Friday, October 11, 2013

Week 7 Blog

Government Agencies = New Target for Attackers


Attackers have released a new virus that is seemingly only attacking government organizations. (The Yomiuri Shimbun, 2013) “Attackers implant a virus on certain websites. When people using targeted computers browse these sites, the computers [become] infected with the virus. The virus [does] not attack non-targeted computers” (The Yomiuri Shimbun, 2013). More specifically, “The virus is designed to infect only computers of certain IP addresses when users browse the altered websites on those computers” (The Yomiuri Shimbun, 2013). It’s funny to me that this new virus basically skips certain computers and only goes for government based computers. It seems like an attacker would want to take down every person that they could since they have the opportunity.

It's so fascinating that the attackers are only after governmental organizations. Obviously, there is some internal motive for these attacks. For instance, “The attackers alter websites that are frequently browsed by employees of government administrative organizations who are members of the websites. The attackers then implanted the virus on those websites, letting it await the chance to infect targeted computers so they could steal confidential information by taking control of the computers remotely” (The Yomiuri Shimbun, 2013). The attackers have a great attack mechanism in place. It seems like these attackers really had to think about their attack mechanism thoroughly so that they would be sure it worked. I am also amazed that the attackers are stealing confidential information remotely.

The attackers have really outdone their selves on this virus because “the virus is designed to infect only computers of certain IP address when users browse altered websites on those computers” (The Yomiuri Shimbun, 2013). This is just such a crazy technique for a hacker to apply when using a virus because they are clearly only targeting certain people. More interesting is the fact that, “Ordinary people using computers [. . .] are not targeted by the attackers [and they will] not get infected with the virus. [Therefore,] it is difficult for the cyber-attacks to be discovered” (The Yomiuri Shimbun, 2013). While it seems like attackers would want to take as many victims as possible these attackers don't seem to care about this approach at all. Clearly, these attackers are using other people to get to their real victims. Obviously, people who are not targets will be really happy to hear about this because they don’t have much to fear as far as becoming infected with a virus. However, governmental agencies should be very concerned because they could easily become the victim of an attack.

Reference:
The Yomiuri Shimbun. (2013, October 9). New Type of Cyber-Attack Targets Govt Bodies, Firms. Retrieved October 11, 2013, from The Japan News: http://the-japan-news.com/news/article/0000711266

Posted by at No comments:

Sunday, October 6, 2013

Week 6 Blog


Adobe Got Hacked

The world of Information Security is of course ever growing. Throughout all of the warnings, companies are still not choosing the best means possible to protect their customer’s personal information. Recently, Adobe was hacked. The attackers were able to obtain “customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.” (King, 2013) In fact, 3 million accounts were compromised by the attack on Adobe. (King, 2013)



            While the attackers were only able to compromise encrypted credit and debit card numbers, my concern is that the attackers maybe be able to decrypt this information in the future. It is unclear as to what type of encryption algorithms Adobe was using. Obviously, it is our hope that they used the strongest encryption algorithm possible but this does not guarantee any customer security on the matter. However, Adobe has taken some immediate action to reset all adobe passwords. (King, 2013) Therefore, Adobe has made a few attempts to help their customers.       

            Holding a customer’ private information is a very difficult task that all businesses will face. It is important that businesses employ information security professionals in order to help mitigate the risk of being vulnerable to attackers. However, eliminating all risks is not necessarily easily done. It is important to protect customer’s information because you run the risk of jeopardizing your own company’s reputation. If a business loses their reputation, they may face scrutiny from the public and even face losses in sales. It is so important that businesses take information security very seriously.

References

King, R. (2013, October 3). Adobe hacked, 3 million accounts compromised. Retrieved October 6, 2013, from CNET: http://news.cnet.com/8301-1009_3-57605962-83/adobe-hacked-3-million-accounts-compromised/
Posted by at No comments:
Subscribe to: Posts (Atom)