Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Citigroup Data Breach Worse Than Initially Reported; CIA Website Also Hacked

It turns out that the Citigroup data breach that we reported about last Friday may actually have been almost twice as large as originally reported. Last week, Citigroup had said the breach involved 200,000 cardholders, or 1% of its 21 million North American cardholders. Now they are reporting that the breach may have exposed the private financial data of more than 360,000 customers.

While the bank has been criticized for waiting a month before notifying customers about the breach (the incident was discovered on May 10 but not revealed until June 9), it is to their credit that Citigroup has been up-front about what they have done to mitigate the threat.

Upon discovery, internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk. Simultaneously, rigorous analysis began to determine the precise accounts and type of information accessed. The majority of accounts impacted were identified within seven days of discovery. By May 24, we confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently. To determine the cardholder impact required analysis of millions of pieces of data.

The customers’ account information (such as name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers’ social security number, date of birth, card expiration date and card security code (CVV).

While the investigation was underway, preparations began to notify customers and, as appropriate, replace affected customers’ credit cards.

buy stendra online blockdrugstores.com/wp-content/uploads/2023/10/jpg/stendra.html no prescription pharmacy

As of May 24, we began the process of developing notification packages including customer letters and manufacturing replacement cards, as well as preparing our customer service teams. Notification letters were sent beginning June 3, the majority of which included reissued credit cards.

buy spiriva inhaler online blockdrugstores.com/wp-content/uploads/2023/10/jpg/spiriva-inhaler.html no prescription pharmacy

Citigroup also indicated that they have implemented “enhanced procedures” to prevent another incident and said the customers would not be liable for any fraudulent charges on their accounts and could contact the bank to set up free identity theft protection.

Unfortunately this is not the only high-profile cybersecurity incident to make headlines in the last couple of days. A group of hackers calling themselves LulzSec hacked the CIA’s website and took it offline Wednesday night. The group claims to have been responsible for recent attacks on the U.S. Senate, Sony and PBS. According to experts, their motivation has been simply for “grins and giggles.” Evidently it’s the hacker equivalent of the old mountain climbing justification, “Because it’s there.”

The larger question, however, is what do these incidents say about the preparedness of the United States to fight cybercrime. According to a interesting Reuters report, the gap between criminals and those tasked with stopping them is widening.

“We’re much better off (technologically) than we were a few years ago, but we have not kept pace with opponents,” said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank. “The network is so deeply flawed that it can’t be secured.

buy amoxicillin online blockdrugstores.com/wp-content/uploads/2023/10/jpg/amoxicillin.html no prescription pharmacy

While the government is working to improve security, it seems unlikely that anyone will ever be able to get ahead of the threat. For many organizations, the only strategy may be to minimize the damage and chalk up cybersecurity as another cost of doing business. Hopefully that cost doesn’t get too high.

RIMS Session Highlights Cyber Security Concerns

Cyber security has become an increasingly important topic not only for individuals but for companies as well. I guess that’s why the cyber security session at RIMS 2011 was one of the most popular of the day, with seats filled and attendees lining the walls.

“Cyber Security: Covering Your Assets” featured a panel of industry experts, including Mark Greisiger, president of NetDilligence; Robert Parisi, senior vice president of Marsh; Richard Billson of Zurich North America Commercial and Victoria Telford, director of global insurance and risk management for Hanesbrands.

Billson called for more stringent cyber security actions, noting that “$3 trillion daily moves over network connections.”

Greisiger, referenced a shocking 2010 forensics study from Verizon Security Consultants, which claims:

  • 70% resulting external bad actors (hackers, malware)
  • 48% caused by insiders and a large part of this (90%) deliberate
  • 61% of datat breach discovered by 3rd parties NOT by the company itself
  • 96%of incidents were avoidable with simple controls

As for top perils, Greisiger noted the following:

  • Hacking (SQL injection)
  • Laptop loss
  • Backup tape loss
  • Staff mistakes (“probably 50% of the losses we see” according to Greisiger)
  • DDoS attacks (denial of service)
  • Business partner mishaps and breach

Why the problem of data breaches? Greisiger states:

  1. Most businesses collection more information than necessary and that data is often stored for too long (California laws are trying to do away with retailers asking for zip code – they do reverse indentification and bombard customers with marketing)
  2. Websites are very porous and need constant care
  3. IDS (detection) is very weak (intrusion detection software)

Greisiger concluded with a strong message, stating that with data loss and cyber security threats, “it’s not if but when it happens. It may have already happened to your company.”

Scary thought indeed.

Cyberattacks, Terrorism Are Top Threats for UK

According to the United Kingdom’s recently unveiled national security strategy, cyberattacks and terrorism present the gravest threats to the country. Overall, the report identifies 15 “priority risks” — four of which are considered “tier 1” threats.

Tier One:
• International terrorism affecting the UK or its interests, including a chemical, biological, radiological or nuclear attack by terrorists; and/or a significant increase in the levels of terrorism relating to Northern Ireland.
• Hostile attacks upon UK cyber space by other states and large scale cyber crime.
• A major accident or natural hazard which requires a national response, such as severe coastal
flooding affecting three or more regions of the UK, or an influenza pandemic.
• An international military crisis between states, drawing in the UK, and its allies as well as other states and non-state actors.

Here are the top risks:

• International terrorism affecting the UK or its interests, including a chemical, biological, radiological or nuclear attack by terrorists; and/or a significant increase in the levels of terrorism relating to Northern Ireland.

• Hostile attacks upon UK cyber space by other states and large scale cyber crime.

• A major accident or natural hazard which requires a national response, such as severe coastal

flooding affecting three or more regions of the UK, or an influenza pandemic.

• An international military crisis between states, drawing in the UK, and its allies as well as other states and non-state actors.

Obviously, these are all very difficult perils to protect citizens, infrastructure and the economy against. And unfortunately, these emerging threats are growing at a time when Britain is least prepared to confront them given the national priority now assigned to “austerity measures” designed the cut spending.

The defense budget, for instance, is set to be trimmed by 8% over the next four years, leaving one Member of Parliament wondering how the country can revamp its strategy to keep citizens safe.

Conservative MP Bernard Jenkin, who is chairman of the Commons Public Administration Committee, said it was difficult to see how an effective National Security Strategy could be developed against the backdrop of cuts.

“We seem to be operating under the imperative of deficit reduction,” he said. “But, there’s very little in what’s being done now that reflects deep and sustained analysis about what sort of country we want to be in 10 or 20 years time.”

The Obama administration has also been highly critical of Prime Minister David Cameron’s defense spending cuts. Even the national security strategy itself admits that the country has a “security structure that is woefully unsuitable” for the modern threats it faces — a failing that is squarely blamed on the previous ruling officials.

The last Government took little account of this fact. Twelve years elapsed while the world changed almost beyond recognition. Abroad, our forces were sent into action without the equipment they needed, and on the basis of lamentable planning, and in more simultaneous conflicts than the Defence Review in 1998 had planned for.

At home, the machinery of Government failed to adapt to the new circumstances – lacking both the urgency and the integration needed to cope with the new situation.As a Government, we have inherited a defence and security structure that is woefully unsuitable for the world we live in today. We are determined to learn from those mistakes, and make the changes needed.

In an age of uncertainty, we need to be able to act quickly and effectively to address new and evolving threats to our security. That means having access to the best possible advice, and crucially, the right people around the table when decisions are made. It means considering national security issues in the round, recognising that when it comes to national security, foreign and domestic policy are not separate issues, but two halves of one picture.

To address this concern — at least somewhat — the government announced that it will provide an extra £500 million for cybersecurity that will be “focused on protecting key infrastructure and defence assets.”

We will see if that is enough to do the job — which also includes the below security challenges that the government has identified as “tier two” and “tier three” risks.

Tier Two Risks:

• An attack on the UK or its Oversees Territories by another state or proxy using chemical, biological, radiological or nuclear (CBRN) weapons.

• Risk of major instability, insurgency or civil war overseas which creates an environment that terrorists can exploit to threaten the UK.

• A significant increase in the level of organised crime affecting the UK.

• Severe disruption to information received, transmitted or collected by satellites, possibly as the result of a deliberate attack by another state.

Tier Three Risks:

• A large scale conventional military attack on the UK by another state (not involving the use of CBRN weapons) resulting in fatalities and damage to infrastructure within the UK.

• A significant increase in the level of terrorists, organised criminals, illegal immigrants and illicit goods trying to cross the UK border to enter the UK.

• Disruption to oil or gas supplies to the UK, or price instability, as a result of war, accident, major political upheaval or deliberate manipulation of supply by producers.

• A major release of radioactive material from a civil nuclear site within the UK which affects one or more regions.

• A conventional attack by a state on another NATO or EU member to which the UK would have to respond.

• An attack on a UK overseas territory as the result of a sovereignty dispute or a wider regional conflict.

• Short to medium term disruption to international supplies of resources (e.g. food, minerals) essential to the UK.

$150 Million for National Cybersecurity R&D

The House Homeland Security Committee passed a bill to appropriate more than $150 million for cybersecurity research and development. The bill, H.R. 4842, states that $75 million will be given out over the next two years to fund R&D projects “aimed at improving the nation’s ability to prevent, protect, detect, respond to and recover from cyber attacks, focusing on large-scale, high-impact attacks.”

The bill requires the Department of Homeland Security’s Science and Technology Directorate to develop a plan regarding management processes and research activities for its key stakeholders: the Transportation Security Agency, Customs and Border Protection, Coast Guard and other DHS agencies as well as the nation’s first responders.

Among the cybersecurity R&D work, the bill would fund:

  • More secure versions of fundamental internet protocols and architectures, including domain name systems and routing protocols
  • Technologies to detect attacks or intrusions
  • Mitigation and recovery methodologies, including techniques to contain attacks and develop resilient networks and systems that degrade gracefully
  • Infrastructure and tools to support cybersecurity R&D efforts, including modeling, testbeds and data sets for assessment of new cybersecurity technologies
  • Technologies to reduce vulnerabilities in process control systems
  • Test, evaluate and facilitate the transfer of technologies associated with the engineering of less vulnerable software and securing the software development lifecycle

The bill also sets aside $500,000 to study things such as required reporting, regulation, certification, accounting practices and cybersecurity risk insurance.

“A third research project in the bill would have DHS working with national security and intelligence agencies to determine if the government-owned communications and information systems essential to the nation’s electronic grid have been compromised.”

The research would also explore the extent of any cybersecurity breach, the identity of the hacker(s), the ways in which said hacker infiltrated the inflicted system and the ramifications of such a breach.

In related news, Lt. Gen. Keith Alexander was nominated to head the Defense Department’s Cyber Command that was established last June to assume responsibility for the defense of the military’s portion of cyberspace. Alexander also heads the National Security Agency, which collects and analyzes foreign communications and foreign signals intelligence. Yesterday, Alexander was questioned by Senate Armed Services Committee about the possibility of cyber war. He expressed his doubts about a cyber war ever occurring, claiming that it would more likely be part of a larger military campaign.

“If confirmed, my main focus will be on building the capacity, the capability and the critical partnerships required to secure our military’s operational networks,” he says. “This command is not about efforts to militarize cyberspace. Rather it’s about safeguarding the integrity of our military’s critical information systems. Working with U.S. Strategic Command, department leadership and with help from this committee, my goal, if confirmed, would be to significantly improve the way we defend ourselves in this domain.”

The committee did not say when it would vote on Alexander’s nomination, but the article claims members supported him.

cybersecurity