Tag Archive for: fight

Cyber Experts Discount Insurance in Ransomware Fight – MeriTalk

/in


Federal cybersecurity leaders argued against the effectiveness of cyber insurance as a way to alleviate financial burdens associated with ransomware attacks during a hearing of the House Homeland Security Committee’s panel on intelligence and counterterrorism on June 28.

During her opening remarks at the hearing, Rep. Elissa Slotkin, D-Mich., urged that critical infrastructure providers consider getting cyber insurance to help deal with the impact of ransomware attacks that may be launched against them.  At the same time, she acknowledged that utilizing insurance policies to pay ransoms and re-establish systems after a cyberattack remains an uncertain prospect for organizations that have fewer resources.

“We know that small and medium-sized businesses, small and medium-sized governments, don’t have firms to take care of everything for them, and that not everyone can afford cybersecurity insurance, which is something I encourage all leaders to look into,” Rep. Slotkin said.

Federal government cybersecurity experts testifying before the subcommittee pushed back against the congresswoman’s promotion of cyber insurance options.

Iranga Kahangama, assistant secretary for cyber, infrastructure, risk, and resilience policy at the Department of Homeland Security’s (DHS) Office of Strategy, Policy, and Plans, highlighted how taking out a cyber insurance policy could make organizations a more attractive target for cybercriminals.

“They will do their market research on victims who can afford to pay, and they will look at people who have cyber insurance to see if they are more susceptible to paying [the ransom],” Kahangama said.

Matt Hartman, the Cybersecurity and Infrastructure Security Agency’s (CISA) deputy executive assistant director for cybersecurity, agreed with Kahangama, and identified basic cybersecurity measures that organizations should implement proactively. He also stressed the importance of contacting CISA for help.

“We routinely engage with [state, local, tribal, and territorial government] partners, including [at] events specifically for governors and county leaders, as well as the private sector. [We also] continue to release cyber alerts containing…

Source…

How DOJ took the malware fight into your computer

/in


“We have gotten more comfortable, as a government, taking that step,” Adam Hickey, a deputy assistant attorney general for national security, said in an interview at the RSA cybersecurity conference in San Francisco.

The latest example of this approach came in April, when U.S. authorities wiped malware off of hacked servers used to control a Russian intelligence agency’s botnet, preventing the botnet’s operators from sending instructions to the thousands of devices they had infected. A year earlier, the Justice Department used an even more expansive version of the same technique to send commands to hundreds of computers across the country that were running Microsoft’s Exchange email software, removing malware planted by Chinese government agents and other hackers.

In both cases, federal prosecutors obtained court orders allowing them to access the infected devices and execute code that erased the malware. In their applications for these orders, prosecutors noted that government warnings to affected users had failed to fix the problems, thus necessitating more direct intervention.

Unlike in years past, when botnet takedowns prompted extensive debates about the propriety of such direct intervention, the backlash to these recent operations was limited. One prominent digital privacy advocate, Alan Butler of the Electronic Privacy Information Center, said malware removals required close judicial scrutiny but acknowledged that there was often good reason for them.

Still, DOJ officials said they see surreptitiously taking control of American computers as a last resort.

“You can understand why we should be appropriately cautious before we touch any private computer system, much less the system of an innocent third party,” Hickey said.

Bryan Vorndran, who leads the FBI’s Cyber Division, said in an interview at RSA that the government’s approach is to “move from least intrusive to most intrusive.”

In the early days of action against botnets, beginning with a 2011 takedown of a network called Coreflood, senior government officials were reluctant to push the limits of their powers.

“With Coreflood, it was, ‘Okay, you can stop the malware, but we’re not going to…

Source…

New Army Chief underlines need for ‘indigenous weapons’ to fight conventional wars

/in


By Ajit K Dubey The Russia-Ukraine war has taught India to be prepared to fight conventional wars besides building capacity using indigenous weapon systems, said Army chief General Manoj Pande on Sunday soon after taking over his assignment.

In an exclusive with ANI after assuming the office of the Chief of Army Staff, Gen Pande said, “The ongoing Russia-Ukraine war has taught the Indian Army that it should be prepared to fight conventional wars too and that capacity should be built using indigenous weapon systems. The ongoing conflict has brought out that the conventional wars are there to stay and we need to continue to focus on our capability development to fight a conventional war.” Citing the use of modern technology in the over two-month-long conflict between the two countries, the Army Chief stressed on the continuation of India’s focus on capability development to fight a conventional war.

“In over two months-long conflict going on between Russia and Ukraine, we have seen the use of artillery guns, tanks, air defence guns and anti-tank guided missiles drones and counter-drone systems. What we need to derive from it is that we need to continue to focus on capability development to fight a conventional war… We need to rely on our indigenous weapon systems and equipment & develop that capacity,” the Army Chief said. Talking about the dimensions of war in the modern era exposed by the Russia-Ukraine war, Gen Pande said that it has brought to the fore the “importance of non-kinetic means of warfare, such as information and cyber warfare”.

“To that extent, we are aligned with self-reliance and Make In India initiatives. We need to build our capabilities as we prepare ourselves for future conflict,” the Army Chief added. (ANI)

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)

Source…

Scientific advance leads to a new tool in the fight against hackers

/in


Scientific advance leads to a new tool in the fight against hackers
Using the laws of quantum physics, the researchers developed a new security protocol that uses a person’s geographical location to guarantee that they are communicating with the right person. Position-based quantum encryption, as it is called, can be used to ensure that a person is speaking with an actual bank representative when the bank calls and asks a customer to make changes to their account. This is an artistic representation of the security protocol. Credit: Alex Bols, University of Copenhagen, The Quantum for Life Centre.

A new form of security identification could soon see the light of day and help us protect our data from hackers and cybercriminals. Quantum mathematicians at the University of Copenhagen have solved a mathematical riddle that allows for a person’s geographical location to be used as a personal ID that is secure against even the most advanced cyber attacks.

People have used codes and encryption to protect information from falling into the wrong hands for thousands of years. Today, encryption is widely used to protect our digital activity from hackers and cybercriminals who assume false identities and exploit the internet and our increasing number of digital devices to steal from us.

As such, there is an ever-growing need for new security measures to detect hackers posing as our banks or other trusted institutions. Within this realm, researchers from the University of Copenhagen’s Department of Mathematical Sciences have just made a giant leap.

“There is a constant battle in cryptography between those who want to protect information and those seeking to crack it. New security keys are being developed and later broken and so the cycle continues. Until, that is, a completely different type of key has been found,” says Professor Matthias Christandl.

For nearly twenty years, researchers around the world have been trying to solve the riddle of how to securely determine a person’s geographical location and use it as a secure ID. Until now, this had not been possible by way of…

Source…