2017 – Page 5 – Cyber Law Watch

Is your IoT device putting you at risk?

Mar 21 2017

As the uptake of IoT (Internet of Things) devices increases, industry experts question whether adequate cybersecurity measures are in place. While we are not surprised with the results of a recent survey, it has been confirmed that IoT devices represent the next big cybersecurity threat.

A Tripwire study found 96% of surveyed IT pros expect to see an increase in security attacks on IoT. The study acknowledges the promise of these devices in facilitating tasks and bringing convenience, but also notes the risk they pose as they’re not always built with security in mind. The study found the industries facing the biggest threat include energy, utilities, government, healthcare and finance with devices connecting the Industrial Internet of Things viewed as susceptible to serious consequences. David Meltzer, COO at Tripwire, says there must be a change in the level of preparation for such attacks or the realization of these risks will be experienced.

You are not alone! Rasomware attacks increase

Mar 21 2017

By Cameron Abbott and Giles Whittaker

While no one likes to admit that they have been caught out or victimised by cyber-attacks such as ransomware, what appears to be true is that a lot of organisations are. The lesson is that it is quite likely to happen so design your IT systems to give you a recovery option. No good having your back up encrypted as well!

A survey (reg. req.) of IT security decision makers by CyberEdge found that a whopping 61% of respondents’ organizations were victimized by ransomware in 2016. Among those hit by ransomware, 33% paid the ransom to recover their data, 54% refused to pay but recovered their data anyway, and 13% refused to pay and lost their data. In general, the report found the percentage of organizations being hit by successful cyber-attacks continues to rise, from 62% in 2014 to 70% in 2015, 76% in 2016, and 79% in 2017. Three in five respondents believe a successful cyber-attack is likely in the coming year.

US Government charges two Russian spies for 2014 Yahoo data breach

Mar 17 2017

By Cameron Abbott and Giles Whittaker

US federal authorities have charged 4 men – including 2 Russian spies – in regards to the massive 2014 Yahoo data breach that resulted in the stolen data of over 500 million Yahoo accounts in 2014.

It is speculated that the Russian government used the information obtain to conduct a range of espionage activities, including the targeting of “Yahoo trade secrets that contained, among other data, subscriber information including users; names, recovery email accounts, phone numbers and certain information required to manually create or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts” according to an indictment.

In addition to the above Alexsey Belan – a 29 Latvian born Russian national – was able to steal financial information such as gift cards and credit card numbers from webmail accounts and used the accounts to profit from earning commissions on fraudulently redirecting a subset of Yahoo’s search engine traffic.

As the frequency and severity of cyber attacks increase, Director of the FBI James Comey identified the priority “to pierce the veil of anonymity surrounding cyber crimes,” and that US national security authorities “are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?

Mar 13 2017

By Cameron Abbott and Allison Wallace

Ridesharing service Uber has been using a self-developed program called Greyball in a bid to avoid regulatory scrutiny and other law enforcement activity.

As reported in The New York Times, the program uses various techniques to survey government officials when rolling out the service in new cities. This came after Uber’s services encountered legal issues (including cars being impounded and drivers fined) as it tried to operate in new locations, including in Melbourne, Australia. Read More

Australia’s new data breach notification laws: what they mean for you

Feb 15 2017

By Cameron Abbott, Rob Pulham and Allison Wallace

Further to our blog post yesterday, we’ve prepared a summary into the implications of the Privacy Amendment (Notifiable Data Breaches) Bill 2017 that has now been passed by both houses of Parliament. Read our article here.

Australian data breach notification law passes both houses of Parliament

Feb 14 2017

By Cameron Abbott and Rob Pulham

For those who have been following the progress of the Australian data breach notification laws, as of yesterday (13 February 2017) the bill has been passed by both houses of Parliament and now awaits royal assent.

Update: Mandatory Data Breach Notification Laws closer to being introduced

Feb 07 2017

By Cameron Abbott and Allison Wallace

As foreshadowed by the Attorney General’s Department last year, the Australian government is pushing ahead with its plan to introduce mandatory data breach notification laws, with Parliament today agreeing to a third reading of the Privacy Amendment (Notifiable Data Breaches) Bill 2016. You can find more about the proposed legislation here. We’ll keep you updated as the bill makes its way through parliament.

Baseball team pays a big price for hacking

Feb 07 2017

By Cameron Abbott and Allison Wallace

You may not have followed this but the America’s Major League Baseball (MLB) St Louis Cardinals had an employee who accessed the Astros’ system around 60 times over two years, gaining access with a password similar to that used by a Cardinals colleague who left the club to work for the Astros in 2011. (Also a little lesson there about password management one would think.)

Anyway Correa was last year fined nearly USD280,000, and sentenced to 46 months in Federal prison. Enough said. Read More

Juniper report predicts IoT botnets will be an unmanageable cyber-security issue

Jan 26 2017

By Cameron Abbott

Juniper’s Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 cautions that the scale of connectivity related to consumer IoT will lead to unmanageable cybersecurity risk created by botnets in excess of 1 million units. The research found that botnets that disrupt internet services form part of the near-term threat landscape and will be used for more malicious purposes in the future. Botnets are expected to be used not only to disrupt services, but also to create a distraction in order to enable multi-pronged attacks. While the research calls on IoT manufacturers to implement security-by-design, it also found the market is wide open for challenger security vendors.

U.S. data breaches reached record high in 2016: Report

Jan 26 2017

By Cameron Abbott

According to a report highlighting findings from the Identity Theft Resource Center and CyberScout:

Data breaches in the U.S. reached an all-time high in 2016, with the number of breaches tracked reaching 1,093, a 40% increase from the year earlier
The financial services industry accounted for only 52 of the breaches, or 4.8%, making it the least hit of the five industries tracked. Business, healthcare, education and the government and military were hacked more than the financial services industry
For the eighth consecutive year, hacking, skimming and phishing were the main drivers of data breaches, representing 55.5% of all reported incidents. Many were due to CEO phishing in which sensitive data is exposed
While consumers and businesses are constantly warned to pay close attention to their email, breaches that used email and the internet as a way to hack people only accounted for 9.2% of all the hacks, while employee error was responsible for 8.7% of the hacks.

This isn’t the first data set to show that data breaches surged in 2016. According to Gemalto’s Breach Level Index, in the first six months of 2016, data breaches rose 15%, and the number of compromised data records jumped 31% compared to the previous six months. The findings also revealed that 64% of all data breaches involve identity and personal data theft.

Archive:2017