The Daily Roundup
Most Notable Info
Smart refrigerators, smart ovens, and smart washing machines could be making their way into our homes soon. LG is launching a line of new smart “HomeChat” appliances in South Korea that allow owners to use their smartphones to communicate with their appliances.
The refrigerators take pictures of what is inside, so in case you forgot to make a list before heading out to the grocery store, just check the latest picture and see what’s missing! The appliance can also keep track of when food will go bad. The smart washing machines can be remotely activated and interacted with through texting, and your oven can tell you what to make for dinner. So, so, so fancy! It's like a real version of The Brave Little Toaster!
It would obviously be silly to just write about smart appliances that could potentially make home-life easier… obviously. So, here’s the cybersecurity part; there is definitely risk involved when devices catalogue and store information about your life. LG is going to need to invest in high security standards and procedures with any appliance that collects customer information. They are also going to have to explain and ensure the security of each product to their customers, because everyone has the right to keep the type of milk they drink a secret.
On to the daily roundup...
IT – Gravity 49, Risk 49
British intelligence service MI5 warned corporate leaders that foreign spies are recruiting IT employees to steal classified information. "Even the most junior IT employees can be highly coveted intelligence assets thanks to their often wide-ranging network privileges." The same obviously applies in the U.S., as well. goo.gl/oVrKQx
Top Targets: Data- Dropbox files
CONSUMER GOODS – Gravity 23, Risk 27
LG's new HomeChat appliances use cameras, language processing, and texting to convey information to their owners and respond to instructions. The appliances are currently only available in Korea, but the rollout is a beta test of sorts to test the concept and gauge customer interest. And to see how nightmarish security will be.goo.gl/wjjSTu
Top Targets: Social Media Accounts- @WSJD
GOVERNMENT – Gravity 15, Risk 18
A Colombian prosecutor says that a cyber spy sought to undermine peace talks between the Colombian President and leftists rebels. The hacker intercepted emails to undermine the process. Earlier, authorities broke up another illegal military intelligence cyber spying unit that targeted government negotiators and journalists. goo.gl/M7rB9h
Top Targets:Communities- Compton citizens
OTHER ORGANIZATIONS – Gravity 9, Risk 15
A Florida teenager is being charged with multiple felonies for hacking into his Miami high school's computer system and changing the grades of himself and four other students.bit.ly/1lOAvgp
Top Targets: Email Accounts- Naoki Hiroshima's GoDaddy accounts
HEALTHCARE – Gravity 2, Risk 6
Larsen Dental Care in Idaho is reporting a data breach affecting an unspecified number of patients after an external hard drive was stolen from an employee's car. It contains information such as name, address, date of birth, email address, phone number, dental record, health insurance ID number and Social Security number. goo.gl/FzJFx5
Top Targets: Private Networks- The World Health Organization computer systems
FINANCIALS – Gravity 2, Risk 4
A recent federal organization, National Incident Response Team (NIRT) came to light as a defense against cyber intruders for the federal computer network systems as well as the Fedwire Funds Service and central banking systems. The organization is like James Bond of the financial cybersecurity sector. atfp.co/1mTvWkx
Top Targets: Financial Networks- Swiss banks network
TELECOM – Gravity 1, Risk 3
The French Telecom company, Orange, released a statement this week stating they were hit by a massive data theft. The theft could affect over 1.3 million subscribers and this comes only a few months after the company had over 800,000 customer records stolen in another data theft. bit.ly/Qe3ePm
Top Targets: Desktop/Laptops- Bt Group Plc clients' computers
INDUSTRIALS – Gravity 0, Risk 1
IBM announced new enterprise products and services to address data breaches, APT, and zero-day attacks. The new product dubbed IBM Threat Protection System uses security intelligence and behavioral analytics to prevent attacks, claims IBM. IBM also launched a consulting service that helps companies with data security. goo.gl/2PrfxZ
Top Targets: Industrial Equipment- Traffic signals
UTILITIES – Gravity 0, Risk 0
Booz Allen Hamilton has issued a set of best practices to help information security executives achieve the new North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) version 5 compliance. The guidelines include strategic simulations, addressing employee "cyber hygiene," and more. goo.gl/JsZti0
MATERIALS – Gravity 0, Risk 0
On Sunday Anonymous attacked the Monsato Brazil website via a DDoS and took it offline. This is not the first attack Anonymous has conducted against Monsato. The hacktivist organization is protesting the use of GE Trees that they claim poisons land and displaces communities in Latin America. inagist.com/all/4478...
ENERGY – Gravity 0, Risk 0
An advanced actor used the IE vulnerability to target defense and energy companies, claims FireEye. The advanced actor then shared the vulnerability with another threat actor. The actors utilized watering hole attacks to try to compromise targeted organizations. The two attack groups are state sponsored, claim FireEye.goo.gl/LLn61j
ENTERTAINMENT – Gravity 0, Risk 0
Social media accounts of Tottenham Hotspurs were compromised after mocking tweets were posted on Twitter, claims the club. Shortly after Liverpool drew 3-3 with Crystal Palace (I'm still gutted), hackers allegedly posted an offending tweets mocking Liverpool’s draw. The club subsequently removed the tweets and apologized.goo.gl/ijxSw9
In other news...
A Twitter account associated with the Wall Street Journal (@WSJD) was hacked by the SEA yesterday afternoon. The account hijacking was targeted at one person in particular who seems to ruffle the hacktivist group’s feathers. The SEA tweeted out a picture of security expert Ira Winkler’s head on the body of a cockroach.
Winkler has been outspoken about the SEA’s actions and his belief that they are a group of under-skilled hackers with an over-inflated sense of self-importance. This past February, at the RSA cybersecurity conference, he stated, “These people are kind of like the cockroaches of the Internet at the moment.” I wonder, why did it take them almost three months to get their revenge?