The week in security: Cybercrime pays off for hackers as Mirai compromises European Internet

Cybersecurity attacks continued to cause problems en masse, with San Francisco’s Muni public-transport system hit by ransomware, although Muni denied that server data had been hit in the compromise. Japan’s government forced to deny a report that a secure defence network had been hacked earlier in the year, while Saudi government agencies were hit with data-wiping malware and medical researchers were warning that implantable medical devices can be hacked to harm patients.

Also creating problems was an outage of a million German broadband customer, which was blamed on ‘external influence’ that was later clarified as being a new version of the notorious Mirai botnet – which was soon credited with infecting devices in at least 10 countries.

This, as the business-focused Cyber in Business conference hit Melbourne, highlighting cybersecurity’s increasingly business-focused risks to an audience that has become acutely aware of the potential issues that a hack can cause. Witness insurance-comparison giant iSelect, which shared its experiences preparing for and executing a move to a managed security services environment.

An audit of security software found it to be far less secure than users might assume, with industry collaboration pegged as one of many possible remedies that will help fill in the gaps in enterprise cybersecurity defences.

Authorities dismantled the major Avalanche cybercrime network, shutting down around 830,000 domains used to control massive volumes of ransomware infections.

Machine learning was rearing its head in the cybersecurity arena as AI technology shows new promise and criminals embrace it to drive credit card-guessing efforts and to outsmart staff – who are, a new study found, largely ignoring the cybersecurity training they’re getting.

Poor preparation for this year’s online census was detailed in excruciating detail in the government’s official review of the event. Interestingly, a census of a different kind found that most cybercriminals are earning from $US1000 ($A1350) to $US3000 ($A4060) per month from their activities – but that 1 in 5 is earning more than $US20,000 ($A27,000) per month.

New Android malware stole access to more than 1 million Google accounts in order to boost the ratings of certain apps in Google Play. This, as revelations of a poor encryption implementation in a popular remote-management app exposed millions of Android users to hacking.

IBM was warning of a surge in cyberattacks on VoIP protocols, even as a survey found that only 6 percent of businesses were using DMARC email authentication and only 1.5 percent of those businesses enforced it.

Researchers claimed to have found a way to bypass the activation lock protecting iOS devices, which kicks in to protect iPhones and iPads marked as lost by their owners. This is rather farther than the protections around iCloud security codes, which can be recovered if you get locked out after entering the wrong code too many times.

US legislators were readying a last-minute push to kerb the hacking power of US law-enforcement agencies, which are on the cusp of being authorised to hack into remote computers during criminal investigations; the effort ultimately failed. A new study warned of the human-rights risks from forcing Internet companies to censor online terrorism-related content, while there was a call from academics and information-security experts to do something about Russian hacking – even as Russia claimed it had foiled a “large-scale” cyber attack from a foreign intelligence service.