Posts Tagged: "hackers"

Yesterday, U.S. Senators Thom Tillis (R-NC), Richard Blumenthal (D-CT), John Cornyn (R-TX), and Ben Sasse (R-NE) sent a letter to Federal Bureau of Investigation (FBI) Director Christopher Wray and Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs regarding a notice issued last week by their agencies alerting American companies and research institutions about attempted attacks by hackers affiliated with the Chinese government.  According to the notice, these hackers “have been observed attempting to identify and illicitly obtain valuable …. (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.”

Imagine the following scenario: You have an idea for a new mobile application. As adoption of the app picks up, so does your business, and you hire more employees to provide sales and support assistance. You are on your way to transforming your startup into a successful business. Needing additional capital to scale the business more quickly, you identify a strategic partner interested in investing in your business. Before you can close on the funding, several employees report that they did not receive their paychecks through the direct deposit system. The investigation reveals that several months ago, your organization received a series of spear phishing emails. You learn that multiple employees opened the email and its attachment giving the cybercriminals access to your systems. Not only are you out the payroll money, but you also learn that in addition to your employees’ banking information, the criminals had access to your customer contact information and the source code for your app. A cyberattack is an unwelcome event for any company, but the effects can be especially detrimental to a startup, with 60% or more of small businesses that experience a data breach going out of business within a year of the breach. It is impossible for any size business to guarantee a system that is fully secure. However, not all companies have millions of dollars to invest in cybersecurity and by allocating even limited funds to assessing your data privacy risks, implementing a protection plan and creating an incident response plan, a startup can significantly improve its chances of surviving a cyberattack.

SafeBreach recently announced the issuance of three U.S. patents in the field of breach and attack simulation. This news follows weeks after SafeBreach closed a $15 million series B round of funding involving backing from major payment solutions firm PayPal.

To get the case off the ground, the court will decide whether Equifax can be sued in the first place – it’s tricky, because different federal circuits disagree about when this can happen. So, courts in Delaware, Illinois and Washington DC (for example) would allow the plaintiffs to proceed merely because their data is at risk after a hack. This is pretty easy to show. On the other hand though, New York, Conneticut and North Carolina would need to see not just a leak, but that the leaked data has actually been misused afterwards. Equifax HQ is in Atlanta, the 11th circuit. Although those courts have a history of recognising that difficulty (and so supporting data victim lawsuits), it hasn’t yet come down firmly on the question of risk vs misuse.

The privacy implications of the driverless car are significant. The data that such a vehicle could collect and the potential uses of that data could be extraordinarily intrusive. Driverless cars could provide both historic and real-time, continuous geolocation data. Companies could utilize this data to determine not only your current location and destination but also every place that you have been. This data could lead to commercially valuable, but extremely sensitive and intimate information about individuals being discovered. Advertisers may be able to discern the purchasing patterns of individuals by tracking what stores they frequent. Insurers may be able to determine what the lifestyle of individuals is like by following their daily activities (e.g., constant trips to the gym) and dining habits (e.g., persistent trips to fast food restaurants).

Yesterday the Federal Trade Commission (FTC) announced that Oracle has agreed to settle charges that it deceived consumers about the security provided by updates to its Java Platform, Standard Edition software (Java SE), which is installed on more than 850 million personal computers. The FTC will now publish a description of the consent agreement in the Federal Register. The agreement will be subject to public comment for 30 days, beginning yesterday and continuing through Jan. 20, 2016. Thereafter the Commission will decide whether to make the proposed consent order final, which is typically the outcome.

Our latest Tech Round-Up here on IPWatchdog takes a brief glance at many of the stories which have caught our attention in recent days. As he often does, Elon Musk takes center-stage in a couple of news items regarding challenges he’ll be facing in the realms of space travel as well as electric vehicles. In Europe, the first successful installation of light-based wireless Internet could be the first step in a new age of Internet connectivity. Data breaches and genetically modified foods round out our discussion of recent events in the worlds of high-tech and science.

As card-present transactions become less susceptible to fraud because of the shift to EMV chip card technologies, it’s expected that more fraud will shift to online platforms where it’s still relatively easy to input fraudulent financial information without being noticed; some reports indicate that online retail fraud in the U.S. alone is expected to rise by 106 percent in three years after October’s EMV liability shift from banks to business owners. One way that businesses conducting sales online can get themselves ready to respond quickly to fraud is through effective planning prior to major sales events like Black Friday or, perhaps more important when thinking about e-commerce, Cyber Monday. If those workers handling fulfillment of online orders are more aware of expected sales projections, it will help them be more aware of clues that the business might be a target for fraud if actual sales figures differ wildly.

The same technology that makes it easy for you to stay in touch with the office also makes it easy for nefarious individuals to hack your communications and into our devices. Because office computers are generally connected to the same network if a hacker is able to gain access to one machine that shares the network connection they can potentially, and sometimes quite easily, gain access to all of the machines and information on the network. What this means is that computers on the same Wi-Fi network can potentially have access to any unencrypted information that pass through that network.

By the end of 2015, about 40% of all credit and debit card transactions will use EMV cards. To process payments on EMV cards, businesses must upgrade to new card processing or point-of-sale technologies.

Law firms are coming under growing scrutiny for a lack of effort in addressing hacking concerns or even coming clean with the threats which they have faced. A cybersecurity report released in February of this year by Citigroup Inc. (NYSE:C) lambasted law firms for being at high risk for cyber intrusions while the industry standard for cybersecurity remains much lower than for other industries. Law firms who deal with incredibly valuable intellectual properties should be acutely aware of the risks that they face from hackers, especially those from overseas. Patented technologies have been the target of international hackers in recent months. Just this May, the U.S. Justice Department charged six Chinese nationals with stealing IP related to wireless technologies developed by a couple of American companies.

The titans of the 19th Century made fortunes because they controlled access to the raw materials and infrastructure of commerce: steel, oil, lumber, railroads, canals, shipping. In contrast, the Third Industrial Revolution creates value not just from ideas that improve our ability to transform materials, but from information itself. This shift to intangible assets has been profound, but so swift that few have paid sufficient attention to the magnitude of the change. In the Information Age, your secrets – a new technology, a business plan, insights extracted from data analytics – define your competitive advantage. And because business is global, competition can emerge anywhere, anytime.