ICYMI: The security blame-game, Cyber Monday, DDoS attacks & Sony's breach

This week's In Case You Missed It looks at the five most popular articles on SC, including the launch of a new cyber-security degree, new ATM malware and Sony's latest data breach.

ICYMI: The security blame-game, Cyber Monday, DDoS attacks & Sony's breach
ICYMI: The security blame-game, Cyber Monday, DDoS attacks & Sony's breach

National MBA in cyber-security launched today

It's little over a year since it was first mooted, but the National MBA in Cyber Security from Coventry University Business School launched late last week at a House of Commons event addressed by shadow business minister Chi Onwurah MP, with support from both the prime minister and leader of the opposition - and the first students are starting courses in January 2015.

DNS provider hit by 'massive' DDoS attack on Cyber Monday

Florida-based DNSimple was hit by a ‘massive' DDoS attack, believed to be the work of Chinese hackers, on Cyber Monday.

The company's DDoS defences were overcome by the sheer volume of UDP traffic, and the firm worked with its network provider to respond, including increasing the service capacity.

Most servers at data centres were fully operational again briefly on Tuesday morning, only for attackers to return to target the US West Coast data centre before ‘ramping' up DDoS attacks internationally. But the firm finally had everything back to normal at 08:17 UTC (08:17 GMT) on Tuesday. The full details of the incident can be seen here.

Information security: 'Not my problem'

Information security is always someone else's problem, according to senior non-IT executives in a survey commissioned by NTT Com Security.

The global risk: value' report revealed that 19 percent think there would be no significant impact on their revenue from a data breach, and 28 percent admit that they do not know what the financial implications would be.

"There is still a high level of misunderstanding, indifference and complacency, and failure to rank information security as a critical risk," said the firm's CEO Simon Church.

The figures were based on the views of 800 business decision-makers (not in an IT role) in the UK, Australia, France, Germany, Hong Kong, Norway, Sweden and the US.

Sony hires Mandiant after huge cyber-attack

US film and TV company Sony Pictures Entertainment reportedly hired FireEye's Mandiant forensics team to clean up the damage from last week's cyber-attack - the full details of which are still emerging.

Reuters reports that the information came from “three people with knowledge of the matter”, with one of these adding that the US Federal Bureau of Investigation (FBI) is now investigating the incident. Technicians are repairing the damage to the network and expect to have the email systems back online later today, according to the sources.

Last Monday, the company has hit by a blackmailing hacker attack which saw the attackers shut down IT systems and hijack Twitter accounts, while confidential documents and passwords were also thought to have been stolen and films leaked pre-launch. 

More recent information suggests that North Korea was behind the attack - although it has denied it, and some security experts also say this is not the case. In what is said to have been one of the biggest data breaches in recent times, five unreleased Sony-made films were leaked onto file-sharing websites, while thousands of employee records were also compromised.

New malware hits ATM and electronic ticketing machines

Both ATMs and electronic ticketing machines are facing further hacks as fraudsters focus on inadequately defended environments.

European cyber-criminals have created new ‘Daredevil' malware that explicitly targets electronic ticketing machines and kiosks such as those found in train stations.

And in another leap by the bad guys, users of European bank ATM machines are being hit by a new, almost invisible ‘wiretapping' device which eavesdrops on the customer's cash transaction.

Other stories you should read this week...

GCHQ does not breach human rights, judges rule (BBC)

Three Envelopes, One CISO (Thom Langford's blog)

Single Sign-on vulnerabilities (Cryptome)

Deathring: Pre-loaded malware hits smartphones for second time in 2014 (Lookout)

Corporations Misusing Our Data (Bruce Schneier's blog)

SC Webcasts UK

Sign up to our newsletters

FOLLOW US