Security professionals have had another busy week after hackers remained unaffected by the wave of law enforcement and government initiatives working to hamper their efforts.
Day to day we’ve seen reports of new malware variants, botnet takedowns and even successful cyber strikes on US White House staff. To make sure you didn’t miss any of the key moments over the past seven days V3 has detailed the key security lessons and insights to surface this week.
Heartbleed is still a problem
Research from Venafi has revealed that a staggering 76 percent of Global 2000 organisations are still vulnerable to attacks targeting the infamous Heartbleed SSL security flaw, despite its being uncovered over a year ago.
This is troubling when you consider how long it’s been around and how many publically available fixes and solutions there are for Heartbleed.
Hackers know where president Barack Obama has lunch
According to reports, the White House cyber strike that the US government tried to sweep under the carpet last Autumn was worse than initially reported.
CNN reported uncovering evidence that the hackers had accessed information on president Obama’s appointments and movements during the raid.
Europol is serious about its anti-botnet crusade
A task force comprising Europol, the Dutch National High Tech Crime Unit and the FBI, with support from Intel, Kaspersky and Shadowserver, reported taking down the Beebone botnet. The news is the latest step in Europol’s ongoing anti-botnet efforts and has been viewed as a key victory.
Beebone is believed to have compromised only 12,000 machines, but the botnet’s advanced “polymorphic downloader bot”, which allowed it to install different types of malware, made it one of the most sophisticated threats in the wild.
Businesses still have their heads in the sand regarding data breaches
Despite the wave of threats appearing in the wild, research from RSA found that over one third of global enterprises have no set systems or plans for dealing with a cyber attack.
The disturbing figure was revealed in RSA’s Closing the gap on breach readiness report which examined the security strategies of 1,000 companies that are members of the Security for Business Innovation Council.
But they still want to protect their crown jewels
Interestingly, despite having no data protection or remediation plans in place, Lloyd’s of London said that many firms are working to protect their profit margins and get cyber insurance policies in place.
Specifically, Lloyd’s reported seeing a 50 percent year-on-year increase in submissions for cyber insurance during the first quarter of this year.
The Snowden leaks haven’t damaged cloud trust as much as feared
When the Edward Snowden leaks first hit the headlines, analysts, politicians and privacy groups universally said that PRISM would have a disastrous effect on the cloud industry.
One of the worst forecasts came from research house Forrester, which argued in 2013 that the leaks would lead to a staggering £121.4bn dip in cloud sales.
However, two years on, Forrester has admitted that PRISM’s impact was smaller than it originally thought and that “such concerns were overblown”.