Welcome to this week’s security review, which includes a retrospective on Dorkbot, a reminder on why it’s important to invest in encryption, how buildings are at risk of cyberattacks and Australia’s major commitment to cybersecurity.
Dorkbot: 5 years since detection
Five years on from its first detection, Dorkbot is still active, infecting computers all over the world. WeLiveSecurity looked back at its history, examining how it spread from Latin America to the rest of the globe. The piece also highlighted the important work done by ESET as part of an international team of cyber experts, which led to the disruption of its infrastructure.
Encrypt - or face a huge fine
ESET’s Peter Stancik reported on new guidance that was released by the Information Commissioner’s Office (ICO) on encryption. He highlighted that while encryption of data isn’t mandatory, it’s something that all organizations should seriously consider. The ICO will, for example, fine organizations that do not appropriately safeguard sensitive information.
Buildings at risk of cyberattacks
The vulnerabilities of buildings to cyberattacks was discussed, with the BBC reporting that they are increasingly at risk. This is because smart and connected buildings – which includes churches, hospitals and research facilities – are not as secure as they should be. “We saw systems installed with default passwords where it would be a trivial exercise for someone remotely to gain access,” one expert told the broadcaster.
Australia launches major cybersecurity strategy
The Australian government announced a major cyber investment of $230 million, as it set out its vision to tackle this growing threat. Its strategy includes strengthening cyber defences and establishing global partnerships to clampdown on safe havens for cybercriminals. Australia’s prime minister Malcolm Turnbull said: “This new structure will ensure cybersecurity is given the attention it demands in an age where cyber opportunities and threats must be considered together.”
2FA coming to PlayStation Network
After a Twitter user highlighted a two-factor authentication (2FA) request on his PlayStation Network account, there was online buzz about whether this security measure was indeed coming. Sony later confirmed this, with a representative stating that it will be rolling out the feature. No date has been given, but news of this has been welcomed by the security industry.
SMS phishing attackers continue to pursue Apple users
Independent security analyst Graham Cluley followed up on his story about cybercriminals “spamming out SMS messages” that were alleged to come from Apple by revealing that identity thieves are continuing to pursue the tech giant’s customers. He said: “If you’re not careful, you’ll soon have handed the criminals your full name, date of birth, address [and] payment card details (including security code).”
