Tag Archive for: CyberAttacks

Does the UK’s new smart device security law go far enough to prevent cyberattacks?

/in


Manufacturers will now have to follow tougher rules to sell smart devices in the UK after, what some consider, a long overdue law came into effect at the end of April.

In 2021, an investigation conducted by Which? consumer group discovered that a UK home filled with smart devices could be vulnerable to over 12,000 hacking attempts every week.

The law, known as the Product Security and Telecommunications Infrastructure act (PSTI act), has been described as “long overdue” by experts.

It is designed to ensure better security around devices such as smart doorbells, speakers, televisions, and other devices connected to the Internet, often called the Internet of Things (IoT).

The UK government said the “world first” law would provide “piece of mind” to consumers.

According to the Department for Science, Innovation and Technology, over half of UK households now own a smart TV, and more than half own a voice assistant, along with an average of nine other smart devices.

These devices can include anything from toys and game consoles to fridges and ovens.

Until recently, manufacturers had to follow security guidelines, but the new law adds three tougher requirements to meet:

Is the new law enough to fully secure smart devices?

Cybersecurity groups and experts have welcomed the new law, but some have raised concerns about its effectiveness in combatting the mass amount of rising threats.

Emma Christy, analyst in thematic intelligence at GlobalData, told Verdict that the law was a step in the right direction to strengthen the UK public’s resilience to cyberattacks.

“The new requirements help firms to protect consumers by mandating minimum standards, increasing transparency about the timing of security updates, and helping consumers to make more informed decisions when buying or using smart devices,” Christy said.

However, the question remains whether any fines are punitive enough to deter manufacturer non-compliance, Christy added.

Tim Callon, chief executive officer at cloud security company Sectigo, told VerdIct that despite the government’s steps to improve IoT cybersecurity, it has a long way to go.

“The UK government has taken steps to improve the security of unsafe IoT devices…

Source…

Shifting Targets of Cyberattacks from Governments to Big Tech

/in


  • In recent months, bad actors seem to be modifying their modus operandi. State-sponsored cyber attackers were expected to target governments primarily, particularly owing to growing global tensions; cyberattacks have increasingly shifted their focus toward big tech companies.
  • This shift highlights changes in the global geopolitical landscape and emphasizes the vital role of technology in modern society. Understanding the change and its implications is critical to devising and implementing effective strategies to minimize cyber threats.

The evolving threat landscape

Historically, cyber warfare has largely targeted government assets, with threat actors sabotaging sensitive data, critical infrastructure, and strategic assets. Cyber espionage and sabotage have often been conducted by state-sponsored actors whose objectives were primarily aligned with military, political, or economic gains. The Stuxnet worm, which is believed to be developed jointly by the United States and Israel, targeting Iran’s nuclear program, is one such example.

However, as technology has become increasingly intertwined with all aspects of modern life, the landscape of cyber threats has also experienced an evolution. Tech companies possess massive repositories of valuable information, including financial records, personal information, trade secrets and other intellectual property.

These businesses have become critical to the global economy and have a substantial influence on multiple areas of specialization. This makes them attractive targets for cybercriminals seeking geopolitical advantage, pushing ideological motives, or financial gain.

See More: 5 Serious Repercussions of Targeted Cyberattacks on Business Leaders

Factors that make tech companies a target

One of the key reasons behind the shift in targets is the value of the data held by big tech companies. With the rapid spread of cloud computing and digital services, companies like Facebook, Google, Microsoft and Amazon have collected massive volumes of data ranging from behavioral patterns and user preferences to proprietary algorithms and sensitive corporate data that have become a very lucrative target for cybercriminals.

In the last year…

Source…

FS-ISAC: Ransomware drives surge in cyberattacks in 2023

/in


Cybersecurity

Image by Pete Linforth from Pixabay

Cybersecurity threats in the Asia-Pacific (APAC) region surged by 15% in 2023, with ransomware attacks as the top driver for the increase, according to the latest report released by the Financial Services Information Sharing and Analysis Center (FS-ISAC). 

The findings, drawn from FS-ISAC’s network of member financial firms from 75 countries, underscore the growing sophistication of cyber threats faced by businesses. Ransomware attacks continue to wreak havoc, ranking as the fourth most common threat to the financial sector in the APAC region.

Based on FS-ISAC’s data, there is an average of 1,963 attacks per week and organizations in the region found themselves increasingly targeted by cybercriminals in 2023. The report, titled “Navigating Cyber 2024,” warns that this pattern is expected to persist in 2024, aligning with global trends in cybercrime.

READ:
Report: 11% of DDoS attacks in APAC target financial institutions
Report: The cyber threats that matter to financial institutions

“Each year, a new set of threats comes to light, requiring the financial services sector’s mitigation strategies to advance at an equal if not faster pace than threat actors’ tactics,” said Steven Silberstein, CEO of FS-ISAC.

Emerging threats

The report highlighted the evolving tactics, techniques, and procedures (TTPs) employed by threat actors, including social engineering, SEO poisoning, malvertising, and QR code phishing. The use of generative artificial intelligence (GenAI) by cybercriminals is also identified as a growing concern, enabling scale and automation in attacks while posing challenges for defense mechanisms.

The emerging threats that pose challenges to the financial sector’s cybersecurity posture include heightened geopolitical hacktivism, new extortion tactics in response to global regulations, challenges posed by quantum computing and AI advancements, and vulnerabilities in the supply chain.

 “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global…

Source…

China linked to UK cyber-attacks on voter data, Dowden to say

/in


  • By James Gregory & Iain Watson, political correspondent
  • BBC News

Image caption,

Deputy Prime Minister Oliver Dowden is expected to address MPs on the threat

The UK government is expected to link cyber-attacks which accessed personal details of millions of voters to China.

The attacks on the Electoral Commission took place in August 2021 but were only revealed last year.

Several MPs and peers who have been critical of Beijing are thought to have also been targeted in cyber-attacks.

The prime minister called China “the greatest state-based challenge to our national security”.

Rishi Sunak said: “China represents an economic threat to our security and an epoch-defining challenge.

“So it is right we take steps to protect ourselves.”

The BBC understands other Western nations will set out similar concerns.

Acknowledging the attacks last August, the Electoral Commission said unspecified “hostile actors” had gained access to copies of the electoral registers and broken into its emails and “control systems”, but added that it had neither had any impact on any elections nor anyone’s registration status.

The commission said last August that they weren’t able to predict exactly how many people could be affected, but that the register for each year contained the details of around 40 million people.

Deputy Prime Minister Oliver Dowden will address Parliament on Monday about the threat.

It is now thought that Mr Dowden will suggest those behind the attack had links to Beijing, as well as laying out how the UK will respond to what it deems a wider threat.

Publicly identifying the attackers lays the groundwork for potential legal and political actions, such as sanctions or diplomatic protests.

Linking the attackers to China, a fellow member of the UN Security Council, would be an escalation in the diplomatic tension between the two countries.

The prime minister then was David Cameron, who is now the foreign secretary after taking a seat in the House of Lords last year.

China’s foreign ministry spokesperson Lin Jian said the government cracked down and punished all types of malicious cyber activities.

He called on all parties to “stop spreading false information and…

Source…