Seven state insurance commissioners conclude in a new in-depth report that the massive cyberattack on Anthem Inc. was carried out by a hacker on behalf of a nation-state. But they stop short of naming the nation involved or penalizing Anthem for the breach that affected 80 million.
Because cyberattackers are now using memory-resident malware that leave no trace on the disk, forensics experts using traditional methods will face a challenge, says Christopher Novak, director of Verizon's global investigative response unit.
The English-language broadcaster RT, which has been closely linked to the Kremlin, is part of an ongoing Russian operation designed to sow distrust in democratic institutions, according to U.S intelligence agencies. Our collective poor cybersecurity practices only make its mission easier.
The KillDisk disk-wiping malware, previously tied to espionage operations, has been updated with crypto-locking capabilities and now targets Linux as well as Windows systems. But security experts warn that attackers using the Linux variant have no way to furnish a decryption key.
To deal with the risks posed by the explosive growth of the internet of things, CISOs and CIOs must expand the scope of their security efforts, says Ganesh Ramamoorthy, vice president of research at Gartner.
Hackers will hack, but any attempt to attribute attacks back to an individual, group or state apparatus too often involves political agendas, cybersecurity marketing moves, attempts to deflect blame or outright errors of interpretation.
Hackers have apparently hijacked potentially thousands of vulnerable MongoDB databases and demanded ransoms for the return of critical data, with some victims paying up, according to security researchers.
A task force led by two lawmakers and a former U.S. CIO recommends the new administration should jettison outdated ways the federal government tackles cybersecurity, saying in a just-issued report: "Once-powerful ideas have been transformed into clichés."
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.
Advanced threats are multi-layered and borderless - and so are today's enterprises. These are among the factors pushing organizations to adopt the Intelligent Hybrid Security approach, says Anil Nandigam of NSFOCUS.
As the Trump administration begins, expect a ramp-up in cyber espionage as well as more "test attacks" by nation-states, says cybersecurity specialist Brad Medairy of the consultancy Booz Allen Hamilton.
An analysis of a National Institute of Standards and Technology initiative to identify algorithms that could defend encryption against attacks from quantum computers leads the latest edition of the ISMG Security Report. Also featured: An update on new FDA guidance on cybersecurity for medical devices.
Because cyber threats are becoming increasingly sophisticated, bolstering employee and customer awareness and training about ransomware, phishing and other cyber risks must be a top priority in 2017, says Curt Kwak, CIO of Proliance Surgeons.
Will more "historical" breaches be revealed in 2017 and beyond? Data breach expert Troy Hunt is optimistic that such revelations will become rare as large businesses operating online continue to improve security. But what about small and mid-size organizations?
With the rise of malware infecting IoT devices, DDoS defenders "have to assume that the attackers have an unlimited supply of machines that they can compromise," says Akamai's Michael Smith. But quarantines, ISP feedback loops and better patch management can bolster defenses.