Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

KSN Report: Ransomware in 2014-2016 The evolution of the threat and its future

Kaspersky Lab, June 22, 2016: “Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat over the last two years

Main findings:

  • The total number of users who encountered ransomware between April 2015 and March 2016 rose by 17.7% compared to the previous 12 months (April 2014 to March 2015) – from 1,967,784 to 2,315,931 users around the world;
  • The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware rose 0.7 percentage points, from 3.63% in 2014-2015 to 4.34% in 2015-2016;
  • Among those who encountered ransomware, the proportion who encountered cryptors rose dramatically – up 25 percentage points, from 6.6% in 2014-2015 to 31.6% in 2015-2016;
  • The number of users attacked with cryptors rose 5.5 times, from 131,111 in 2014-2015to 718,536 in 2015-2016;
  • The number of users attacked with Win-lockers decreased 13.03%, from 1,836,673 in 2014-2015 to 1,597,395 in 2015-2016…”

Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats

Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats – by John P. Carlin, Harvard Law School National Security Journal. Volume 7, Issue 2: “With increasing network intrusions affecting the U.S. government and American companies, and unsecured connectivity creating new vulnerabilities to cyber attacks, the United States is implementing a whole-of-government, all-tools approach to… Continue Reading

GAO – IRS Needs to Update Its Risk Assessment for the Taxpayer Protection Program

Identity Theft and Tax Fraud: IRS Needs to Update Its Risk Assessment for the Taxpayer Protection Program, GAO-16-508: Published: May 24, 2016. Publicly Released: Jun 23, 2016. “Taxpayer Protection Program (TPP). While the Internal Revenue Service (IRS) has made efforts to strengthen TPP—a program to authenticate the identities of suspicious tax return filers and prevent… Continue Reading

Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems

Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems, GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016. “In GAO’s survey of 24 federal agencies, the 18 agencies having high-impact systems identified cyber attacks from “nations” as the most serious and most frequently-occurring threat to the security of their systems. These agencies… Continue Reading

FBI – Business E-mail Compromise: The 3.1 Billion Dollar Scam

“This Public Service Announcement (PSA) is an update to the Business E-mail Compromise (BEC) information provided in Public Service Announcements (PSA) 1-012215-PSA and 1-082715a-PSA. This PSA includes new Internet Crime Complaint Center (IC3) complaint information and updated statistical data. DEFINITION – BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or… Continue Reading

IG – Audit Finds Inactive Accounts Within the Department of State’s Active Directory

OIG, U.S. Department of State, Management Assistance Report: Inactive Accounts Within the Department of State’s Active Directory, AUD-IT-16-37, Office of Audits. June 2016. “According to the National Institute of Standards and Technology, inactive accounts should be automatically disabled after a defined period of time. The Foreign Affairs Handbook states that Department officials must disable inactive… Continue Reading

NYT – A Russian Cybersleuth Battles the ‘Dark Ages’ of the Internet

Neil MacFarquar – Moscow – “A sense of menace stirs right off the elevator on the fifth floor of Kaspersky Lab’s Moscow headquarters, where a small television screen displays cyberthreats occurring in real time around the world — a blinking, spinning, color-coded globe brimming with suspicious emails, malware and evil botnets that could be infecting a… Continue Reading

LeakedSource database of over 32 million leaked Twitter credentials

“LeakedSource is a search-engine capable of searching over 1.8 billion leaked records — an aggregation of data from hundreds of disparate sources. We have been able to accumulate this data over a relatively short period of time through a combination of deep-web scavenging and rumor-chasing. Occasionally these efforts lead to major discoveries…If we come across… Continue Reading

A Few Easy Steps Everyone Should Take to Protect Their Digital Privacy

Via ACLU – “Much of the privacy protection we need in today’s world can’t happen without technological and legislative solutions, and the ACLU will continue leading the fight for digital security and privacy through our litigation and advocacy efforts. But there are simple steps that everyone can take to improve their digital privacy. While there… Continue Reading

Announcing the Net Data Directory

“The Berkman Center for Internet & Society is delighted to announce the launch of the Net Data Directory, a free, publicly available, searchable database of different sources of data about the Internet. The directory is intended to make finding useful quantitative data about a broad range of Internet-related topics—broadband, cybersecurity, freedom of expression, and more—easier… Continue Reading

Learn how to fight fraud – at your library!

Carol Kando-Pineda – Counsel, FTC’s Division of Consumer & Business Education: …we have developed resources to address…needs for: people with challenges reading English, older patrons, Spanish-speakers, identity theft victims, new arrivals, and families looking to start a conversation with kids about digital literacy and living life online. Coming soon are tips and tools to address… Continue Reading

OPM IG Report on Information Infrastructure Improvement Project

Second Interim Status Report on the U.S. Office of Personnel Management’s (OPM) Infrastructure Improvement Project – Major IT Business Case (Report No. 4A-CI-00-16-037).  May 18, 2016. “OPM has still not performed many of the critical capital project planning practices required by the Office of Management and Budget (OMB). Of primary concern, prior to initiating the… Continue Reading