Stay in the know with “The week in cybersecurity news,” a weekly report on all the industry headlines released every Friday. Sign up to get the report in your inbox every week.
Report: Crypto Mining Malware Now Outpacing Ransomware
Cryptojacking — the act of hijacking a computer’s processing power for cryptocurrency mining — is now more popular among cybercriminals than ransomware. That’s according to a report from Skybox Security.
In the company’s mid-year update, Skybox Security says crypto mining applications now make up 32% of all cyberattacks.
What you need to know:
-
Cryptojacking occurs when a malicious actor hides code on a website or application to harness the computing power of victims’ devices. The malware can infect cloud infrastructure and compromise entire networks.
-
Individual victims may notice that their device is running much slower than normal. Higher energy costs for an organization can be a sign of a compromised network.
-
Anti-virus software currently doesn’t offer endpoint detection for cryptojacking, and the malware is often designed to subvert standard detection mechanisms.
Read the story on the report at Coindesk.
Survey: Majority of organizations expect cyber threats and data breaches to increase in coming year
63% of respondents from organizations expect to see a rise in cyber threats and data breaches over the coming year. That statistic is according to a 2018 survey of organizations by data analytics firm FICO and research company Ovum.
According to the survey, 80% of organizations in financial services and 80% of retail and ecommerce businesses are expecting an increase in threats in the next year.
The majority of these organizations are expected to increase their cybersecurity budgets accordingly too, with 64% of respondents reporting higher levels of investment over the coming year. Other survey highlights include:
-
76% of US-based organizations report having cyber-risk insurance,
-
68% of organizations report having an above average cybersecurity posture
-
Less than one-third of organizations understand security risks posed by third-party businesses.
-
81% of organizations see internal risks — from employees — as being higher than external risks from third-party businesses and contractors.
Risks of enterprise blockchain tech include implementation and human errors, and compromised smart contracts
CSO published the list “5 ways to hack blockchain in the enterprise” this week. According to the blog, the five greatest risks include:
-
Human error. Mistakes with blockchain are often impossible to undo. In an organization, an inability to undo mistakes is not ideal.
-
The 51 percent attack. A malicious actor can compromise the entire system by taking control over the majority of nodes. In an enterprise this may be easy to do when a network is small, and the nodes often have the same security measures in place.
-
Implementation errors. Blockchain is new and we have yet to uncover vulnerabilities of common code being used for implementation.
-
Compromised smart contracts. While self-executing contracts are attractive to the enterprise, mistakes in code are almost impossible to undo once they’re implemented.
-
Undetected blockchain vulnerabilities. The technology is so new that a platform doesn’t exist for finding and reporting vulnerabilities in non-cryptocurrency related blockchain. This increases the likelihood of an organization implementing systems with vulnerabilities.
Read the list with full detail here.
Blockchain hacks: 5 mistakes to learn from include CoinDash and Parity
A central theme in the previously mentioned list, “5 ways to hack blockchain in the enterprise,” is that blockchain technology is so new that many specific vulnerabilities or risks have yet to be uncovered. That doesn’t mean there aren’t company mistakes to learn from and avoid today.
Read about these mistakes in the blockchain hacks blog from Stratus.
Industry experts express concern over security of digital 2020 census
The US Census Bureau plans to use digital questionnaires for the 2020 census, and this fact has government cybersecurity experts concerned.
Eleven former government cybersecurity employees have demanded that the Census Bureau release its security plans so that Americans can understand how their data will be collected and secured. They’re also demanding that the Census Bureau’s plan be audited by an outside cybersecurity firm.
Experts cited concerns that the data is a hacking risk because the census information is used to determine how House seats and electoral college votes are allocated.
Read the full story from Time magazine here.
Three top cybersecurity officials retire from FBI as US faces ‘unprecedented cyberthreat’
The Wall Street Journal reported that three top cybersecurity officials are retiring from the Federal Bureau of Investigation.
According to the article, the departures come at a time when “senior US intelligence officials warn that the country is at a ‘critical point’ facing unprecedented cyberthreats.”
Officials leaving include:
-
Scott Smith, the assistant FBI director oversees the Bureau’s cyber division;
-
David Resch, executive assistant director of the FBI’s criminal, cyber, response and services branch; and
-
Carl Ghattas, executive assistant director of the bureau’s national security branch.