Attacks on U.S. elections more widespread than thought, targeting voter data, software

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Russia’s cyber attack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state, accessed a campaign finance database. In all, the Russian hackers hit systems in a total of 39 states. The scope and sophistication so concerned Obama administration officials that they took an unprecedented step—complaining directly to Moscow over a modern-day “red phone.” The White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict. Source: Bloomberg

Cyber weapon could disrupt, take down electrical grids

Hackers allied with the Russian government have devised a cyber weapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life, according to U.S. researchers. The malware, which researchers have dubbed CrashOverride, is known to have disrupted an energy system in Ukraine in December. Hackers briefly shut down one-fifth of the electric power generated in Kiev. Source: Washington Post

Municipal debt market starts to feel impact of cyber risks

A rise in cyber attacks on U.S. public sector targets is beginning to be felt in the $3.8 trillion municipal debt market. S&P Global has begun to quiz states, cities and towns about their cyber defenses, and some credit analysts are starting to factor cybersecurity when they look at bonds. Moody’s Investors Service is also trying to figure out how to best evaluate cyber risk. Source: Reuters

Middle Eastern nations buy surveillance, decryption technology

U.K. defense giant BAE Systems has made large-scale sales across the Middle East of sophisticated surveillance technology. These sales also included decryption software that could be used against the U.K. and its allies. While the sales are legal, human rights campaigners and cybersecurity experts have expressed concerns these powerful tools could be used to spy on millions of people and thwart dissent. Source: BBC

North Korean hackers go after media, aerospace, financial sectors

A bulletin from the U.S. Computer Emergency Readiness Team warns that a North Korean hacking team, dubbed Hidden Cobra, is actively targeting media, aerospace, financial and critical infrastructure sectors in the United States and around the world. CERT says it has been working with the FBI and Homeland Security and has identified IP addresses used by the Hidden Cobra team in their attacks. Source: The Register

Thousands of University of Oklahoma students’ data exposed

The University of Oklahoma exposed thousands of students’ educational records—including Social Security numbers, financial aid information and grades in records dating to at least 2002— through lax privacy settings in a campus file-sharing network. There was no outside breach, but lax security measures allowed email users access to educational records. Source: Oklahoma Watch

Attacks constant, but few get through

A report from security startup tCell shows that attackers seeking to breach organizations through cross-site scripting attacks made more than 100,000 failed attempts for every successful breach.  “These apps are under constant attack,” says Michael Feiertag, CEO of tCell. “You have to have tools in place to manage those threats, but also those know when to hit the panic button.” Source: Dark Reading

More companies see breaches through Internet of Things

Forty-eight percent of firms polled in a recent survey have experienced at least one Internet of Things security breach. According to the survey, which polled 500 IT executives across 19 industries, companies with revenues under $5 million annually hit by an IoT breach expected it to cost them 13.4 percent of their total revenue. For companies with revenues above $2 billion annually, they estimate one IoT breach to cost them more than $20 million. Source: Windows IT Pro

Uber’s privacy problems continue to grow

Uber is facing a new probe from the Federal Trade Commission over its privacy practices and handling of customer data. The company has faced a number of questions and controversies about its use of customer data, including “God view,” a tool that allowed Uber to reveal the locations of prominent users such as politicians and celebrities. Source: The Hill

Study finds all it takes is pizza to make friends give up buddies’ email address

According to a paper published by the National Bureau of Economic Research, 98 percent of 3,108 MIT students were willing to give away their best friend’s email address for a slice of pizza. Even without that incentive, 94 percent of students handed out their friends’ personal information. That contrasts with previous studies that found nearly three-quarters of people believe it’s important to be in control of their information, and 60 percent say they would never feel comfortable sharing their email address. Source: The Daily Dot