Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks.The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall."This is the first time I've seen that the number of unique malware samples actually decreased," said Dmitriy Ayrapetov, director of product management at SonicWall, which produced the report, based on data collections from more than a million sensors.To read this article in full or to leave a comment, please click here
Last summer at the Black Hat cybersecurity conference, the DARPA Cyber Grand Challenge pitted automated systems against one another, trying to find weaknesses in the others' code and exploit them."This is a great example of how easily machines can find and exploit new vulnerabilities, something we'll likely see increase and become more sophisticated over time," said David Gibson, vice president of strategy and market development at Varonis Systems.His company hasn't seen any examples of hackers leveraging artificial intelligence technology or machine learning, but nobody adopts new technologies faster than the sin and hacking industries, he said.To read this article in full or to leave a comment, please click here
Last summer at the Black Hat cybersecurity conference, the DARPA Cyber Grand Challenge pitted automated systems against one another, trying to find weaknesses in the others' code and exploit them."This is a great example of how easily machines can find and exploit new vulnerabilities, something we'll likely see increase and become more sophisticated over time," said David Gibson, vice president of strategy and market development at Varonis Systems.His company hasn't seen any examples of hackers leveraging artificial intelligence technology or machine learning, but nobody adopts new technologies faster than the sin and hacking industries, he said.To read this article in full or to leave a comment, please click here
Security awareness teams aren't getting the support they need to be successful, according to the SANS Institute. But some unexpected factors can cause programs to fail as well, including a focus on compliance -- and too much security expertise on the team."Most organizations actually have a security awareness program," said Lance Spitzner, director of the Securing the Human Program at the SANS Institute, looking back at what the industry learned in 2016. "Yet we continue to have problems."To read this article in full or to leave a comment, please click here
Security awareness teams aren't getting the support they need to be successful, according to the SANS Institute. But some unexpected factors can cause programs to fail as well, including a focus on compliance -- and too much security expertise on the team."Most organizations actually have a security awareness program," said Lance Spitzner, director of the Securing the Human Program at the SANS Institute, looking back at what the industry learned in 2016. "Yet we continue to have problems."To read this article in full or to leave a comment, please click here
Is anti-virus software getting worse at detecting both known and new threats?Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.To read this article in full or to leave a comment, please click here
Is anti-virus software getting worse at detecting both known and new threats?Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.To read this article in full or to leave a comment, please click here
There are many reasons why IT professionals can be fired, but six out of the top nine are related to security, said a survey released this morning.For example, having a tech investment that leads to a security breach was considered a fireable offense by 39 percent of organizations, according to Osterman Research, which conducted the survey.A data breach that becomes public was a fireable offense for 38 percent of companies.Other fireable offenses included failing to modernize a security program, data breaches with unknown causes, data breaches that do not become public, and the failure of a security product or program investment.To read this article in full or to leave a comment, please click here
There are many reasons why IT professionals can be fired, but six out of the top nine are related to security, said a survey released this morning.For example, having a tech investment that leads to a security breach was considered a fireable offense by 39 percent of organizations, according to Osterman Research, which conducted the survey.A data breach that becomes public was a fireable offense for 38 percent of companies.Other fireable offenses included failing to modernize a security program, data breaches with unknown causes, data breaches that do not become public, and the failure of a security product or program investment.To read this article in full or to leave a comment, please click here
As open source code becomes more prevalent in both commercial and home-grown applications, the number of attacks based on its vulnerabilities will increase by 20 percent this year, predicted Black Duck Software, which collects statistics about open source projects.The number of commercial software projects that were composed of 50 percent or more of free, open source software went up from 3 percent in 2011 to 33 percent today, said Mike Pittenger, vice president of security strategy at Black Duck Software.The average commercial application uses more than 100 open source components, he said, and two-thirds of commercial applications have code with known vulnerabilities in it.To read this article in full or to leave a comment, please click here
Increased user awareness of phishing threats, better antivirus technology, more industry-wide information sharing and cross-border efforts by law enforcement authorities will combine to turn the tide against ransomware this year, according to some security experts, but others expect the attacks to continue to increase.According to a security expert who requested anonymity, ransomware cybercriminals took in about $1 billion last year, based on money coming into ransomware-related Bitcoin wallets.That includes more than $50 million each for three wallets associated with the Locky ransomware, and a fourth one that processed close to $70 million. Cryptowall brought in close to $100 million before it was shut down this year. CryptXXX gathered in $73 million during the second half of 2016, and Cerber took in $54 million, the expert said.To read this article in full or to leave a comment, please click here
Increased user awareness of phishing threats, better antivirus technology, more industry-wide information sharing and cross-border efforts by law enforcement authorities will combine to turn the tide against ransomware this year, according to some security experts, but others expect the attacks to continue to increase.According to a security expert who requested anonymity, ransomware cybercriminals took in about $1 billion last year, based on money coming into ransomware-related Bitcoin wallets.That includes more than $50 million each for three wallets associated with the Locky ransomware, and a fourth one that processed close to $70 million. Cryptowall brought in close to $100 million before it was shut down this year. CryptXXX gathered in $73 million during the second half of 2016, and Cerber took in $54 million, the expert said.To read this article in full or to leave a comment, please click here
The black market value of stolen medical records dropped dramatically this year, and criminals shifted their efforts from stealing data to spreading ransom ware, according to a report released this morning.Hackers are now offering stolen records at between $1.50 and $10 each, said Anthony James, CMO at San Mateo, Calif.-based security firm TrapX, the company that produced the report.That down a bit since this summer, when a hacker offered 10 million patient records for about $820,000 -- or about $12 per record -- and even a bigger drop from 2012, when the World Privacy Forum put the street value of medical records at around $50 each.To read this article in full or to leave a comment, please click here
The black market value of stolen medical records dropped dramatically this year, and criminals shifted their efforts from stealing data to spreading ransom ware, according to a report released this morning.Hackers are now offering stolen records at between $1.50 and $10 each, said Anthony James, CMO at San Mateo, Calif.-based security firm TrapX, the company that produced the report.That down a bit since this summer, when a hacker offered 10 million patient records for about $820,000 -- or about $12 per record -- and even a bigger drop from 2012, when the World Privacy Forum put the street value of medical records at around $50 each.To read this article in full or to leave a comment, please click here
Whether quantum computing is 10 years away -- or is already here -- it promises to make current encryption methods obsolete, so enterprises need to start laying the groundwork for new encryption methods.A quantum computer uses qubits instead of bits. A bit can be a zero or a one, but a qubit can be both simultaneously, which is weird and hard to program but once folks get it working, it has the potential to be significantly more powerful than any of today's computers.And it will make many of today's public key algorithms obsolete, said Kevin Curran, IEEE senior member and a professor at the University of Ulster, where he heads up the Ambient Intelligence Research Group.To read this article in full or to leave a comment, please click here
Whether quantum computing is 10 years away -- or is already here -- it promises to make current encryption methods obsolete, so enterprises need to start laying the groundwork for new encryption methods.A quantum computer uses qubits instead of bits. A bit can be a zero or a one, but a qubit can be both simultaneously, which is weird and hard to program but once folks get it working, it has the potential to be significantly more powerful than any of today's computers.And it will make many of today's public key algorithms obsolete, said Kevin Curran, IEEE senior member and a professor at the University of Ulster, where he heads up the Ambient Intelligence Research Group.To read this article in full or to leave a comment, please click here
The new Internet communication protocol, HTTP/2, is now being used by 11 percent of websites -- up from just 2.3 percent a year ago, according to W3Techs.The new protocol does offer better performance, but there is no particular rush to upgrade, and it's backwards-compatible with the previous protocol, HTTP/1.1.No security problems have been found in the protocol itself, but there are vulnerabilities in some implementations and the possibility of lower visibility into internet traffic, so it's worth waiting for everything to shake out.The pressure to switch is likely to come from lines of business, said Graham Ahearne, director of product management at security firm Corvil.To read this article in full or to leave a comment, please click here
The new Internet communication protocol, HTTP/2, is now being used by 11 percent of websites -- up from just 2.3 percent a year ago, according to W3Techs.The new protocol does offer better performance, but there is no particular rush to upgrade, and it's backwards-compatible with the previous protocol, HTTP/1.1.No security problems have been found in the protocol itself, but there are vulnerabilities in some implementations and the possibility of lower visibility into internet traffic, so it's worth waiting for everything to shake out.The pressure to switch is likely to come from lines of business, said Graham Ahearne, director of product management at security firm Corvil.To read this article in full or to leave a comment, please click here
According to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months.The big problem is that even when a website is managed by a careful company, it will often load content from other sites, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security, which sponsored the report, which was released this morning.For example, news sites -- 50 percent of which were risky -- typically run ads from third-party advertising networks.To read this article in full or to leave a comment, please click here
According to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months.The big problem is that even when a website is managed by a careful company, it will often load content from other sites, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security, which sponsored the report, which was released this morning.For example, news sites -- 50 percent of which were risky -- typically run ads from third-party advertising networks.To read this article in full or to leave a comment, please click here