SAN FRANCISCO — A conference of Internet-security experts is not for the faint of heart.
Hallway chatter and keynote speeches are peppered with scary stories of increasingly sophisticated hackers siphoning off valuable personal and corporate data.
In the words of one expert, the bad guys are outmaneuvering those charged with keeping the wired world safe.
The recent wave of corporate-data breaches and cyberattacks provided plenty of fodder for a weeklong cybersecurity conference in San Francisco. About 28,000 threat analysts, security vendors and corporate IT administrators gathered to talk about malicious software, spear-phishing and other attacks that can steal money or secrets from companies and consumers.
Growing concern over cyberthreats has been good for business, driving up revenue and stock prices for many security firms. But researchers say the dangers are real: Last year saw a record number of commercial-data breaches and “denial of service” attacks, the latter aimed at shutting down websites by flooding them with bogus traffic.
Highlights from this year’s RSA conference, named for its chief sponsor, the RSA security division of tech firm EMC Inc.:
Phishing works
Many data breaches are the result of human error, especially people falling for bogus phishing emails, text messages or websites that appear to come from acquaintances or trusted companies.
Phishing attacks are a favored tactic of hackers working for foreign governments and criminal groups because they trick their targets into handing over passwords or clicking on links that install malicious programs. Verizon researchers estimate 1 in 5 phishing emails was read by its target and 1 in 10 persuaded someone to open an attachment.
“It only takes one person to click” on a link or attachment and put their employer’s entire network at risk, said Verizon senior analyst Marc Spitler.
Easy targets
As more home appliances are connected to the Internet, experts warn that they are vulnerable to hackers intending mischief or worse. Although hacking incidents have been rare, researchers warn that manufacturers aren’t considering security in connected devices.
In separate reports, experts at security firms Veracode and Laconicly said they found vulnerabilities in home systems that control lights, thermostats and garage-door openers from a smartphone or other device.
Sophisticated hackers
Hackers are sharing information about software vulnerabilities in a variety of industries, faster than many companies install “patches” to repair them, several researchers said. Cyberattackers also increasingly are using programs that can scout a computer network and change behavior depending on what defenses they encounter.
Even novice hackers can get their hands on tools to carry out sophisticated attacks. “Writing malware is not the hard part anymore. You can buy it” from other hackers online, said Ryan Olson, intelligence director at Palo Alto Networks.
One common refrain at the conference is that companies must get better at detecting and containing computer breaches because old methods of prevention aren’t working.
The conference also drew federal officials, who urged more sharing of information about hacking attacks. Homeland Security Secretary Jeh Johnson said his department will open a Silicon Valley office to build partnerships and recruit people with cyberskills.
source: http://ift.tt/1Edch84
from cyber security caucus http://ift.tt/1dkn4o6
via IFTTT
No comments:
Post a Comment