Banks urged to tighten security as hacks continue


The global banking system is (still) under attack. SWIFT, the messaging network that connects the world’s banks, says it has identified new hacks targeting its members, and it is warning them to beef up security in the face of “ongoing attacks.” It did not name the banks affected. The warning follows cyberattacks on banks in Bangladesh, Vietnam, the Philippines and Ecuador in which malware was used to circumvent local security systems, and in some cases, steal money. An attack on Bangladesh’s central bank yielded $101 million. Ecuador’s Banco del Austro was hit for $12 million. The message from SWIFT, which was first reported by Reuters, urges banks to protect themselves against the “persistent, adaptive and sophisticated” attacks, which use a similar method to crack their local…Read More


Apple zero-days mark a new era of mobile hacking — TechCrunch

Krstic announced that Apple was launching a bug bounty program, offering $50,000 for zero-day vulnerabilities that allow malicious code exploits in the kernel, among other rewards. The thinking behind the bug bounty, according to Apple, is that discovering zero-day vulnerabilities — security problems that are unknown by a company but exploited by an attacker —…

via Apple zero-days mark a new era of mobile hacking — TechCrunch

Asian companies have world’s worst cybersecurity says study

Source: BBC News

Many Asian organisations are badly defended against cyber-attacks, a year-long investigation by US security company Mandiant indicates.

The median time between a breach and its discovery was 520 days, it says. That is three times the global average.

Asia was also 80% more likely to be targeted by hackers than other parts of the world, the report said.

It said an average of 3.7GB in data had been stolen in each attack, which could be tens of thousands of documents.

However, the bulk of the incidents were not made public because the region lacks breach disclosure laws.

Grady Summers, the chief technology officer of Mandiant’s parent company, FireEye, said the findings were “very concerning”.

“We knew responses to cyber-incidents here in Asia often lag those elsewhere, but we didn’t know it was by this much,” he told the BBC.

As part of the study, Mandiant hacked into one organisation’s network with its permission to see how vulnerable it was.

“Within three days we had the keys to the kingdom,” Mr Summers said. “If an expert group of hackers can do the same in three days, imagine what can they do in 520 days.”

National threat

Mandiant has published a global security report for the past six years, but this is the first time it has focused on Asia.

The report is based on the company’s investigations last year, each of which analyzed an average of 22,000 machines.

Leaving breaches undiscovered or unreported for too long can ultimately compromise a country’s economic competitiveness or national security, Mandiant warns.

Hackers could take over key infrastructure such as power stations, which happened in the Ukraine, and potentially even transport systems in so-called smart cities.

On a consumer level, personal information can be used for fraudulent purposes. More than 500 million digital identities were stolen or exposed last year, an earlierreport by security company Symantec suggests.

“Threats to corporate data are now a critical business concern for nearly every company,” said Richard Fenning, chief executive of Control Risks, another security company.

“Hackers, whether malevolent teenagers or malicious states, are the leading disrupters of our age. [There’s] no simple, single fix.

“Technology can help, but we must also shift how we think about digital security and have nimble leadership when the near-inevitable breach occurs.”


State-sponsored attacks

Mandiant suggests that the bulk of cyber-attacks in Asia are state-sponsored and target areas with heightened geopolitical tensions, such as the South China Sea.

Governments, financial institutions, energy, education research, healthcare, aerospace and defence had “long been a favourite target” of hackers who look to either destroy or use the stolen material for extortion, it said.

There had been a decrease in the number of attacks in the US and western Europe by Chinese hackers, Mr Summers added, because China seemed to be refocusing its efforts to other parts of Asia.


‘Not doing enough’

Asian organisations were ill-equipped to defend their networks from attackers because “they frequently lack basic response processes and plans, threat intelligence, technology and expertise”, Mr Summers said.

“They’re not doing enough,” he said.

“But they’re starting to wake up to the reality of the threats.

“In the US, we were going through this realisation 10 years ago, so we have a head start.”