Posts tagged with "cyber attack"

Heather Skovlund computer illustration for use by 360 Magazine

Global Commitment to Cybersecurity

According to a recent study by the Atlas VPN team, the United States, United Kingdom, and Saudi Arabia lead in commitment to cybersecurity.

As technologies continue to evolve, governments around the world must face the reality of cyber threats and adapt their security practices. A study reports on countries’ scores on the Global Cybersecurity Index (GCI), varying cybersecurity training and practices, and additional statistics which help to create a fuller picture of the global relationship to cybersecurity.

A GCI score is given by evaluating each country’s commitment to legal, technical, organizational, capacity development, and cooperation indicators. The United States earned a perfect score of 100, getting all 20 points in each GCI indicator. However, while the US has the most cybersecurity resources, the latest cyberattacks on Americans have shown room for improvement.

The United Kingdom follows behind, scoring 99.54 points in GCI. The score indicates that the UK has to employ more computer incident response teams, enabling a country to respond to incidents at the national level using a centralized contact point and promote quick and systematic action.

Saudi Arabia shares second place, getting the same score of 99.54 as the UK. While being one of the fastest developing countries, Saudi Arabia has placed great importance on cybersecurity.

Estonia takes the fourth slot as they scored 99.48, losing just half a point in the capacity development indicator. Estonia has become one of the heavyweights in cybersecurity with a high-functioning central system for monitoring, reporting, and resolving incidents.

The Republic of Korea, Singapore, and Spain all share fifth place, scoring 98.52 points. 

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on the current cybersecurity landscape, “Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. For example, creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.”

Lack of cybersecurity training 

One of the reasons why cyber attacks continue to increase is a lack of cybersecurity education and training.

Just 46% of countries provided specific cybersecurity training for the public sector and government officials. Employees in these fields usually work with a lot of sensitive or confidential information, which is why education on cybersecurity is essential. 

Meanwhile, 41% of countries provided cybersecurity training to small and medium enterprises or private companies. Businesses often become targets for hackers as the latter can easily profit off of stolen data or ransomware attacks. While more prominent private companies can afford cybersecurity experts, smaller businesses do not have such luxury.

Law enforcement agents received educational cybersecurity programs in only 37% of countries, while only 31% of countries provide training to judicial and legal actors. This training may help officers and executors of the law understand how hackers think, identify the tools that hackers use to commit attacks, and ultimately prevent and protect from future cybercrime.

Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. Creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.

Rita Azar Illustrates an Eyewear Article for 360 MAGAZINE

Luxottica Hacked

By Justin Lyons

According to Italian press sources, Luxottica was the victim of a cyberattack Saturday.

Luxottica owns eyewear brands like Oakley, Ray-Ban, Coach, Chanel and Versace as well as retail brands like LensCrafters, Sunglass Hut and Target Optical. It is the largest eyewear company in the world with more than 80,000 employees.

SecurityOpenLab, an Italian cybersecurity site, said its sources confirmed Luxottica offices suffered a complete system failure due to ransomware attacks, shutting down operations in Italy and China

SecurityOpenLab also said union sources confirmed that workers received an SMS message saying the second shift on Sept. 21 had been suspended.

Users began reporting an inability to reach sites for LensCrafters, Sunglass Hut, Ray-Ban and other Luxottica brands on Saturday. It was also reported that One Luxottica, a user portal for the company, was down, but it appears to be up again at the time of writing.

BleepingComputer spoke to Bad Packets, a cybersecurity firm, who told them Luxottica used a Citrix ADX controller device, which is vulnerable to CVE-2019-19781, a flaw in Citrix devices.

This flaw is exploited by ransomware actors as it provides network access and credentials used to deeper infiltrate a network.

Luxottica took the servers to its eyewear brand websites offline. While websites for Oakley, Ray-Ban, Coach and more are accessible now, a manager at LensCrafters storefront told 360 MAGAZINE that the Ciao operating system crashed Saturday and that they still have little to no ability to process insurance or complete transactions.

Though Luxottica has not made a public statement, the same source told 360 MAGAZINE that IT support was unavailable while systems were down. LensCrafters is currently logging orders for a later date when systems are back up.

360 was also told that LensCrafters will offer 50% off frames and lenses for the inconvenience to customers.

Expert comment on Telegram cyber attack

Expert comment on Telegram cyber attack from Mark Skilton, Professor of Practice at Warwick Business School, who researches and consults on cyber security.

He said: “This type of attack is government censorship using cyber tools to block internet traffic. In this case it was massive overwhelming traffic noise targeting Telegram servers and networks to slow down the service in what is called ‘denial of service’.

“This was not a specific technology, but a distributed network attack on the internet ISP and NSP network providers. The strong encryption inside the Telegram app had no defence against the traffic level protocols and volume of traffic.

“To stop this type of attack would need new technology to block adversaries’ traffic before the network, something that is not possible if the Chinese government control and have access to that network currently. What typically happens is alternative telecoms networks might be used. But I suspect those too would be targeted for a full scale attack.

“However, we don’t know if it was a full wide scale internet attack or if it was a complete network wide attack. It seems some sophistication was used to target the Telegram app and user service. This may be a symptom of a more advanced distributed ‘denial of service’ acting as a swarm of attacks against specific targets.”

Roderick Jones

After Equifax’s large-scale cyber attack was revealed, Deloitte is the latest company to have been breached in a similar attack.

Available to discuss the implications of the Deloitte cyber attack, and what this could mean for companies and consumers, is cyber security expert Roderick Jones.

The Founder & CEO of cyber security firm Rubica, Roderick previously worked in the Special Branch of Scotland Yard, focusing on international terrorism. Below, Roderick explains the main takeaways from the latest attack:

  • The information illegally accessed by attackers will, where possible, be meshed with other known data to create further exploits against companies and individuals
  • Executives and their networks are increasingly at risk from cyber-breach due to the amount of personal data being lost

While six of Deloitte’s clients have been told that their information was compromised in the hack, the latest cyber attack is yet another example of the growing threat to companies’ and individuals’ online information.

About Roderick Jones // San Francisco
Roderick Jones is a global security leader with over 15 years of experience operating at the highest levels of the international security environment. During his time as a member of Scotland Yard’s Special Branch, Roderick focused on international terrorism and the protection of a prominent British cabinet member. He is the founder of cyber security firm Rubica, the global authority on cyber security and privacy for the world’s elite. Originally a service of Concentric Advisors, a physical security firm, Rubica provides those concerned with online crime the most effective digital security available. Jones received his master’s degree from the University of Cambridge.
Roderick on Ora TV: http://goo.gl/YHLGZ4