The Year of the Teenage Hacker
The year 2020 was full of high-profile cyberattacks launched by criminal gangs and state-sponsored hackers. But dozens of headline-grabbing cybersecurity incidents and arrests this year involved teenagersâsome of whom havenât even graduated high school yet. As the coronavirus pandemic forced schools across the country to adopt distance learning programs and change the way they operate, some studentsâlikely pent up at home with a lot of time and little to do that doesnât involve a Wi-Fi connectionâseem to have used it as an opportunity to hone their hacking skills…
An Interview With Russian Hacker Pavel Sitnikov: âThere Is No [Hacking] Scene Now, Only Commerceâ
Hackers often go to great lengths to be discreet. Thatâs not the case with Pavel Sitnikov. The long-standing, Russian-speaking hacker until recently posted frequently on Twitter, where he listed his name, his alias (FlatL1ne), and his self-proclaimed connection with the infamous hacking group APT28, or Fancy Bearâhis Twitter account is currently suspended…
The Record Is Hiring a Cybersecurity Reporter
The Record by Recorded Future is seeking a reporter to cover the ins and outs of the cybersecurity news beat. We are looking for a talented writer who feels at home reporting quick scoops on the latest cybersecurity stories, contributing to weekly newsletters and podcasts, and can write in-depth analysis on broader industry trends. The ideal candidate should be comfortable with building relationships with a wide range of sources, including government officials, cybersecurity executives, and academic researchers….
‘More of an Art Than a Science:’ Behind the Governmentâs Effort To Measure Cybersecurity
A dirty little secret of cybersecurity is that no one really knows how to measure it. To start filling that void, the U.S. government standards agency, the National Institute of Standards and Technology, is leading a big push to catalogue existing measurement systems and research new ones. NIST asked in September for public comments about how organizations measure their cybersecurity performance….
Spyware Attack Targeting Dozens of Journalists Used Pernicious Zero-Click Exploit, Researchers Say
The mobile phones of dozens of employees at news outlet Al Jazeera were hacked using a stealthy âzero-clickâ exploit developed by NSO Group, a heavily scrutinized Israeli commercial spyware vendor, according to a new report by researchers at Citizen Lab. The security research group associated with the University of Toronto said that the 36 journalists identified in their report likely represent a âminuscule fractionâ of the total victims of the companyâs spyware given the size of NSO Groupâs customer base and the reach of the vulnerability, which affects iPhones prior to the iOS 14 update that was released this fall and included several security enhancements….
Former Israeli CERT Chief: ‘A Cheap Incident Response Costs A Lot’
As the executive director of Israelâs National Computer Emergency Response Center, or CERT, Lavy Shtokhamer dealt with more cyberattacks in a week than many information security professionals would see in a year. The Center acted as a hub for information sharing and response in the country, with victims constantly informing Shtokhamer and his team of new incidents, which would then be anonymized and relayed to other companies and government organizations to help protect them from the similar attacks. Last week, I caught up with Shtokhamer via video conferenceâhe will be taking on a new role in the coming days, and was open to talking about his experience in the Israeli government…
Scammers Are Trying To Capitalize on the Race To Deliver COVID-19 Vaccines
In March and April, when fear and uncertainty about the coronavirus pandemic reached a high point in the U.S., hackers and scammers started incorporating language about COVID-19 into phishing attacks and new web domains to trick anxious victims into downloading malware, a U.S. cybersecurity agency warned. New research suggests that scammers are now pivoting their effortsâas governments and healthcare organizations race to deliver inoculations, hackers are embracing vaccine-related phishing lures…
Ridding Hackers From Government Networks Will Be âHighly Complex and Challenging,â CISA Warns
The Department of Homeland Securityâs Cybersecurity and Infrastructure Security Agency on Thursday issued its most urgent and detailed alert yet about the hacking campaign that has rocked government agencies and technology firms in recent days, saying that it âposes a grave riskâ to federal and state governments, critical infrastructure entities, and private sector organizations. Additionally, CISA said it has evidence of additional attack vectors other than the SolarWinds Orion platform. CISA said it is still investigating the additional attack vectors, and that the attacker is likely using tactics, techniques, and procedures that have not yet been discovered…
How Cybercrime Became a $1 Trillion Problem
Although the saying âcrime doesnât payâ may have some truth to it, a new report shows that cybercrime does in fact payâand the numbers are only going up. Monetary losses from cybercrime are estimated to reach $945 billion in 2020, up from $522 billion in 2018 and $300 billion in 2013, according to a study released last week by The Center for Strategic and International Studies, a nonprofit research organization that focuses on national security issues, and the cybersecurity firm McAfee….
FBI, CISA Warn K-12 Schools of a Spike in Ransomware, With More Threats on the Horizon
On Thursday, the FBI and Department of Homeland Securityâs Cybersecurity and Infrastructure Security Agency warned that 57% of ransomware attacks reported in August and September to MS-ISACâa government-funded center that tracks cyberattacks on state, local, and tribal governmentsâhit K-12 institutions. Thatâs up from 28% between January and July. The alert suggests that the rapid transition to distance learning in 2020 contributed to cybersecurity gaps, which made schools more vulnerable to attack…