measurements
Featured Government Technology

‘More of an Art Than a Science:’ Behind the Government’s Effort To Measure Cybersecurity

A dirty little secret of cybersecurity is that no one really knows how to measure it. To start filling that void, the U.S. government standards agency, the National Institute of Standards and Technology, is leading a big push to catalogue existing measurement systems and research new ones. NIST asked in September for public comments about how organizations measure their cybersecurity performance….

iphone hacker
Featured Government Nation-state Technology

Spyware Attack Targeting Dozens of Journalists Used Pernicious Zero-Click Exploit, Researchers Say

The mobile phones of dozens of employees at news outlet Al Jazeera were hacked using a stealthy ‘zero-click’ exploit developed by NSO Group, a heavily scrutinized Israeli commercial spyware vendor, according to a new report by researchers at Citizen Lab. The security research group associated with the University of Toronto said that the 36 journalists identified in their report likely represent a “minuscule fraction” of the total victims of the company’s spyware given the size of NSO Group’s customer base and the reach of the vulnerability, which affects iPhones prior to the iOS 14 update that was released this fall and included several security enhancements….

israel code
Cybercrime Featured Government Leadership People Technology

Former Israeli CERT Chief: ‘A Cheap Incident Response Costs A Lot’

As the executive director of Israel’s National Computer Emergency Response Center, or CERT, Lavy Shtokhamer dealt with more cyberattacks in a week than many information security professionals would see in a year. The Center acted as a hub for information sharing and response in the country, with victims constantly informing Shtokhamer and his team of new incidents, which would then be anonymized and relayed to other companies and government organizations to help protect them from the similar attacks. Last week, I caught up with Shtokhamer via video conference—he will be taking on a new role in the coming days, and was open to talking about his experience in the Israeli government…

department of homeland security
Featured Government Leadership Nation-state Technology

Ridding Hackers From Government Networks Will Be “Highly Complex and Challenging,” CISA Warns

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Thursday issued its most urgent and detailed alert yet about the hacking campaign that has rocked government agencies and technology firms in recent days, saying that it “poses a grave risk” to federal and state governments, critical infrastructure entities, and private sector organizations. Additionally, CISA said it has evidence of additional attack vectors other than the SolarWinds Orion platform. CISA said it is still investigating the additional attack vectors, and that the attacker is likely using tactics, techniques, and procedures that have not yet been discovered…

chart
Chart of the Week Cybercrime Featured Technology

How Cybercrime Became a $1 Trillion Problem

Although the saying “crime doesn’t pay” may have some truth to it, a new report shows that cybercrime does in fact pay—and the numbers are only going up. Monetary losses from cybercrime are estimated to reach $945 billion in 2020, up from $522 billion in 2018 and $300 billion in 2013, according to a study released last week by The Center for Strategic and International Studies, a nonprofit research organization that focuses on national security issues, and the cybersecurity firm McAfee….

A hacker
Cybercrime Featured Technology

Exploit Kits, Once a Favorite of Cybercriminals, Move To Private Marketplaces

Hacking tools often follow a trend: They’re developed by an individual or group, others adopt it if it works well, and—once organizations become aware of it and start defending themselves—their use declines until they eventually disappear. On the surface, cybersecurity professionals might think that exploit kits are at the tail end of this trend. Exploit kits, which are essentially programs that automate the process of finding and exploiting vulnerabilities, have been around for more than a decade and likely reached their peak in the early 2010s…

Hack
Cybercrime Featured Nation-state Technology

What We Know So Far About the FireEye Breach—and Why It Matters

On Tuesday afternoon, cybersecurity firm FireEye announced what is likely one of the most significant cyberattacks of 2020—with itself as the victim. The attack was notable not just because the fallout could be immense, but because it required a brazenness and skill that only the most sophisticated hacking groups could pull off. Details will likely emerge as the FBI, FireEye, and its partners investigate the incident, but here’s what we know already…

The Department of Justice unsealed a series of cybersecurity indictments.
Cybercrime Featured Technology

Ex-Microsoft Employee Sentenced To 9 Years in Prison for Stealing $10 Million in Digital Currency

Sometimes the biggest threat to an organization’s data and IT systems are the employees who work there. A 26-year-old Ukranian citizen who was found guilty of stealing millions of dollars in digital currency and using the proceeds to fund a lavish lifestyle was sentenced Monday by a federal judge in Seattle to nine years in prison and ordered to pay more than $8.3 million in restitution.

chart
Featured Technology

Businesses Plan to Spend More on Cybersecurity, Despite Shaky Economic Forecast

Record unemployment. A surge in bankruptcies. Warnings of an economic slowdown. And… an increase in cybersecurity spending?

More than half of the businesses surveyed in a new PwC study said they plan to increase their cybersecurity budget in 2021, highlighting the sector’s resilience amid economic uncertainty…

Eliot Higgins
Featured Leadership People Technology

Bellingcat Founder Eliot Higgins on Finding Truth in a World of Disinformation

In 2013, Eliot Higgins was an unemployed finance and administration worker blogging about the Syrian civil war from his home in Leicester, about 100 miles north of London. Since then, Higgins has turned his hobby into a full-fledged investigative journalism operation, with an office in the Netherlands and 18 full-time employees…