za­tions through cross-site script­ing attacks made more than 100,000 failed attempts for every suc­cess­ful breach.  “These apps are under con­stant attack,” says Michael Feiertag, CEO of tCell. “You have to have tools in place to man­age those threats, but also those know when to hit the pan­ic but­ton.” Source: Dark Read­ing

More companies see breaches through Internet of Things

Forty-eight per­cent of firms polled in a recent sur­vey have expe­ri­enced at least one Inter­net of Things secu­ri­ty breach. Accord­ing to the sur­vey, which polled 500 IT exec­u­tives across 19 indus­tries, com­pa­nies with rev­enues under $5 mil­lion annu­al­ly hit by an IoT breach expect­ed it to cost them 13.4 per­cent of their total rev­enue. For com­pa­nies with rev­enues above $2 bil­lion annu­al­ly, they esti­mate one IoT breach to cost them more than $20 mil­lion. Source: Win­dows IT Pro

Uber’s privacy problems continue to grow

Uber is fac­ing a new probe from the Fed­er­al Trade Com­mis­sion over its pri­va­cy prac­tices and han­dling of cus­tomer data. The com­pa­ny has faced a num­ber of ques­tions and con­tro­ver­sies about its use of cus­tomer data, includ­ing “God view,” a tool that allowed Uber to reveal the loca­tions of promi­nent users such as politi­cians and celebri­ties. Source: The Hill

Study finds all it takes is pizza to make friends give up buddies’ email address

Accord­ing to a paper pub­lished by the Nation­al Bureau of Eco­nom­ic Research, 98 per­cent of 3,108 MIT stu­dents were will­ing to give away their best friend’s email address for a slice of piz­za. Even with­out that incen­tive, 94 per­cent of stu­dents hand­ed out their friends’ per­son­al infor­ma­tion. That con­trasts with pre­vi­ous stud­ies that found near­ly three-quar­ters of peo­ple believe it’s impor­tant to be in con­trol of their infor­ma­tion, and 60 per­cent say they would nev­er feel com­fort­able shar­ing their email address. Source: The Dai­ly Dot