The week in security: Cyber Monday threat looms; Australia sets data-collection standard

Australia is apparently setting the gold standard when it comes to aggregating personal information on its citizens, with the UK said to be using the controversial Australian data-retention regime as a model for its own legislation. There's no telling how that will be received by the US National Security Agency, which was arguing that its own online surveillance programs are legal and carefully scrutinised by other parts of the government.

Speaking of surveillance: Symantec revealed details of a new spyware tool called Regin, which it says has espionage features comparable to Flame and Stuxnet and may date back to 2006. Regin has been linked to attacks on Belgian telecommunications company Belgacom, and consensus about the “mysterious' malware was that it potentially had links with state-sponsored hacking.

A new study found that IT professionals are more confident than they should be that they know how to prevent security breaches. One professional who is definitely confident is the developer of a Web site that aggregated video feeds from unsecured Web cams, who is now looking for work as a remote programmer.

Many malware authors aren't waiting for legitimate jobs, though, but rather prefer to pretend they already have one: an Italian group called Hacking Team, for example, has disguised surveillance malware as a bookmark management application called Linkman. There's no telling whether they will face the same penalties as a European company producing a spyware app called StealthGenie, which was fined $US500,000 for selling its software to US consumers.

In many other cases, the software and hardware out there is doing the job for the malware authors: cheap Android tablets, for example, are often plagued with dangerous and hidden security flaws, while a commonly used Linux command has been found to have its own potentially problematic consequences.

Even as the Australian government announced a complete review of its cyber-security protections, European Union regulators were weighing up potential restrictions on a data-sharing agreement with Canada that might have repercussions on a similar deal between Australia and the US. Yet despite no less than the UN calling for protection of the right to privacy, the high-level concern over privacy doesn't necessarily trickle down, with one survey suggesting that US Internet users have a limited understanding of Internet privacy.

One organisation that was getting a completely new understanding of Internet privacy was US retail giant Home Depot, which revealed that its prior data breach had cost $US43 million ($A51 million) to deal with in the third quarter of this year alone. Authorities were warning for other retail scams on Cyber Monday, when a surge of online shopping raises the incidence of online fraud. As if on cue, researchers detected a new point-of-sale malware family and found that cybercriminals are using POS malware to also infect ticket vending machines and electronic kiosks.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt @simplenomad Register today