From the Middle East to China, Pegasus spyware revelations show the spread of hacking as a service

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

The line that separates cyber defence from cyber mercenaries is easily blurred, and China presents a challenge for regulating private espionage.


Cyber Daily: Security Chiefs See Bigger Paychecks Amid Rise in Hacking Threats

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Good morning. Corporate cyber chiefs’ salaries are growing amid an uptick in hacking threats and a dearth of experienced executives, WSJ Pro’s Catherine Stupp reports.

Also today: Biden’s new directive on cyber safeguards for critical infrastructure; more details on the TSA’s pipeline rules; a tool for shaming hackable websites; and cyber startups going gangbusters.

High Demand

Cha-ching: Demand for experienced cyber executives has pushed the average salary for chief information security officers to new heights.

CISOs in the U.S. earned a median salary of $509,000 this year, compared with $473,000 in 2020, according to a new survey of 354 CISOs, published Thursday by executive search firm

Heidrick & Struggles International Inc.

Total compensation, including equity grants and bonuses, rose to $936,000 from $784,000 in 2020.

High-profile ransomware attacks have caused corporate executives and boards to focus more on cybersecurity over the past year, said Omar Khawaja, CISO at Pittsburgh-based Highmark Health.

“There’s a very tangible and direct business disruption,” he said. “It’s hard to ignore.”

Read the full story.

More Cyber News

Biden urges critical infrastructure to beef up cyber safeguards. The White House directed federal agencies to develop voluntary security goals by September for companies that operate critical infrastructure, such as financial services or electric utilities. At least four successive administrations have pursued such a voluntary strategy for ensuring cyber readiness. But senior officials say the directive could be a precursor to the Biden administration issuing mandatory standards for such firms. (WSJ)

Read the full directive from the White House here.

TSA official details second pipeline security directive. The rules, which have not been publicly released, cover technical areas such as the separation of operational and information-technology systems, Administrator David Pekoske told the Senate Commerce Committee Tuesday. Mr. Pekoske said the directive would also require reviews of how…


Saab Australia cyber security | keeping your information safe

Hacking Tool Downloads Jump in First Half of 2021

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

The hacking tools in wide circulation are surprisingly capable.

A new HP report shows a 65% increase in the use of hacking tools downloaded from underground forums and filesharing websites during the first half of 2021 compared to the second half of 2020.

The HP report also shows a significant increase in the frequency and sophistication of cybercrime activity. The data was gathered within HP Wolf Security customer virtual machines during the first half of this year.

The hacking tools in wide circulation are surprisingly capable, according to HP. For example, one tool can solve CAPTCHA challenges to perform credential stuffing attacks against websites.

More broadly, the report found cybercrime is more organized than ever. Underground forums provide a perfect platform for threat actors to collaborate and share attack tactics, techniques and procedures.

Surprisingly Low Detection

HP's Alex Holland

HP’s Alex Holland

Alex Holland is senior malware analyst at HP.

“One of the more surprising findings was seeing how effective obfuscation can be at evading traditional detection technologies,” he said. “In March, we investigated a multi-stage obfuscated Visual Basic Script malware campaign that targeted senior business executives. An initial malicious script was used by the attacker to establish persistence on the victim’s computer and deliver secondary stages of malware. What surprised us was the low detection rate of the malware, with only 21% of antivirus scanners on VirusTotal detecting it as malicious at the time.”

The increase in hacking tool downloads likely points to growing attacker intent and capability, Holland said.

“The cybercrime ecosystem today is driven by ransomware affiliates, who have created demand for specialized services needed to conduct successful attacks, such as initial access to networks and malware distribution,” he said. “We believe this demand is having the effect of encouraging more financially-motivated criminals into cybercrime, feeding into increased levels of attacker desire and the expectation that attacks will succeed.”

Notable Threats

Among key findings in the HP report:

  • Cybercriminal collaboration is opening the door to bigger attacks…