STE WILLIAMS

An unknown attacker has hijacked over 100,000 home routers and changed their DNS settings in a major campaign to steal login credentials from customers of several banks in Brazil.

Security vendor Radware first reported on the campaign in August. Since then, the campaign has exploded in scope from mostly targeting users of DLink DSL modem routers to targeting users of more than 70 different types of home routers.

In a report released Saturday, Chinese security vendor Qihoo 360’s Netlab team said it recently observed a significant increase in attempts to break into routers with weak passwords. About 88% of the devices that have been targeted so far in what Netlab is calling the GhostDNS campaign are located in Brazil.

The attackers are attempting to install a version of a previously known DNS hijacking exploit called DNSChanger on the routers and change their default settings so traffic gets redirected to a rogue server.  

When users attempt to access certain banks, the rouge server takes them to a phishing server hosting phishing pages that are clones of the account login page of the corresponding bank. The rogue server currently hosts phishing pages for 52 domains belonging to banks, cloud service providers, Netflix, and one cybersecurity firm.

In situations where the attackers are unable to guess the router passwords, they have been using a previously known exploit known as dnscfg.cgi to remotely configure DNS server settings on the routers without authenticating into them first.

Unlike previous DNSChanger campaigns, GhostDNS involves the use of an additional three submodules, which Netlab is calling Shell DNSChanger, Js DNSChanger, and PyPhp DNSChanger (after their programming languages). Together, the modules have more than 100 scripts for changing settings on more than 70 routers.

The ShellDNSChanger module includes 25 Shell scripts for attacking 21 routers and firmware. It features a third-party tool to scan IPs in a selected range of network segments in Brazil and uses the router information that is collected to try and crack passwords on their Web authentication pages.

The Js DNSChanger module, written in JavaScript, contains scripts for attacking six routers/firmware.

The PyPhpDNSChanger is the main module, with attack scripts for 47 different routers/firmware. Netlab says it discovered the module deployed on more than 100 servers, scanning for and attacking target router IPs in Brazil.

“The GhostDNS system poses a real threat to [the] Internet,” Netlab said in its advisory. “It is highly scaled, utilizes diverse attack [vectors, and] adopts automated attack process.”

Pascal Geenens, a cybersecurity evangelist for Radware who wrote about the start of the campaign in August, says GhostDNS is another example of how attackers have begun exploiting vulnerable consumer Internet of Things (IoT) devices in different ways.

Previously, attackers have hijacked IoT devices to create botnets for launching distributed denial-of-service (DDoS) attacks or to mine for cryptocurrencies and provide anonymizing proxy services.

With GhostDNS, attackers have demonstrated how they can exploit consumer routers to steal information that can be used to break into bank accounts and carry out other fraud. What is especially troubling about the attack is that many users of the compromised routers — especially those on older browsers — will have no indication their traffic is being redirected to a malicious server, he says.

“I’m a little bit surprised,” Geenen says about how much the DNS hijacking campaign in Brazil has evolved since August. “It’s not that easy to make an exploit work across that many routers.”

Configuration commands for each router can vary. In order to carry out a campaign such as GhostDNS, the attackers would have needed to find the commands for each of the targeted routers and developed scripts for changing them. Then they would have needed to test the scripts to see how well they worked.

For Internet users, campaigns such as GhostDNS are another reminder to keep IoT devices properly updated, Geenens says. “All the vulnerabilities that we have seen abused, whether it is for cryptomining or for DDoS, were vulnerabilities that were fixed,” he explains.

Attackers have learned that a majority of consumers don’t update their IoT devices promptly when patches for newly announced flaws become available. So it is not unusual to see adversaries attacking new vulnerabilities almost immediately after the flaws are disclosed, he says.

Related Content:

• FBI Warns Users to Reboot All SOHO Routers
• IoT Threats Triple Since 2017
• FBI Offers New IoT Security Tips
• 7 Imminent IoT Threats

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/100000-plus-home-routers-hijacked-in-campaign-to-steal-banking-credentials/d/d-id/1332946?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Facebook’s massive security breach took a turn for the worse last week when the company confirmed attackers may have gained access to third-party applications and websites that allow users to authenticate via Facebook Login.

It’s bad news on top of bad news for Facebook, which announced the massive incident on Sept. 28. At least 50 million users were affected when attackers exploited a series of bugs in the platform’s “View As” privacy feature, which lets people view their own profiles as though they were someone else – a friend, a stranger, etc. The three bugs had been in place for 14 months.

In July 2017, Facebook introduced a new video uploader, which contained the vulnerabilities that made this attack possible. For one, the uploader was not supposed to appear in the “View As” feature, but for some users it was active. When active, the uploader created an access token, which it was not supposed to do. This token was designed for the person a user was trying to view his or her profile as (a friend or stranger, for example), not for the account holder.

The access token serves as a key to keep people logged into their accounts so they don’t have to re-enter their credentials every time they use the app. An attacker could exploit the “View As” bugs to gain an access token, then pivot to other accounts and collect more.

There is “a real sort of irony here,” says Jeff Pollard, principal analyst at Forrester, in that a set of features designed for privacy became part of this chain of vulnerabilities.

Facebook began to investigate the problem when it noticed an uptick in user logins on Sept. 16. When it detected the bugs, the company alerted law enforcement, fixed the bugs, and reset the access tokens for 90 million accounts – the 50 million compromised, plus 40 million that had used the “View As” feature during the year prior. It also temporarily disabled the “View As” feature.

But much of the damage may have already been done – and we’re not even close to fully recognizing the full extent of how many users, and how much of their data, has been affected.

“This is the most severe security breach in the history of Facebook, affecting not just the company but the entire ecosystem around Facebook,” says Prabath Siriwardena, vice president of identity management and security for WSO2. “Facebook has worked to address the breach quickly, but until it announces its findings, we won’t know how deep the impact is.”

Just the Beginning
Guy Rosen, Facebook’s vice president of product management, said in a conference call on Friday that attackers may have leveraged Facebook Login to gain access to user accounts for other websites and applications. Facebook Login lets people use their Facebook usernames and passwords to register for and access different sites and services.

The feature was designed for convenience, not security, as it uses a person’s Facebook profile to verify his or her identity for accounts across the Web. If Facebook gets hacked, all the accounts that rely on Facebook for authentication are compromised as well.

“Facebook seems like it might be less affected than services that used Facebook for their logins,” Pollard says. “If the access token was compromised, the companies using Facebook Login could have more things done to them than Facebook itself.”

Account information could have been changed, he explains, or transactions could have been made without the user’s knowledge. If Facebook Login is used for several services, the risk of an attacker compromising multiple accounts is higher. This also puts pressure on third-party apps and services to make sure nothing happened to users and to notify them if something did.

“It’s a nightmare from a notification and third-party risk perspective,” Pollard adds. Businesses should understand which accounts were engaged and ensure no financial fraud was committed.

What would the attackers’ motivation be here?

“The only parties that would be interested in Facebook data are advertisers or nation-states trying to undermine or influence or change things in different countries,” points out Avivah Litan, Gartner vice president and distinguished analyst. Financially motivated cybercriminals don’t need to seek out information like birthdates or Social Security numbers, she continues. It’s all available to them on the Dark Web, the result of several major security breaches.

To breach Facebook “would be overkill” for financially driven attackers. They won’t find credit card numbers, financial records, or credit reports on Facebook.

What Can You Do?
For starters, steer clear of the Facebook Login feature. It can’t be trusted, Litan says, and this breach is a perfect example of why. “[Attackers] can get everything … they have your credentials, so they can log in as you,” she says.

WSO2’s Siriwardena recommends all confirmed or potentially affected users should check their privacy settings and credential recovery options both in Facebook and in other connected apps. There could be many, he adds, depending on how many apps logged into using Facebook Login.

Forrester’s Pollard recommends businesses view the Facebook breach as a warning. “Any company has to look at Facebook and realize if someone is determined to get in, they often can,” he says. Businesses should take a close look at their notification and incident-response practices.

There’s also an application security component worth bearing in mind, Pollard adds.

“More and more companies are relying on software to make money, to engage with customers,” he explains. “You have to prioritize application security and recognize all the code you use is a big part of your attack surface.”

No matter how strong your engineering team is, a clearly defined process for pushing code changes into production is needed, Siriwardena says. Security reviews must be included throughout the process, from design to development to deployment, and the process must be refined frequently, he adds. One small detail that gets overlooked could result in global effects.

Related Content:

• Stop Saying ‘Digital Pearl Harbor’
• ‘Short, Brutal Lives’: Life Expectancy for Malicious Domains
• 7 Most Prevalent Phishing Subject Lines
• How to Keep Up Security in a Bug-Infested World

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/when-facebook-gets-hacked-everyone-gets-hacked/d/d-id/1332953?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

From infrastructure hacking to physical pentesting, there’s a course for hackers and security pros of all experience levels at this special Trainings event, held in Chicago’s beautiful Sheraton Grand Hotel.

Black Hat Trainings will fill this premier waterfront hotel with experts from around the industry eager to help you hone your craft and learn new tricks. For example, there’s a fast-paced two-day class on “Advanced Infrastructure Hacking – 2018 Edition” in which infosec security experts from NotSoSecure Global Services will teach you a wide variety of neat, new and ridiculous techniques to compromise modern operating systems and networking devices.

If physical security is more your thing, CORE Group will be there to present a promising two-day class on “Physical Penetration Testing.” Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but they will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company’s security posture, or to augment their career as a penetration tester!

Of course, space in Black Hat Trainings is limited and courses fill up quickly. Register early to secure your seat in the course of your choice and save on your pass!

Article source: https://www.darkreading.com/sharpen-your-security-skills-at-black-hat-trainings-chicago!/d/d-id/1332938?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The preparedness of banks to deal with threats, such as a recently reported plan by criminals to launch mass attacks on ATM machines worldwide, would appear to be shaky at best considering the number of data breaches in the financial sector this year.

Security vendor Bitglass recently analyzed data breaches disclosed by banks, insurance companies, investment firms, and other financial services institutions thus far in 2018 and compared it with the same data from two years ago.

Between January and August this year, financial firms disclosed three times as many breaches as they did in the same period in 2016—103 in 2018 compared to 37 two years ago. The top three breaches alone this year compromised more records than the 64,512 records exposed in all of 2016, Bitglass said.

Hacking and malware were once again the primary causes like they were in 2016, and accounted for 74% of the data breaches that financial companies have disclosed so far this year. Nearly 15% of the breaches resulted from accidental data disclosures. 

Among the financial institutes that have disclosed breaches this year is RBC Royal Bank, Goldman Sachs, Fidelity Investments, Sallie Mae, and Dun Bradstreet. The biggest incident involved an employee at SunTrust Banks who stole the names, addresses, phone numbers, and account balances of some 1.5 million of the banks’ customers. In another instance, attackers managed to gain access to the Royal Bank of Canada’s travel rewards website and steal payment card data belonging to some 66,000 individuals.

The breach numbers suggest that while financial services companies spend more on cybersecurity than most other organizations — and are more heavily regulated than others — the sector as a whole doesn’t appear to becoming a whole lot more secure over time.

One of the reasons, of course, is that cybercriminals target banks and financial institutions more heavily than organizations in most other industries (with the exception of government and healthcare). Banks and other financial firms have significantly better defenses against malicious activities, but precisely for that reason they also tend to be targets of much more sophisticated threats.

Just one example of the constant and rapidly evolving threats that banks face is a new global campaign that cybercriminals are reportedly preparing to conduct large-scale theft from ATMs worldwide. The FBI has supposedly warned banks to be on the lookout for the attacks in coming months.

Another reason is that financial services institutions, like organizations in other sectors, have a tendency to over-rely on the tools they already have in place, says Jacob Serpa, product marketing manager at Bitglass. Companies often tend to stick with their existing tools because they have invested significant funds in them, and because they overestimate the ability of the products to deal with current and emerging threats, he says.

Regulations such as the Gramm-Leach-Bliley Act and PCI DSS have been useful in getting financial companies to pay more attention to security, but many continue to treat compliance with these regulations as the end goal of their security efforts.

“Companies should consider compliance with regulations like GLBA and PCI DSS as the bare minimum for cybersecurity, while understanding that much more needs to be done to be truly secure,” Serpa says.

Not Just About the Money

Market research firm IDC expects that enterprises worldwide will spend north of $91 billion on cybersecurity this year. Banks, the federal government, and discrete manufacturers will be the biggest spenders, with more than $27 billion in spending.

While such spending might indicate banks are getting better at security, that is not always the case. Deloitte’s cyber risk service practice earlier this year surveyed CISOs from 51 organizations in the financial services sector including banks, insurance companies, and investment management firms about their cyber risk management strategies.

Deloitte’s study showed that the amount of money an organization spends on cybersecurity doesn’t automatically translate to better security. Deloitte found that many financial companies with below average security spending had a better risk posture than companies that spent a lot more. Factors that did affect security were top-level accountability, a culture that emphasized shared responsibility for security, and a risk-focused approach to mitigating security threats.

At the same time, Deloitte also found that larger financial companies are not allocating enough resources to cybersecurity, with budgets ranging between 5% and 20% of the total IT budget, and the average hovering around 12%.

Related Content:

• Financial Services Organizations Face More Sophisticated Threats Than Others
• Cybercrime Costs for Financial Sector up 40% Since 2014
• ‘Hidden Tunnels’ Help Hackers Launch Financial Services Attack
• 7 Non-Financial Data Types to Secure

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/financial-sector-data-breaches-soar-despite-heavy-security-spending/d/d-id/1332958?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

In recent years, boards of directors have started to become more aware that they need to be concerned about cybersecurity. The work of answering questions about security primarily falls to the CISO. However, most board members don’t “speak cyber,” and most CISOs struggle to provide information that boards look for in a way that resonates with them, making board communication among the most challenging and critical responsibilities that CISOs face.

To help CISOs better communicate with boards, Kudelski Security recently surveyed its Client Advisory Council (CAC), a cybersecurity think tank comprised of security leaders from global enterprises including AES Corporation and Blue Cross Blue Shield. The survey found that the key to helping boards understand cybersecurity is to understand why they ask the questions they do. To that end, the CAC report details a strategy to help CISOs plan how to answer the five most challenging questions they’re likely to get asked by board members.

Question 1: Are we secure?
The question “Are we secure?” is the most common and challenging question CISOs get from the board. As CISOs know, this is not a simple “yes” or “no” question, and answering definitively can affect the security team’s credibility.

The key to answering this question is to understand exactly what the board is asking and how much they already know about cybersecurity. Was a competitor recently breached? Is a worldwide ransomware attack underway? Or is the person asking the question new to the board and simply wants an update on the security posture of the organization? Understanding the context will help determine the proper metrics to deliver.

Particularly for new board members, it’s important to talk about security as a journey, showing where the organization is today, where you want to go, and areas of progress. It’s also important to make it clear that there is no such thing as bulletproof security.

Question 2: How do we know if we’ve been breached?
When asking this question, boards want to know how well prepared the organization is to face the latest big attacks, and what the impact would be if they were targeted. They are likely also wondering how the company’s security program compares with peers and competitors.

This question also comes down to assurance. Boards likely know you can’t guarantee 100% security, so they are seeking confidence from the CISO that they have plans in place for a fast, effective breach response. 

One way to assure the board that the security team is ready to respond is by giving an overview of the incident response plan for specific threats, including how the team has effectively responded to threats in the past and any steps being taken to reduce dwell time. We also recommend talking about the cyber insurance policy and any third-party companies that can be called for response support and remediation.

Question 3: How does our security program compare with industry peers?
Budgets and bottom lines are top of mind for board members, so they want to know if you’re spending more or less on cybersecurity than peers.

One way to respond is to benchmark your security program’s maturity with an industry standard, such as the NIST Cybersecurity Framework. Start by communicating how the framework was selected and why it’s best for your enterprise. Then show how the program measures against this framework, highlighting your starting point and progress toward the target state. You can also compare your budget with peers, but this will take some effort because gathering comparative data isn’t easy. You can try using forums, events, research firms, industry peers, or your internal marketing department. The point to stress is that spending doesn’t necessarily indicate success — tools and programs must be tailored to protect the crown jewels of an organization based on the risks they face.

Question 4: Do we have enough resources for our cybersecurity program?
Board members want to know security investments are used wisely and whether the CISO really needs the resources he or she asks for. This means they first need to understand what is the “right” amount to spend on security.

The common approach in answering this question is to demonstrate how the cybersecurity program supports the organization’s mission, business model, and growth goals. Determine shortfalls in tools, staff, and external partnerships by looking at the program’s current maturity and associated business risk. This approach is the best bet for getting approval on funding requests. Also, show the progress you’ve made with current resources such as people, processes, and existing technologies. Try to establish an open dialogue about the potential ROI in program maturity improvements that additional resources would bring.

If budget and resource constraints are keeping the security team from achieving program goals, CISOs should emphasize the progress being made (or not) with existing resources, and possible solutions. For example, if it’s a skills shortage issue, one solution to suggest is hiring less-experienced and therefore less-expensive candidates with a passion to learn.

Question 5: How effective is our security program, and is our investment properly aligned?
The key to answering this question is to show alignment between the security program and investment strategy. Although perfect security is impossible, security programs must constantly evolve to stay ahead of the latest threats. Reiterate current and target security states for each element of your program and show how much the team has improved. Show how supporting resources fit into the security program, where the gaps are, and what investments are needed.

As board members become more aware of cybersecurity issues and the potential threats to their organizations, CISOs must be more adept at understanding what boards need so they can address their questions clearly and confidently. Today’s CISOs can succeed if they embrace a strategic vision for their program and utilize stories and metrics that support a true partnership with a shared cybersecurity vision.

Related Content:

• Who Does What in Cybersecurity at the C-Level
• Managing Data the Way We Manage Money
• 6 Security Training Hacks to Increase Cyber IQ Org-Wide
• The Data Security Landscape Is Shifting: Is Your Company Prepared?

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

John Hellickson has more than 25 years of IT experience, the last two decades focused on security and risk management. He’s served as an executive security consultant and trusted partner, providing companies with risk management strategies aligning technology, people, and … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/cisos-how-to-answer-the-5-questions-boards-will-ask-you/a/d-id/1332914?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Make no mistake: The global cyber-threat landscape is more active than ever. We’re all aware of the US Department of Homeland Security’s recent revelations about Russia’s 2017 efforts to penetrate American electric utilities and other critical infrastructure sectors and the NotPetya worm that spread from Ukraine to over 130 countries, costing upward of $10 billion. Just this past July, multiple senior US officials said that “Iran is making preparations that would enable denial-of-service attacks against thousands of electric grids, water plants, and healthcare and technology companies” in the US, Europe, and Middle East.

Indeed, many nation-states are free to maneuver in cyberspace in a way they can’t at sea, in the air, or on land, where surveillance technologies, deterrence regimes, and international laws and norms keep actors and activities in check. This shouldn’t be a surprise. Deterrence, laws, and norms are largely absent from cyberspace, and while humans have better tools to thwart incidents than ever before, technology is no cure-all. The result is a disruptive infusion of non-kinetic (that is, not physically manifested) asymmetry between governments, often leaving businesses and individuals in the crosshairs. In this new competition, those who embrace digital hyperconnectivity and openness find themselves more vulnerable and subject to greater consequences than their less-connected counterparts.

Despite the alarming analogies to a “digital Pearl Harbor” and “cyber 9/11,” the raucous rhetoric often distracts us from the more likely consequences of cyber threats to our critical infrastructure.

The military has a term for what’s playing out in civilian cyberspace: intelligence preparation of the operational environment (IPOE) or “the process to analyze the adversary and other relevant aspects of the [operating environment] in order to identify possible course of action.” IPOE was conceived for the physical world in which humans, aircraft, and satellites carry out operations to support military contingency plans. IPOE perfectly describes how some nations are employing hackers against critical infrastructure. Short of attacking, they’re gaining persistent access to high-value targets and positioning themselves to remotely deliver payloads in the event of escalated hostilities or geopolitical turmoil.

Perhaps most concerning about these cyber preparations are the targets themselves, which are almost entirely civilian in nature and highly important to our daily lives and businesses. Russia’s two-year campaign against critical infrastructure, for example, targeted companies in the energy, public utility, and nuclear sectors, as well as commercial vendors. Likewise, recently discovered malware known as VPNFilter primarily targets home and small-office routers. This revelation prompted the FBI to conscript the public into neutralizing the malware by urging citizens to reboot their devices.

Second, the time it takes to execute a pre-positioned cyber capability is measured in minutes and hours, compared with the days and weeks its takes to mobilize ground, naval, or aviation assets in the physical world. In industrial and critical infrastructure environments, once cyber actors gain persistent and credentialed access to the right equipment, they need not deploy sophisticated malware to affect a target. Instead, they can simply issue a few commands to change critical processes and logic. With the right understanding of the target environment, these changes can lead to physical damage and unsafe conditions.

Finally, there’s the question of intent. Consider last year’s operation that gained access to a safety system at a petrochemical plant in the Middle East. In this case, the hackers targeted a commercial asset specifically designed to prevent hazardous leaks or even explosions in industrial facilities. The malware was detected because of some faulty code that tripped the plant into safe mode, prompting the operators to shut down the facility. Upon investigating the incident, no payload was discovered.

Are we to assume that the perpetrators were just testing their tools, or did they intend to put lives at risk by disabling the petrochemical’s safety equipment? In truth, intent is often impossible to assess with high confidence from technical forensics alone. As the former White House cyber coordinator Rob Joyce recently explained at Black Hat, this ambiguity is destabilizing and, under the right circumstances, could lead to an actual war between powers due to miscommunication and misunderstanding.

The frequency and volume of these operations will only increase if we don’t start calling it like it is. Rhetorical representations of “cyber war” in the absence of neither observable, kinetic effects nor the political palatability to declare heightened conflict distorts the nature of the digital domain and sends mixed signals. Physical effects will not always be the minimum threshold for defining war, but it is the prevailing standard in most jurisdictions today.

Likewise, repeated analogies to historical acts of war are not just often ill-conceived, they also distract us from the more likely threats, such as subtle data manipulation and targeted anti-integrity attacks against industrial control systems that have already cost companies millions of dollars to recover from and puts peoples’ safety at risk. And calling certain operations an “attack” when the actors intentionally refrained from pulling the trigger grants them domestic and international license to dismiss evidence as propaganda and continue to grow their access into our most critical networks.

Lastly, short of war, cyber activities almost always benefit the aggressor because their behavior is ungoverned by international law or diplomatic norms. Some technology executives representing the likes of Microsoft, Facebook, and Cisco recently called for a Cyber Geneva Convention to protect “innocent citizens and enterprises” from this gray area. We don’t need a new charter, but we must adapt the existing one to account for sub-war activities in cyberspace that hold nonmilitary targets, and therefore civilians, at risk. In this regard, tech companies, not government appointees, must be our most vocal and active ambassadors.

We’re not at cyber war, but a sub-war battle is raging. Industry, government, and civilization as a whole must work together to reverse this norm.

Related Content:

• Mirai Authors Escape Jail Time – But Here Are 7 Other Criminal Hackers Who Didn’t
• How to Keep Up Security in a Bug-Infested World
• The Human Factor in Social Media Risk
• Hacking Back: Simply a Bad Idea

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Dave Weinstein is the vice president of threat research at Claroty and a non-resident fellow at New America.  Prior to joining Claroty, he was the chief technology officer of New Jersey, where he served in the governor’s cabinet and was responsible for delivering and … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/stop-saying-digital-pearl-harbor/a/d-id/1332932?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple