Thursday, June 11, 2015

Have you been hacked? Proclaim it from the rooftops

Managing a cyber crisis is a subject taught in growing enterprise environments. But yesterday Kaspersky company gave a live lesson: notify customers, provide comprehensive and clear information on the incident, for all profiles, and turn it into an opportunity to show how well do you know your job. We will  talk about Stuxnet, made by the same attackers, notify about a serious hole in iOS and we´ll announce an interesting security meeting tomorrow in Barcelona.

We have been bombarded with news about a hacking intrusion into one of the major security companies in the world, Kaspersky, using an advanced malware, the second part of another well-known: Duqu-2. It runs in memory, use encryption and compression algorithms to hide and exploits various 0days. Possibly is a work of a government which would have the same bug attack other targets, including Iran. Israel has denied any possible involvement. And in the middle of the mess, the World applauds communication management made by Kaspersky about the attack.
Certainly Duqu is from the same factory as Stuxnet, the virus created to attack nuclear plants in Iran, which can even cause them physicall damage, confessed work of the US and Israel. Today we have known that 153 computers are still infected by this malware unknowingly in Iran, India, Indonesia and Saudi Arabia. The worst is they are no longer under the control of the United States but of  the first who attack these machines.

We also note the news of a serious hole in iOS, specifically in the email application by default, which would also allow phishing attacks (sending malicious mails) to steal passwords from iCloud. We recall that yesterday we warned of the danger of uploading  private information to iCloud and other clouds, the danger of theft and blackmail by criminals or ex-couples.

We ended up with a recommendation: OWASP veteran Meeting, Friday in Barcelona, will bring together leading security experts to discuss attacks in the cloud, securitization of personal databases, secure application development, DevOps, corporate security and APTs. Admission is free.

It's been a really busy week for computer security, which will climax a relevant OWASP talks. Not to miss.


Post a Comment