It’s been another eventful week in the world of cyber security. So let’s just jump right into it.
NCSC has Been Busy
NCSC collaborated with Australia, Canada, New Zealand, UK, and the USA to give us a report that highlights which publicly-available tools criminals are using to aid their cyber crimes.
The agency also commented on how it keeps criminals at bay by stopping on average 10 attacks on the government per week.
Targeting Crypto Currencies
It is estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen.
- Targeted attacks on crypto exchanges resulted in a loss of $882 million | HelpNet Security
Twitter Publishes Data on Iranian and Russian Troll Farms
In an attempt to try and be more proactive in dealing with misinformation campaigns, Twitter has published its Elections Integrity dataset which includes attempted manipulation, including malicious automated accounts and spam. In other words it’s attempting to out - Iranian and Russian troll farms.
In light of this, it’s worth also revisiting this article by Mustafa Al-Bassam in which he researched UK intelligence doing the same thing targeting civilians in Iran.
Equifax Engineer Sentenced
An Equifax engineer gets eight months for earning $75,000 from insider trading. He figured out he was building a web portal for a breach involving Equifax, which turned out to be the 2017 breach, and so decided to ride the stock drop.
- Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading | ZDNet
Mind the Skills Gap
(ISC)2 has released its 2018 global cyber security workforce study and it looks like the cyber security skills gap has widened to 3 million.
It’s worth bearing in mind that estimating the skills gap isn’t an easy task. You have to look into the types of organisations, the tools in place, the risk appetite, economic, political, environmental factors, a whole bunch of things. You need a pretty deep methodology (don’t get me started on survey methodologies) to accurately assess the skills gap - so, a survey of 1500 individuals won’t necessarily be completely accurate, but serves as a good discussion point to start from.
- Global cyber security skills gap widens to three million | IT PRo
- Cybersecurity workforce study 2018 | (ISC)2
On the topic of the skills gap, there are plenty of free resources for learning available these days. Check out this awesome list:
- 190 Universities just launched 600 Free Online Courses. Here’s the full list | Medium / Dhawal Shah
When Microsoft acquired GitHub, many speculated this was the end of the site. However, on the contrary, a series of new features and enhancements shows GitHub ploughing forward in leaps and bounds.
California to Change State Law for Connected Devices
In a bid to strengthen cyber security, California passed a state law requiring all manufacturers of internet connected devices to improve their security features. By 2020, in order to sell their products in California, manufacturers will need to ensure that devices such as home routers have a unique pre-programed password or an enforced user authentication process as part of the set up. Default passwords such as ‘password’ or ‘default’ will be deemed weak and in breach of the state law.
A great initiative, but part of me feels like it’s a bit premature.