Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: Evidence points to Russian culprit in the cyber attack on the Ukraine power grid and now new information leads officials to believe that the same software has been found in large Ukrainian mining and rail companies. A worldwide survey complied of all the encrypted technologies and systems leads to the belief that encryption is everywhere and the US ban on encryption is inefficient. Surprisingly online fraud has seen a dip during Valentine’s Day. Lastly, a fascinating story of auto theft gone wrong. The thieves have been identified through their phone that connected to the UConnect system in a Jeep.
Ukraine sees Russian hand in cyber attacks on power grid Publication: Reuters Reporter name: Pavel Polityuk
Hackers used a Russian-based internet provider and made phone calls from inside Russia as part of a coordinated cyber attack on Ukraine’s power grid in December, Ukraine’s energy ministry said on Friday. The incident was widely seen as the first known power outage caused by a cyber attack, and has prompted fears both within Ukraine and outside that other critical infrastructure could be vulnerable. Researchers at Trend Micro, one of the world’s biggest security software firms, said this week that the software used to infect the Ukrainian utilities has also been found in the networks of a large Ukrainian mining company and a rail company.
Encryption Is Worldwide: Yet Another Reason Why a US Ban Makes No Sense Publication: Wired Reporter name: Kim Zetter
Some of the smartest minds in cryptography have explained at length that backdoors are a bad idea because they make us all inherently less secure. But legislated backdoors make no sense for yet another reason: the criminals, terrorists, pedophiles and others whom governments hope to target would simply use encryption products made in countries that don’t require mandatory portals. A new worldwide survey of encryption products, compiled by noted cryptographer Bruce Schneier and colleagues Kathleen Seidel and Saranya Vijayakumar, shows just how rich the worldwide catalogue of encryption products is for anyone seeking alternatives. Schneier compiled the list as part of his fellowship at Harvard University’s Berkman Center for Internet and Society.
Risky business? Online dating fraud dips during Valentine’s Day Publication: NetworkWorld Reporter name: CSO Staff
According to an analysis of hundreds of millions of online dating transactions by device intelligence and fraud prevention company iovation, fraud on online dating sites is lower leading up to Valentine’s Day. In February 2015, 1.23 percent of all online dating transactions were fraudulent, compared to 1.39 percent during all of 2015, according to iovation. This doesn’t mean that fraudsters are sentimental, but rather that there are more legitimate fish in the online dating sea. “The reason that online fraud rates dip at Valentine’s Day is simply because there is a disproportionately high volume of legitimate dating site traffic during that time,” said iovation’s VP of Operations Molly O’Hearn. “So it’s not that the fraudsters are taking a breather, it’s that the legitimate users of data services ramp up, causing the ratio of fraud in the mix to temporarily decline.”
Opsec fail: Baltimore teen car thieves paired phones with Jeep UConnect Publication: Ars Technica Reporter name: Sean Gallagher
Since he happens to work in IT at a Baltimore-based cyber-security firm, he showed a coworker the list—launching an open source intelligence gathering operation to identify more of the culprits. One of the phones’ names matched the name of an Instagram account belonging to a teen in South Baltimore who appears to match one of the individuals caught in the Nest footage. And that account’s contacts included another individual whose name matches one of the phones on the list.