NIST puts finishing touches on critical infrastructure cyber framework, Organizations are flying blind as they embrace cloud services and more

September 26, 2013
No Comment


nistHere are the top cyber news and stories of the day.

  • New Virus Hits Freezing Point – “There is a new virus that protects itself against antiviruses by freezing the hard disk, researchers said. Once it infects a device, the virus creates a restore point. All the modifications made on the system by the user, including editing documents, copying files, and downloading data from the Web, will reset, said researchers from Vietnamese company Bkav. All the newly copied files end up erased.” This is a rather ingenious approach to viral attacks, and may be copied in the future. Via ISS Source, more here.
  • NIST puts finishing touches on critical infrastructure cyber framework – ‘The National Institute of Standards and Technology says it’s the “end of the beginning” for the drafting of the nation’s first-ever cybersecurity framework for protecting critical infrastructure. The agency says the document is essentially finished, and should be ready for release by its due date in a few weeks.’ Many experts are decrying this framework as not full enough, but it can at least be a starting point for cybersecurity efforts moving forward. While private sector adherence is not compulsory, it can be of value. Via Federal News Radio, more here.
  • Cloud security concerns causing UK adoption lag – “Managed services firm WideAngle, formerly Integralis, has issued new research showing the UK is lagging behind the rest of the world in terms of cloud adoption due to fears over regulatory compliance and data protection. In a survey of 700 global organisations, 57 per cent of UK business decision makers said these issues were the primary or a significant reason for slow cloud adoption in their organisation, while a further 29 per cent said they had at least a partial effect.” Via CloudPro, more here.
  • Organizations are flying blind as they embrace cloud services – Skyhigh Networks, a cloud usage analytics firm, is finding that many organizations are adopting cloud services without looking into security risks and other concerns. There is “rampant” cloud usage, without premeditated strategy and planning. Via Help Net Security, more here.

  • ‘Icefog’ spying operation targeted Japan, South Korea – “A hacking group that targeted Japan’s parliament in 2011 is believed to have conducted nimble data thefts against organizations mainly in South Korea and Japan, including defense contractors, over the past two years.” These attackers used carefully conducted strikes to exfiltrate key information from IT systems. ComputerWorld, more here.
  • Grant to Boost Wireless Security – Everything is going wireless, and many worry that because of that nothing is secure. When the DIRNSA General Alexander wanted an iPad, his team pull all the wireless components out of the device. To this end, the University of Arkansas at Little Rock recently received a $150,000 grant from the NSF to help combat security risks on wireless devices. Via ISS Source, more here.
  • Java exploits jump, Android malware emerges outside app stores – “A continued rise in exploit-based attacks, particularly against Java, and an increasing sophistication in mobile threats characterized the first half of 2013, which saw its share of interesting developments in the world of digital security. According to F-Secure’s new threat report, nearly 60% of F-Secure’s top ten detections in the first half of 2013 were exploits.” Via Help Net Security, more here.
  • Apple is a tempting phishing target for scammers – “Spam volumes took a usual seasonal drop in August, but phishing spiked, including a noticeable interest in hijacking Apple accounts. Spam averaged 67.6 percent of all emails in August, down 3.6 percentage points compared to July, wrote Kaspersky Lab analysts Tatyana Shcherbakova and Maria Vergelis in a blog post. But 5.6 percent of those spam emails contained malicious attachments, an increase of 3.4 percentage points over a month prior.” Apple users are typically wealthier than their Android compatriots, and targeting them can be more profitable than targeting other users. Via ComputerWorld, more here.
  • ‘No problem’ with NSA collaboration, says NIST director – The NIST has been again called upon to defend their partnerships with the NSA. NIST sets the encryption standards for the federal civilian agencies, while NSA sets the standards for national security matters. Since the NSA is under intense pressure from (basically) everyone about spying, it is no surprise that any partnership with the NSA is decried. Via FierceGovernmentIT, more here.
  • Survey highlights ignorant IT behavior in the workplace – “ nearly 1 in 5 (19%) U.S. employees working in an office setting who admit they have opened an email at work they suspected to be fake or a phishing scam — without notifying the IT department — according to the results of a survey by Harris Interactive.” Cyber education is one of the largest issues in enterprises, and will continue to be as users are a key weakness in cybersecurity paradigms. Via Help Net Security, more here.