This week’s roundup of the past seven days includes a interesting piece on Industrie 4.0, Schrödinger’s antivirus, proposals to weaken encryption and much more.
The past seven days in security in one handy place. Welcome to the second installment of the security review.
The smartization of industry and its security challenges
We Live Security’s editor-in-chief, Raphael Labaca Castro, discussed the German idea of Industrie 4.0 and the security implications that are associated with what is “the fourth step into the industrial revolution”. Mr. Labaca Castro explained that the concept, which has been described as a “favourite theme” of chancellor Angela Merkel, is about the “smartization” of industry. While this development offers a lot of potential, there are, as a result of the greater interconnectedness of technology, plenty of security risks, which the author said needs addressing.
Schrödinger’s Cat gets an antivirus complex
For many, many years now, the security industry has been debating the so-called “death of antivirus”, with naysayers often proclaiming this to be not just inevitable but a bona fide fact. ESET’s distinguished researcher, Aryeh Goretsky, argued otherwise, stating in a lively piece that, far from it, antivirus – also referred to as antimalware – has gone from strength to strength. He said: “Just as the threats and threat actors have changed, antimalware software has had to reinvent itself numerous times over the years to face these new adversaries.”
UK government sets out its ambition to see encryption weakened
The UK government finally published a draft version of its highly controversial Investigatory Powers Bill, which has been dubbed the Snooper’s Charter by critics in the media. One of the most contentious issues for some is the proposal to limit end-to-end encryption with MPs highly critical of the design of this type of communication. Commenting on this on Twitter, Jimmy Wales, founder of Wikipedia, said: “I would like to see Apple refuse to sell iPhone in the UK if gov’t bans end-to-end encryption. Does Parliament dare to be stupid?”
Banks to be tested over their ability to respond to cyberattacks
“The financial sector should continue to build its resilience to cyberrisks and its capability to recover quickly. This requires strong governance at the most senior levels of banks.”
It was revealed that financial institutions in the UK and US are to be tested on their ability to successfully coordinate a transatlantic response to a cyberattack. CERT-UK, the UK’s national computer emergency response team, will put banks through their paces to ensure they have what it takes to stay operational in the face of increasingly sophisticated cybercriminals. News of this exercise, which is due to take place sometime this month, comes on the back of the governor of the Bank of England, Mark Carney, saying in July: “The financial sector should continue to build its resilience to cyberrisks and its capability to recover quickly. This requires strong governance at the most senior levels of banks.”
Crackas with Attitude hack into the email account of the FBI’s deputy director
Following reports in late October that teenagers broke into the personal email account of the director of the CIA, John Brennan, the alleged group behind the breach have claimed another high-profile victim: the FBI’s deputy director. Speaking to Motherboard, Crackas with Attitude, as they are known, said they had accessed Mark Giuliano’s personal email account. They added: “We didn’t target him for anything interesting, we targeted him because FBI are [sic] investigating us.” The bureau has yet to confirm whether the claim is genuine or not.
TalkTalk offers more details about the cyberattack it experienced
In its latest update on October’s cyberattack, TalkTalk revealed that the number of customers whose personal details were accessed stands at 156,959. Of these individuals, 15,656 had their bank account numbers and sort codes stolen. The company also said that only four per cent of its customers were affected. Commenting on this, security expert and We Live Security contributor, Graham Cluley, said: “The truth is that even if the data taken from TalkTalk’s database isn’t in itself enough to commit identity theft, it can be used by criminals to help them steal more information.”