Week in review: Evaluating AI-based cyber security systems, how CIA hit air-gapped computers

Here’s an overview of some of last week’s most interesting news and articles:

How the CIA gained access to air-gapped computers
A new WikiLeaks release of documents believed to have been stolen from the CIA show the intelligence agency’s capability to infect air-gapped computers and networks via booby-trapped USB sticks.

Hackers extorted a cool $1 million from South Korean web hosting provider
Whether through ransomware, or simply by breaking into computer systems and exfiltrating and deleting the data found on them with other means, cyber extortionists are going for the big fish: businesses.

Evaluating artificial intelligence and machine learning-based systems for cyber security
All indicators suggest that 2017 is shaping up to be the year of artificial intelligence and machine learning technology for cyber security. As with most trends in our industry, the available protection solutions range from elegantly-designed platforms to clumsily-arranged offerings. The big problem is that many enterprise security teams cannot always tell the difference.

Forget about the malware, go after attackers’ tactics, techniques and procedures
The cybercriminal’s options for monetizing attacks has never been broader, less complex, or less risky, and attempts to detect intrusions by detecting the malware they use has never been more pointless, a study commissioned by Arbor Networks has revealed.

Password Reset MITM: Exposing the need for better security choices
Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated.

Fostering a safe place for businesses to work in
Based on the growing technology trends, here are four examples of areas of vulnerability business are facing today and some common practices that can be put in place to avoid attacks.

Security startup confessions: Attending industry events
Kai Roer, a co-founder of a European security startup, shares his experiences with attending industry events.

Privacy, security concerns grow for wearables
According to a recent report by ABI Research, enterprise wearable camera shipments will reach nearly 24 million in 2022. Such a growth will have to be accompanied with ever increasing privacy and data protection measures.

As UK govt calls for encryption backdoors, EU lawmakers propose a ban on them
As the UK gets hit by terror attacks one after the other, the government’s cry for making sure terrorists and criminals can’t find “safe spaces” online has become a constant. Some European legislators, on the other hand, are asking for European citizens’ right to end-to-end encryption in all forms of digital communications – current and future – to be enshrined in law.

Largest US voter data leak shines light on many problems
If US citizens weren’t convinced by now that they have long lost control of their data, the fact is more than obvious after a misconfigured database containing 198 million US voters was found leaking the information online.

Google’s whack-a-mole with Android adware continues
Why can’t Google put a stop to adware on their official Android app marketplace? The analysis by Trend Micro researchers of a Trojan Android ad library dubbed Xavier tells the story.

Internet crime: The continuing rise of the BEC scam
It is no wonder that BEC scams are so popular with criminals – on average, a BEC scam victim experiences around $30,000 of losses, while a confidence fraud/romance scam victim loses on average around $1,700.

Organizations still unclear on cloud security responsibility
Vanson Bourne surveyed 1,300 IT decision makers from organizations using public cloud Infrastructure as a Service (IaaS) from the Americas, Europe, Middle East and Africa (EMEA), and from Asia Pacific (APAC).

Businesses finally realize that cyber defenses must evolve
Cybersecurity is finally getting the attention it deserves – it is only regrettable that this good news is the result of bad news: more numerous, complex, and damaging cyber attacks than ever before.

DLP APIs: The next frontier for Data Loss Prevention
In-app DLP is the next frontier for DLP because nothing knows better the data than the apps and services creating it.

Email scammers swindle US State Supreme Court judge out of $1 milion
If often happens to less prominent individuals, but this time it happened to a US State Supreme Court judge: scammers have managed trick her into wiring the money meant for buying an apartment to a bank account under their control.

Equipment already in space can be adapted for extremely secure data encryption
A satellite-based quantum-based encryption network would provide an extremely secure way to encrypt data sent over long distances. Developing such a system in just five years is an extremely fast timeline since most satellites require around 10 years of development.

Stack Clash bug could give root privileges to attackers on Unix, Linux systems
Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to develop patches since May.

Average data breach cost declines 10% globally
The average cost of a data breach is $3.62 million globally, a 10 percent decline from 2016 results. This is the first time since the global study was created that there has been an overall decrease in the cost.

New infosec products of the week​: June 23, 2017
A rundown of infosec products released last week.