Every day, the line between cyber-threats and physical threats grows thinner – blurring the crucial distinction between attacks on networks and attacks on materials objects. 225,000 Ukrainians learned this in January of 2016 when they lost power following a cyber-attack on a Ukrainian power grid. The rise of the Internet ...

The Cipher Brief’s Luke Penn-Hall sat down with Steve Grobman, Intel Fellow and Chief Technology Officer for Intel Security, at the annual Black Hat cybersecurity conference, which took place in early August. Steve discussed how he views the threat from ransomware evolving. The Cipher Brief: How do you see ransomware ...

The Cipher Brief’s Luke Penn-Hall spoke to Tom Parker, Chief Technology Officer for FusionX, at the annual Black Hat cybersecurity conference that took place in early August. Parker shared his view of the threat landscape to Supervisory Control and Data Acqusition (SCADA) systems and other critical industrial infrastructure. The Cipher ...

Given the growth of the cyber-threat matrix, many IT system users have found that conventional defenses—firewalls, anti-virus applications, blocking software, and malware detection regimes—are only as effective as the last attack.  Porous perimeter defenses can slow system operating speeds and require continuous upgrading to remain effective. Commercial and government operators ...

If my first day at Black Hat was all about insider threats and ransomware, my second was focused on attackers. I had the opportunity to speak with a number of experts about how attackers are hitting systems and - arguably more importantly – why they are doing so. So what ...

The Cipher Brief’s Luke Penn-Hall is currently attending Black Hat, a premiere information security conference in Las Vegas, Nevada.  Here’s his update from Day 1: What is a USB Drop Attack?  That’s what I learned about today at a brief focused on assessing how often people actually plug strange USB ...

Trying to keep malware off your computer is standard practice at this point, but not many people know that malware also poses a threat to their phones. The Cipher Brief asked Ravi Devireddy, CTO and co-founder of E8-Security, about mobile phone malware. According to Devireddy, the problem is not as ...

A global cybersecurity talent crisis is threatening both the public and private sectors, a new report released on Wednesday has found, leaving businesses and countries more vulnerable to attackers. The new study, “Hacking the Skills Shortage” by Intel Security and CSIS, surveyed eight countries — Australia, France, Germany, Israel, Japan, ...

As hackers continue to grow more sophisticated, many firms are struggling to find ways to ensure that their systems are secure. In support of that goal, some have found a measure of success with bug bounty programs, which allow firms to crowdsource the identification of vulnerabilities. The Cipher Brief asked ...

Hillary Clinton may have dodged an indictment when the FBI announced it would not recommend criminal charges against her for using a private email server while Secretary of State, but the State Department itself took a hit on account of its overall security culture. During the FBI announcement last week ...

One year ago, on July 10, 2015, Katherine Archuleta resigned her position as Director of the Office of Personnel Management (OPM) in the face of intense criticism following the announcement that OPM had been the victim of the worst breach of a government network in U.S. history. The actual breach ...

It has been a little over a year since the Office of Personnel Management announced that it had been breached. Since that time, the federal government has taken an array of steps to improve its cybersecurity posture and avoid another major breach. The Cipher Brief spoke to John Davis, Vice ...

The Office of Personnel Management (OPM) was the victim of a cyber-attack in 2014.  Hackers (the Chinese are suspected) gained access to OPM’s local-area network on or about May 7, 2014 by stealing credentials and then planting malware and creating a backdoor for exfiltration.  Actual exfiltration of data on background ...

NATO has much to discuss at its annual summit in Warsaw on July 8 – 9.  From the implications of the UK’s decision to exit the EU, to aggressive Russian actions in the Baltics, to the war with ISIS, to terror attacks and refugee flows across Europe, to instability in ...

On Tuesday, it came to light that the Democratic National Convention’s (DNC) network had been breached by not one, but two different hacker groups that are believed to work for the Russian government. The Washington Post reported that one group - designated Cozy Bear – was likely working for the ...

The breach of the Democratic National Committee (DNC) by hackers believed to be affiliated with the Russian government is raising concerns about foreign interference in the coming election. The Cipher Brief spoke to Michael Sulick, former Director of the National Clandestine Service at the CIA, about why the Russians would ...

Networked medical devices are becoming steadily more common, and they are making things easier for both patients and healthcare providers. However, there is an accompanying risk of attack from malicious hackers – especially since most of these devices are not designed with security aforethought. The Cipher Brief asked Kurt Roemer, ...

In January, the CEO of American Superconductor publicly detailed how traditional economic espionage methods carried out by a small Chinese firm resulted in over a billion dollars in loss to his company. Since at least 2011, much attention has been given to the rampant cyber espionage threat against U.S. firms, ...

Like a slow-motion tsunami, the Internet of Things (IoT) is continuing to wash over an ever-greater portion of our lives, and now, our bodies. The use of smart, networked medical devices has been on the rise for years. These include both external devices, like ventilators, and internal devices, like pacemakers. ...

The Internet of Things is continuing to grow and expand, with some aspects of smart technology even entering the human body through pacemakers and other smart medical implants. However, as medical devices become smarter, they are also becoming more vulnerable to hackers and other malicious actors. The Cipher Brief asked ...

The cybersecurity startup market has been hot. On fire is probably more accurate. The graph above shows how investment has been ramping up over the last seven years. Spending on cybersecurity in 2015 exceeded $75 billion according to Gartner. The market is over $100 billion (according to Market and Markets) ...

On May 10, 2016, Peter Romar, a hacker associated with the Syrian Electronic Army, appeared in a U.S. courtroom after his extradition from Germany to face charges of conspiracy and a host of computer crimes.  Romar was one of a trio of Syrian nationals on the FBI’s “Cyber’s Most Wanted” ...

Cars, like many other everyday objects, are now more connected to wireless networks than ever before – and this has caused a corresponding rise in the potential for them to be targeted by hackers. The Cipher Brief spoke to Yoni Heilbronn of Argus Cybersecurity, a firm that specializes in cybersecurity ...

Everyone knows that they need to protect their computers from hackers, but have you ever considered what would happen if someone hacked your car? Automakers are incorporating ever more networked computer systems into their products, and this is beginning to create a new set of vulnerabilities with potentially far reaching ...

It is hard to miss the frightening headlines about car hacking scenarios.  But in reality, there’s more to automotive cyber security. Hackers may be individuals seeking financial gain, or groups that have an issue with a particular brand, and even state actors who see vehicles as gateways to massive personally ...

Stranded during a historic Washington-area blizzard in February 2010, a U.S. soldier embarked on a mission that he had sworn to not fulfill: “...I joined in on an IRC (Internet Relay Chat) conversation and stated that I had information that needed to be shared with the world. I wrote that ...

When it comes to Silicon Valley buzzwords, “the cloud” is one of the most ubiquitous and one of the most misunderstood. The cloud is essentially a network of computers that share resources amongst themselves in order to work more efficiently. When a business uploads information to the cloud, it is ...

Access to cloud-based infrastructure has revolutionized how businesses store and work with their data, but the convenience of cloud-based systems is not without risk. The Cipher Brief spoke to Eric Chiu of HyTrust, a cloud cybersecurity company that recently released a report detailing trends in and attitudes towards cloud-based data ...

Way back in the 18th century, Ben Franklin said, “Distrust and caution are the parents of security.” That insight is entirely appropriate in the 21st century as companies deliberately and thoughtfully seek to take advantage of the tremendous economic benefits of cloud computing. Migration to the cloud is exploding, and ...

It seems like the cyber domain has recently been awash in controversy. From major hacks that compromise the information of millions of people, to bitter legal disputes between tech giants and law enforcement, to a steadily expanding number of threats, cybersecurity has never seemed so crucial. Former CIA Acting Director ...

Despite being the wellspring for cutting-edge technology brands such as Samsung, Sony, and HTC, Asia has proven to be less adept at managing a different sort of technological challenge: cybersecurity threats. A recent Deloitte Consulting white paper identified the “Cyber Five”—the five countries whose economies had the greatest vulnerability to ...

South Korea—boasting cutting-edge digital technology, efficient computer networks, and the world’s top high-speed Internet penetration rate—has earned global renown as a “strong Internet nation.” Behind these impressive feats, however, lies an unpleasant reality: its vulnerability to cyber threats, particularly to those allegedly originating from North Korea. Beginning with a series ...

Thanks to breach disclosure regulations in the U.S. and U.K., we regularly learn about the latest capers from the headlines. Without a doubt, these countries still face daunting cyber security challenges. One way to make those challenges look almost manageable is to compare them with the state of cyber awareness ...

On Friday, Dyn, a company that routes and manages internet traffic, suffered multiple Distributed Denial of Service (DDoS) attacks throughout the day.  Major sites such as Twitter, Netflix, airbnb and the New York Times were unavailable throughout the day due to these attacks.  The general counsel for Dyn, Dave Allen, ...

Some stunning things have happened in the past year.  Cars were remotely hacked and run off the road.  Thieves digitally stole cars in volume, at night, and loaded them onto container ships before owners woke in the morning—with the high-end cars stolen through security mistakes in keyless entry and keyless ...

The Internet-of-Things has for years promised to usher in a new wave of innovation. It has sometimes been called the Internet-of-Everything or Internet 3.0—grand language illustrating its potential. That potential would also seem to offer new opportunities for law enforcement and intelligence services. But the promise has thus far not ...

When hackers recently breached the computer systems of the Bangladesh Central Bank and tried to steal nearly $1 billion from its account at the Federal Reserve Bank of New York, cyber security professionals gave it a now all too familiar label  – that of an Advanced Persistent Threat (APT). Most ...

The Sony Pictures Entertainment hack served as a very public wake-up call to the dangers posed by malicious hackers. In the course of the attacks, information was both stolen and destroyed by the attackers – and new information is still coming to light about who those attackers were. The Cipher ...

Dark Hotel, Crouching Yeti, Machete, Sofacy, Sandworm – what do these words have in common? They are all names given to hacker groups that have been designated by cybersecurity firms as advanced persistent threats (APTs). These groups have been appearing more often, and their ability to breach networks and cause ...

When you think of cybersecurity, you probably think about firewalls and passwords – but the ever-changing cyber threat has forced the technology to move far beyond that. The expanding frontiers of cybersecurity are being driven by a need for new, scalable solutions to security problems. Unfortunately, the rate of cyber-attacks ...

After years of public attention around Bitcoin, its underlying technology—the blockchain—is taking over the discussion with its potential to address fundamental challenges across a number of industries. Proponents discuss blockchain’s potential to revolutionize currency, contracts, ownership verification, and supply chain provenance. But for all the talk about Bitcoin and other ...

Quantum cybersecurity covers the application of quantum technology to enhance cybersecurity. It includes quantum random number generation, which strengthens security through the delivery of stronger keys and other cryptographic objects, and quantum key distribution, which allows for the secure sharing of keys safe from the most sophisticated attacks, including from ...

Do you bring your own laptop to the office, or does your phone connect to your company’s Wi-Fi network? If so, then you need to be concerned about endpoint security. The rise of bring-your-own-device (BYOD) culture in many organizations has created a multitude of new entry points for cyber-attackers, but ...

Every day we read another report lamenting the limited workforce that possesses the technical skills so badly needed in cybersecurity.  This is a significant challenge for our educational system to address.  We need computer scientists, coders, and engineers, and we need to attract young people to those professions. But there ...

In February, Hollywood Presbyterian Hospital very publicly paid $17,000 to regain access to its files after being infected with a type of malware called ransomware. As the name suggests, ransomware encrypts all files on a computer until the victim pays a ransom to the attacker. This hack, though limited in ...

Healthcare providers represent an attractive target for hackers due to the wealth of information they store about their patients. The Cipher Brief Spoke to Greg Porter, founder of information security consulting firm Allegheny Digital, about the nature of the cyber-threat for the healthcare industry. He says that healthcare providers should ...

On February 5th, Hollywood Presbyterian Medical Center lost access to its computers after being infected with ransomware – a type of malware that hold files hostage until a ransom is paid. Eventually, the hospital paid $17,000 to regain control of its systems, and started a national dialogue about cybersecurity in ...

Deterrence theory formed the foundation of the narratives and the strategies that shaped the Cold War, and many now seek to apply classical deterrence to the cyber sphere. In essence, deterrence theory holds that maintaining a credible retaliatory capacity can prevent opponents from attacking, since they know that if they ...

The court order demanding Apple create an encryption-breaking tool was never about a single iPhone.  A disclosure in a federal court yesterday revealed that the Justice Department has made at least nine similar demands to Apple.  Officials in the department have sought to convince the world that this case is ...

There is a massive problem in cybersecurity, and it has been growing for years. This problem is not a malicious program, or a rogue nation-state, or angry hackers, but rather a persistent imbalance in the labor market. Simply put, there are not enough cybersecurity professionals in the United States to ...