The week in security: Australian industries vulnerable to hacking: “We are all Ukraine”
- 25 November, 2019 16:00
Just days after its launch, the Disney+ streaming service was breached and massive numbers of user passwords compromised. It’s a reminder of the importance of using unique passwords.
Add another industry to the list of those breached by increasingly determined hackers – with mining another high-profile disaster in the waiting, according to a new analysis that found old habits die very hard in the resources sector.
Some banking players aren’t much better, as one case study confirms.
Ditto education, where the sustained attacks on Australia’s education sector show the particular weaknesses that are contributing to a particularly high success rate for bloody-minded hackers.
Yet even where companies have proven their compliance with security best practice, that doesn’t mean they will always continue to be great, as a review of PCI DSS practice confirmed in concerning detail.
Little wonder Australian businesses are slower to detect breaches than their counterparts in other countries – but everybody, a new analysis concludes, is still taking way too long.
The problem is only getting worse as the barbarians truly are pounding at the gates, according to a New Zealand government report that suggests more than a third of cyber attacks are the work of state-sponsored hackers.
Consider Russia’s Sandworm, a hacking group whose reach and flexibility are showing that “we are all Ukraine” online.
Australia is struggling from breach fatigue, and Fighting this type of threat means getting better visibility – but TLS traffic inspection, the NSA has warned, requires doing it once and doing it well.
IBM took a punt in that direction, leveraging its Red Hat acquisition to release cloud-based security features to improve threat hunting.
Firefox was also improving its threat hunting, doubling the potential rewards in its bug-bounty program.
Speaking of bug bounties, Google followed Apple’s lead by boosting the cap for its potential payouts to $1.5m. All you have to do is figure out a sick hack of its Android Pixel phones.
You could do worse than starting with an analysis of the app overlay attacks used by the emerging Android malware called Ginp – which is proving that app overlay attacks can still be effective.
ELMO Software security leader Keith Marlow sees SaaS security as having two discrete sets of stakeholders.