Tag Archive for: threaten

Cyberattacks threaten global security | ASU News

/in


December 1, 2022

Director of US National Security Agency discusses cyber warfare at ASU event

The United States is engaged in a quiet but potentially devastating intelligence, cyber and information war, with the greatest threats to national security coming from China, Russia, Iran and North Korea. 

That was the topic of a webinar on “Confronting Current and Future Cybersecurity Threats,” hosted Wednesday by Arizona State University’s Center on the Future of War.

“As you think about what computers have evolved to these days, they’ve gotten so much more entwined in everything we do — whether it’s the information on our computer desktop all the way out to the military’s weapons,” said Rob Joyce, director of the U.S. National Security Agency’s cybersecurity directorate.

Part of the mission of the agency is to partner with allies, private industry and academics to strengthen awareness and collaboration, and advance the state of cybersecurity.

Joyce was joined by retired Lt. Gen. Robert Schmidle, professor of practice in the Center on the Future of War and School of Politics and Global Studies, and Daniel Rothenberg, a professor of practice in the School of Politics and Global Studies and co-director of the Center on the Future of War.

Rosenberg asked if a devastating and fundamentally destabilizing cyberattack is imminent and inevitable in American society.

“Yeah it is,” said Joyce, citing the 2021 ransomware attack on the Colonial Pipeline, which was caused by one compromised password that led to major fuel shortages.  

“So, it is not unimaginable.” 

Beyond government computers

A cyberattack on the U.S. government would be far-reaching, going beyond its official web of networks to thousands of partner companies, defense contractors, subcontractors and more.  

According to Joyce, the ecosystem consists of 30,000 cleared companies that work as subcontractors and 300,000 companies that feed into the defense department. It is an enormous amount of tech surface that adversaries can get into in order to steal information, manipulate data and more.

“So we were…

Source…

Jacksonville mom ‘didn’t know son’s Xbox could connect to social media’ after he threaten day care shooting, police say

/in


JACKSONVILLE, Fla. – A Jacksonville teenager was arrested Friday after police said he threatened to shoot up a daycare center in San Marco. Investigators said he posted the threat on a gaming chatroom using his Xbox.

After police spoke to the teenager’s mother about what her son did, she told police she had no idea her son could use his gaming system to communicate on social media.

To many parents, an Xbox is just a gaming system. But in reality, the Xbox is a computer much like a desktop hard drive.

An Xbox is a gaming system that can be linked to the internet to download games and movies, and even connect to social media. This was evident when Jacksonville police showed up at an apartment inside this Northside complex and arrested a 15-year-old boy.

Related: Jacksonville teen used Xbox to threaten day care shooting, police say

Ad

That’s when the boy’s mother told police she had no idea her son’s gaming console could connect to social media.

News4JAX spoke with cyber security expert Chris Hamer who said this should be a wake-up call for all parents who are not computer savvy.

“Parents need to be aware that these consoles are fully-fledged computers with the capacity of surfing the internet and communicating in both directions,” Hamer said. “That issue is if you leave your child alone with an Xbox or PlayStation, not only can they present a credible threat to the outside world but they can also be groomed by people who deliberately go into the chatroom, game rooms, and the lobbies for these different programs to find their next victim.”

So in addition to monitoring your child’s activity on the home computer or smartphone — parents are being urged to monitor their kids’ activities on gaming consoles.

Hamer said while parents may not be too computer savvy, kids who are caught posting threats online are also not as computer savvy as they may think.

Ad

“The individuals that are making less than intelligent decisions as to their activities online may or may not be aware that their IP addresses can be tracked right to their provider and thus to their house,” Hamer said.

One tip parents should know is that it doesn’t matter if you’re using a home computer, a cell…

Source…

Insecure APIs Threaten Mobile App Security – What To Do

/in


For most mobile apps, it’s not much of an exaggeration to describe them as a collection of APIs all tied together with a wrapper.

 

In fact, without connectivity, many mobile apps can’t function at all, because they depend on APIs to connect to back-end services. And that’s a big problem for developers, because, unfortunately, these APIs are frequently insecure — even in very sensitive apps.

 

A study of banking, fintech and cryptocurrency exchanges found that practically every single one of the mobile apps researchers reverse engineered contained hardcoded API keys and tokens. The exact number was a whopping 99%!  This includes usernames and passwords to third-party services.  

 

Worse yet: All the APIs tested had vulnerabilities that enabled researchers to change PIN codes and transfer funds in and out of accounts. And if apps that control end-users’ money are this insecure, the situation is not going to be any better for apps that work with far less sensitive data and assets than people’s bank accounts.

 

Certainly, cybercriminals are paying attention.

 

By this year in 2022,Gartner predicts APIs will become the largest attack vector. It stands to reason. API keys in mobile apps and code repositories provide hackers with the means they need to attack back-end servers and access valuable assets, such as customer accounts and production servers.

 

But securing APIs is not simply a matter of willpower. Developers haven’t neglected API security because they are lazy or unconcerned. API security is complex, difficult and time-consuming. It requires highly specialized skills that are in short supply. And while much of the DevOps cycle is automated, mobile API security implementation is largely manual.

 

Simply put, in the aggressive mobile app marketplace, publishers must churn out new apps and features at a rapid pace to remain competitive. Implementing strong API security would substantially extend development cycles and break budgets.

 

A recent global survey of 10,000 mobile consumers found that a solid majority (63%) value security and malware protection of equal or even greater importance than they do features.  This shows…

Source…

Cyberattacks to critical infrastructure threaten our safety and well-being

/in


What would happen if you could no longer use the technological systems that you rely on every day? I’m not talking about your smart phone or laptop computer, but all those systems many of us often take for granted and don’t think about.

What if you could not turn on the lights or power your refrigerator? What if you could not get through to emergency services when you dial 911? What if you could not access your bank account, get safe drinking water or even flush your toilet?

According to Canada’s National Strategy for Critical Infrastructure, critical infrastructure refers to the processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of the public and the effective functioning of government.

Disruptions to these kinds of systems, especially those caused by cyberattacks, can have devastating consequences. That’s why these systems are called critical infrastructure.

A string of attacks

Over the past six months, the fragility of critical infrastructure has been given plenty of attention. This has been driven by a string of notable cyberattacks on several critical infrastructure sectors.

It was revealed that in late March 2021, CNA Financial Corp., one of the largest insurance companies in the United States was victim to a ransomware attack. As a result, the company faced disruptions of their systems and networks.

In May 2021, a ransomware attack on Colonial Pipeline halted plant operations for six days. The attack led to a fuel crisis and increased prices in the eastern U.S.

MSNBC looks at the cybersecurity concerns raised by the attack on Colonial Pipeline.

Weeks later, in June 2021, a ransomware attack hit JBS USA Holdings, Inc., one of the world’s largest meat producers. This attack brought about supply chain turmoil in Canada, the U.S. and Australia.

Also in June 2021, the Martha’s Vineyard and Nantucket Steamship Authority was victim of a ransomware attack that disrupted ferry services and caused service delays.

Fragile infrastructures

On Oct. 14, 2021, hot on the heels of cyberattacks targeting…

Source…