Archive for April, 2013
A new analysis of a huge data breach last year in Utah estimates that more than 120,000 cases of fraud will occur as a result of information stolen.
Javelin Strategy Research’s analysis also estimates that each incident will result in more than $3,300 in losses, on average, and each consumer who is ultimately victimized as a result of the breach will spend about 20 hours and $770 on lawyers and time lost from work to resolve the case.
Ripple effects from the incident in the spring of 2012 will also prove costly to banks and businesses that may also suffer fraud as a result of the stolen information, said Al Pascual, a security, risk and fraud analyst at Javelin.
“We all need to be aware that breaches are occurring,” he said. “Breaches lead to fraud, and fraud affects all of us.”
Using the specifics of the Utah breach, Javelin applied what it has learned from its prior research about the impact of such breaches — namely, that having your personal information compromised makes you more likely to become a victim of fraud. Javelin estimates that roughly one in four recipients of a data-breach letter ultimately become fraud victims. (The estimate is based on information provided by consumers themselves, rather than law enforcement.)
“These breaches are driving fraud,” Mr. Pascual said. Criminals, he said, are generally not digging through trash or stealing mail to obtain personal data. “They’re stealing it digitally,” he said.
In the Utah case, about 280,000 Social Security numbers belonging to participants in the state Medicaid and Child Health Insurance Program were stolen from a database maintained by the Utah Department of Health. In addition, less sensitive pieces of information on another 500,000 participants were stolen.
Social Security numbers are particularly dangerous in the hands of criminals, because they can be used in combination with other information about you to create or access bank accounts and obtain credit.
The Social Security numbers were used by the department to verify eligibility for the insurance programs. But a contractor did not safeguard the server where the data was stored. The information was not encrypted and was protected only by a weak password that was easily hacked, the Javelin report said.
There may be little that individual consumers can do to prevent such a breach. But there are steps they can, and should, take to protect themselves, if they are notified that their Social Security number has been compromised in a data breach, Mr. Pascual said.
First, you should contact your bank and explain what has happened because many banks still use Social Security numbers to verify customer identity. You can ask for an alternative means of verification, like a specially assigned PIN, or a series of questions known as “dynamic” authentication. For instance, the bank may ask you about the size of recent transactions, or other details that only you would be likely to know, before allowing access to your account online or over the phone.
If the bank isn’t willing or able to provide an alternate method of verification, “It may be worth looking at institutions that offer better protection,” Mr. Pascual said.
Even if you haven’t had your information compromised, you should make use of your bank’s automatic account alerts. Such systems send you an e-mail or text message if unauthorized changes are made to your account, like the addition of a new authorized user or a new bill payment account, or a change of address. They can also notify you of significant transactions, like large withdrawals or transfers. “The consumer is going to know first whether a transaction is valid or not,” he said.
If you’re the victim of a breach and are offered free credit monitoring, you should take advantage of the service, he said. In the Utah case, victims were offered two years of credit monitoring and identity theft insurance.
Ultimately, banks should stop using Social Security numbers as identifiers, he said.
Have you had your personal information stolen? Did fraud occur as a result?
A British tech firm is so convinced its smartphone messaging app is unbreakably secure it’s offering a £10,000 ($15,000) bounty to anyone who can prove it wrong.
If you’re feeling up to the challenge, head on over to a micro-site called Modern Day Turing, named in honor of famous British computer scientist and breaker of Wehrmacht codes Alan Turning. (Though the company says the challenge itself is actually modeled on a famous lock puzzle, eventually broken by American locksmith A.C. Hobbs — though it took him 16 days in that case.)
There, you’ll find a way to enter a contest where the ultimate aim is to successfully intercept and then decode any message sent between two specific iPhones through the company’s program, the £3.99 Redact Secure Messenger. (So far the app is only available for iOS, though Android, Windows Phone 8 and a desktop versions are also promised.)
[ Would you be just as happy with a less secure messaging app? See 10 Mobile Chat Apps That Beat SMS. ]
Redact says it will pick 20 applicants for the challenge, which will take place at an as-yet unknown London location. Candidates are asked a range of questions on the form, including whether they have specific IT security experience or qualifications. (You have until June 1 to apply.)
The real aim of the stunt seems to be to prove the company’s chops as a credible enterprise-level security component. For example, you can get the app gratis in the U.K. if you are a member of Parliament or chief of a big listed British company.
The software is said to create a secure, “triple encrypted” peer-to-peer network connection between two specific iPhones. Only the initial connection is made through a server; that drops out as soon as the link is made. That allows the messages from one device to be sent directly to another, rather than through any third-party servers, which the company alleges is a key weakness of other smartphone messaging systems.
If you delete a message, it will be automatically wiped from the conversation thread of both phones, even if the other party doesn’t want you to, and even if it has appeared on their screen. Users access the system by a special entry code, which is not kept or stored anywhere by Redact and thus cannot be hacked off its systems. You also never get a username, which Redacts claims makes it tamper-proof.
Redact is also trying to get accreditation for the system from the Communications Electronic Security Group, the British state agency that looks after the security of all the government’s communications and information systems as well as important parts of the country’s telecommunication infrastructure. If it does get such a stamp of approval, it could then be sanctioned for use by British civil servants and other members of the public sector. So far, only the BlackBerry 7 OS has passed that test.
“We’re pretty confident it can’t be done, but obviously, we anticipate tons of people trying,” the firm told The Guardian newspaper Tuesday.
“We figure the longer it stays uncracked, the more secure we are.”
People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn’t mean stopping all attackers. (Free registration required.)
(click image for larger view and for slideshow) Multiple models of Internet-connected D-Link cameras have vulnerabilities that could be remotely exploited by attackers to bypass authentication and gain direct access to live video feeds.
That warning was sounded Monday by Core Security, which released a security bulletin detailing five vulnerabilities in the firmware used by a variety of D-Link Internet protocol (IP) cameras.
D-Link released updated firmware Thursday to address the vulnerabilities. At least 16 different D-Link IP cameras, including one Tesco-branded model, are susceptible to one or more of the vulnerabilities.
[ Afraid your Twitter account will be hacked? Read Twitter Trouble: 9 Social Media Security Tips. ]
According to Core Security, the identified vulnerabilities include an operating system command injection flaw that “allows an unauthenticated remote attacker to execute arbitrary commands through the camera’s web interface,” as well as two authentication bypasses, one of which would allow an attacker to access a device’s video stream via HTTP, and another that attackers could use to access the Real Time Streaming Protocol (RTSP) video stream. Another bug would allow attackers to access a live, black-and-white ASCII video stream — designed for low-bandwidth connections — built using the luminance (light levels) seen by the device. As an example, Core Security included an ASCII video still of a coffee pot in its Full Disclosure mailing list.
Finally, all 16 vulnerable D-Link models contain a hardcoded password — “?*” — that provides a back door to the devices, which would enable attackers to access their live RTSP video stream.
Paul Ducklin, head of technology for Sophos in the Asia Pacific region, responded to the detailed security flaws with four words: “What were they thinking?”
“Hardwired passwords were a design blunder back in the 1970s; in the 2010s, they are simply unacceptable, so never succumb to the temptation to include them in your code,” he said in a blog post. “And never create backdoors by setting up emergency logins with well-known username/password pairs ‘just in case,’ because that amounts to the same thing, though at least it is a blunder that can be fixed without a code update.”
Also Monday, Core Security released a security bulletin identifying multiple vulnerabilities in at least two different models of Vivotek IP cameras. “Several Vivotek cameras store wireless keys and third-party credentials in clear text allowing a remote attacker to obtain sensitive information which might be valuable to perform further attacks,” said Core Security. This sensitive information includes FTP and shared folder access credentials, as well as wireless access point keys, among other credentials. Other vulnerabilities identified could be used to trigger a remote buffer overflow and execute arbitrary code on a device or access a device’s live video stream via RTSP without having to first authenticate.
Core Security said that after six failed attempts to alert Vivotek to the vulnerabilities — the first time on March 6, and the last on April 24 — it had received “no official answer from Vivotek.” Accordingly, Core Security released its security bulletin, which includes full vulnerability details, to warn end users about the flaws in Vivotek’s firmware.
Vivotek didn’t immediately respond to a request for comment emailed to its headquarters in Taiwan, asking if the company was aware of the vulnerability report, if it could confirm the flaws, and if it was working to create updated firmware and notify affected customers.
The news of the D-Link and Vivotek vulnerabilities follows warnings released earlier this month that firmware flaws in some Foscam IP cameras would allow an attacker to remotely access the devices without having to authenticate, as well as to steal the authentication credentials stored on the devices.
Although Foscam has released updated firmware to address the vulnerabilities, security firm Qualys, which uncovered the flaws, reported earlier this month that 99% of vulnerable devices were still using an old version of the firmware. In part, that’s because many Internet-connected devices — and especially cameras used for surveillance purposes — tend to be plugged in and left to run. “Security patches for hardware devices like routers, printers and cameras are often overlooked,” said Ducklin, despite the fact that many of these devices tend to have built-in Web servers.
What’s the risk? “Always-on devices like routers and cameras are typically part of your security infrastructure, so a compromise on one of them could facilitate the compromise of your whole network,” he said, referring to the possibility that an attacker could load malicious code onto a vulnerable device, then use the device to distribute malware to other network-connected or Internet-connected devices. From a monitoring standpoint, meanwhile, businesses face a physical security threat if attackers are able to access surveillance cameras that monitor sensitive facilities, or if unscrupulous competitors access documents stored by Internet-connected multi-function printers.
In the wake of a zero-day vulnerability being exploited by multiple active attacks, IT teams wait for Oracle to respond. Again. Here’s how to keep your systems safe. Get our Insecurity With Java report today. (Free registration required.)
Since purchasing Worklight in January 2012, IBM has quickly made the app-building platform the centerpiece of its enterprise mobility catalog, now one of the most comprehensive on the market. Big Blue continued that trend Monday, partnering with mobile security vendor Arxan Technologies to make apps created with Worklight more impervious to malware and other attacks.
As a standalone news item, the deal adds another ostensibly attractive piece to IBM’s offerings. Perhaps just as significantly, it also adds a new fork to the increasingly complicated path businesses must weave as they attempt to integrate smartphones, tablets and the bring-your-own-device (BYOD) phenomenon into the workplace.
For Worklight developers, the new product — tongue-twistingly called Arxan Mobile Application Integrity Protection for IBM Worklight Apps — adds beefed-up mobile app security without disrupting existing workflows. Though iOS’s centralized app store gives it a security advantage over Android’s looser rules and malware-prone unofficial marketplaces, Arxan VP of business development Jukka Alanen said in an interview that virtually any mobile app can be cracked in just a few minutes. Virus-injected versions of popular apps are freely available, and blithely installed by users, he said, from sources throughout cyberspace.
The IBM-Arxan union seeks to protect Worklight apps from these threats via a variety of defenses. Apps can detect illicit behavior, for example, and both shut themselves down if they observe a problem and also issue alerts.
[ Unpatched devices are often security risks. Read why Android Smartphone Sellers Should Patch, Refund Or Perish. ]
In addition to thwarting attacks while they happen, the product is also designed to make apps tougher to crack in the first place. Alanen said that even unskilled hackers can make progress against unfortified apps thanks to rootkits and other black market malware tools. But with the randomization applied by the Arxan-infused Worklight, he said, the task of decompiling and cracking apps turns into an intense and time-consuming technical challenge that few malware authors can manage.
This protection is applied via “guards” in the binary code that obfuscate the app’s programming, apply extra encryption and otherwise make it more difficult for hackers to see how the app can be exploited. Hundreds of these guards can be implemented into a single app, if the developer chooses, with each one occupying a small, seemingly innocuous footprint that is difficult to detect within the overall body of code. The fact that each guard can independently apply obfuscation only extends this effect; each one can disguise itself in thousands of ways, meaning multi-guard networks can offer millions of permutations of defense.
To businesses such as financial institutions, whose apps transmit particularly sensitive data, products such as Worklight have an obvious place. But is this sort of proactive security a necessity for all enterprises? That’s the urgent, and potentially expensive, question many businesses face as they attempt to turn smartphones and tablets from employee-friendly endpoints into productivity-enabling business devices.
The decisions are numerous. For a company whose mobile needs involve mostly document-sharing or light collaboration, Worklight represents a particularly costly and complicated solution. Depending on the sensitivity of the data, Dropbox, Teambox, Office 365 and other cloud-based approaches might be a better investment. When mobility plans start to include more complicated apps that need to hook into varied corporate backends, however, the challenges multiply. Are off-the-shelf apps adequate? If they need to be independently developed, is it better to work in-house or to hire a contractor? Should the apps be native, or is it practical to avoid OS fragmentation by relying on HTML5?
Dame Fiona said unlawful data processing and sharing should be treated as being a ‘data breach’ (139-page / 795KB PDF) and be reported openly by both NHS and non-NHS bodies in the health and social care sectors. The recommendation was contained in a Government-commissioned report authored by Dame Fiona into information governance practices in the sectors.
“The processing of data without a legal basis, where one is required, must be reported to the board, or equivalent body of the health or social care organisation involved and dealt with as a data breach,” Dame Fiona said in her Caldicott review report. “There should be a standard severity scale for breaches agreed across the whole of the health and social care system. The board or equivalent body of each organisation in the health and social care system must publish all such data breaches. This should be in the quality report of NHS organisations, or as part of the annual report or performance report for non-NHS organisations.”
A ‘data breach’ should be defined as “any failure to meet the requirements of the Data Protection Act”, she said. “This includes unlawful disclosure or misuse of confidential data, recording or sharing of inaccurate data and inappropriate invasion of people’s privacy.”
Dame Fiona said that there is a “culture of anxiety” that exists within the health and social care sectors and that therefore personal information is not shared as readily between professionals as it could be. She said “safe and appropriate sharing in the interests of the individual’s direct care should be the rule, not the exception”.
Organisations in the health and social care sectors should explain to patients how personal data collected about them could be used, in an anonymised form, for “research, audit, public health and other purposes” and recognise their right to withhold their consent. Individuals should be able to change their decision on consenting to the sharing of their personal data and organisations should keep a record of “any explicit decision of consent, including withdrawal of consent previously given”. Patients should also be informed of the consequences of not providing consent, Dame Fiona said.
If personal data is fully anonymised then the information can be “freely processed and publicly disclosed”, however, if the information has only been “de-identified by the use of pseudonyms or coded references” then it is still to be treated as being personal data, she added.
The linking of de-identified personal data with other potentially identifying information should only be undertaken “in specialist, well-governed, independently scrutinised environments known as ‘accredited safe havens’”, Dame Fiona said
The newly established Health and Social Care Information Centre is such a ‘safe haven’. The Centre should set out in its code for processing confidential information what “attributes” an accredited safe haven should have, Dame Fiona said.
“Data sets containing personal confidential data, or data that can potentially identify individuals (de-identified data for limited disclosure or limited access), are only disclosed for linkage in secure environments, known as ‘accredited safe havens’,” she said. “The purposes for such linkage should be expanded to cover audit, surveillance and service improvement. Within the accredited safe haven, de-identified data for limited disclosure or access must not be linked to personal confidential data unless there is a clear legal basis to do so, and contracts must forbid this. This would re-identify the de-identified data for limited access, and be a data breach.”
The ‘safe havens’ should be governed by national minimum standards on “data stewardship”, the report said. Dame Fiona suggested that the standards could outline responsibilities within the bodies for anonymising data as well as mandating the use of “privacy enhancing technologies”. The standards could also ensure “robust governance arrangements” are in place and set “clear conditions for hosting researchers and other investigators who wish to use the safe haven”, she added.
Dame Fiona also recommended that patients are given better access to information about how their data is used and shared, and that details of who has accessed their confidential information should also be made available to them “in a suitable form”.
“The Caldicott review has been about striking the right balance between sharing people’s health and care information to improve services and develop new treatments while respecting the privacy and wishes of the patient,” Health Secretary Jeremy Hunt said in a statement. “If patients are to see the benefits of these changes we must respect the wishes of the small number of people who would prefer not to share this information. I firmly believe that technology can transform the quality of healthcare in this country, but we must always respect the fact that this is very personal information about an individual.”
Hunt has previously outlined his vision for a ‘paperless’ NHS by 2018. He said that NHS patients should each have a digital medical record that public health providers can access “when necessary” and where individuals’ “permission” has been granted.
Accountancy firm PricewaterhouseCoopers (PwC) reported earlier this year that up to £4.4 billion of savings could be made in the NHS if information and technology were better utilised.
As I commented over at AllThingsD:
“I received an email from these guys saying I should reset my password. I have never had an account with them, but in case my memory failed me (old age), I entered my email and got a message that i didn’t have an account with them yet, and a page to fill out to open one. I declined.”
If they are associated with Amazon, perhaps that is where they got my email. Seems spammy in any event.
Article source: http://tidbits.com/article/13725
Australian businesses are at danger of online privacy and security breaches, as new research reveals many organisations have not received appropriate training.
Research by online security company McAfee of 500 Australian organisations found 38% of respondents had never received training in the management and storage of sensitive data.
The shocking finding comes just one day after the local head of group buying company LivingSocial said the government should impose stricter regulations for handling customer data in the event of a breach.
The study found one in five Australian businesses have been affected by a data breach and 14% of the respondents were unsure whether they had been targeted or not.
Even more alarmingly, when a business had suffered a security breach, the study found 18% told no one outside the business and 67% of the time neither a member of senior management nor a privacy officer was informed.
Government organisations were less likely to know whether or not they had suffered a breach than a private business, with 31% of government respondents stating they had been unable to determine if they had suffered a breach.
McAfee global chief privacy officer Michelle Dennedy told SmartCompany all Australians need to be better educated about their online security.
“It’s amazing how many people aren’t aware of the importance of online security, it’s a huge issue,” she says.
Dennedy says it’s becoming an increasingly important issue for Australian SMBs because more and more are utilising cloud-based technology. The study indicated 21% of all organisations surveyed used cloud-based services such as Dropbox and YouSendIt.
“The level of security depends on the service. They’re not terrible negative things, but you have to be careful about which provider you’re using and read the terms. Some are quite safe and quite ready, but a lot will say to you there is no guarantee of the security of your data,” she says.
In the past 10 years, Dennedy says technology has progressed and services can now deploy more security, but SMBs can take precautions to ensure they’re protected.
“If I was an SMB I would make sure I understood the perimeters and look to things like encryption technology, then you’ve protected your asset.”
Dennedy says to imagine your data as dollars when thinking about security.
“Spread out your data between providers if you’re worried about the security of one,” she says.
This story first appeared on SmartCompany.
The UK’s Information Commissioner’s Office (ICO) reports that the Burnett Practice is working to improve its management of patient information following a breach of the Data Protection Act (h/t Computer Weekly).
According to the ICO, a Web-based e-mail account used by the practice to inform patients of upcoming appointments was hacked — and the practice only became aware of the breach in October of 2012 when patients complained of e-mails claiming to come from a doctor at the practice that asked for their bank account details.
The ICO says no sensitive information was accessed, but approximately 175 patients’ e-mail addresses were exposed.
“We should not have to tell GP practices that using free e-mail accounts to send details of patients’ medical appointments is unacceptable,” Ken Macdonald, ICO Assistant Commissioner for Northern Ireland, said in a statement. “The health service is given access to secure e-mail accounts for a reason, and Burnett Practice’s decision to use a free Web-based e-mail account placed the information at unnecessary risk.”
“As well as improving the security arrangements around its email accounts, the practice will now update its procedures to make sure patients’ information is properly looked after and improve the training it provides to its staff,” Macdonald said. “The practice can consider itself lucky that the information was not particularly sensitive; otherwise it could have been facing a substantial financial penalty.”
CREDIT: Shutterstock: alphaspirit
Has an online company with which you have an account been hacked? Have you received an email informing you that your personal information has been lost in a data breach?
If so, you’re not alone. In the past year, LinkedIn, eHarmony, Twitter and, most recently, LivingSocial have suffered data breaches that together exposed more than 60 million accounts. Other companies will be sure to follow.
If you’re among the millions of consumers who may have been exposed by a data breach, here’s what to do.
— Pin down exactly what kind of information was lost in the data breach, and how it was protected.
Names and physical addresses are the least sensitive pieces of information; email addresses and account passwords are more sensitive; Social Security numbers and credit-card numbers are the most sensitive (and the most valuable to identity thieves).
The company suffering the breach may tell you that even though email passwords or credit-card numbers were lost, they were encrypted and hence safe.
Don’t take that assurance at face value. Hackers and cybercriminals have a number of different ways to “crack” many forms of encryption. If your password was less than eight characters long or used words that can be found in the dictionary, it’s as good as cracked.
— Change the password on your account with the affected company right away, if the company hasn’t already done so for you. If you use the same password for accounts with other companies, change those as well.
While you’re changing the password for other accounts, make up and use a new, strong password for each and every one. Don’t reuse a password for another account. That way, you’ll be limiting the damage next time there’s a data breach, and you won’t have to go through this process again.
— Contact your bank and your credit-card issuers, explain that your accounts are at risk of fraud and ask them to alert you immediately if they detect suspicious activity on your accounts.
Professional credit-card thieves will try to “bust out” stolen card numbers with many purchases in a matter of hours, often on weekends when banks are not fully staffed.
— Ask your country’s major consumer credit-reporting bureaus to place a fraud alert on your name. This way, if anyone tries to steal your financial identity — for example, by trying to open a credit-card account in your name — you’ll know.
Residents of the United States, Canada and Mexico should contact the credit bureaus Equifax and TransUnion; U.S. or Mexican residents should also contact Experian, which no longer operates in Canada.
British residents should contact Callcredit, Equifax or Experian; residents of Australia and New Zealand should contact Veda or Experian; residents of Ireland should contact the Irish Credit Bureau or Experian.
— Look into credit-protection services that will flag suspicious activity on your accounts. BillGuard, for example, will monitor up to three credit cards for free; more expensive “identity protection” services will monitor your accounts with the credit bureaus.
— Losing your personally identifiable information in a data breach doesn’t guarantee you’ll become a victim of identity theft. But if that does indeed happen, make sure to tell the credit-reporting bureaus right away.
If you detect credit- or debit-card fraud, contact the card issuer immediately. Doing so may limit your liability.
If you’re a U.S. resident, you should also contact the Federal Trade Commission to create an identity-theft affidavit, and then file a report with your local police force. Doing both will greatly aid you in clearing your name (which, in the worst cases, can take years). Make sure you document each phone call made, and each email message and letter sent, during your efforts.
North Korea appears to increase its cyber activity in step with its controversial nuclear program, while the U.S. boosts its own programs and Chinese espionage attacks continue.
Nation-state attacks through the Internet continue to escalate, with a massive surge in cyber-reconnaissance activity appearing to come from North Korea at the same time as the country ratcheted up its nuclear rhetoric, according to security experts.
In February, attackers operating from North Korean Internet addresses probed U.S. servers more than 1,000 times, up from the previous average of fewer than 200 probes per month, according to managed security firm Solutionary. In addition, a massive reconnaissance operation—-consisting of another 11,000 probes from servers in North Korea—was directed at a single financial institution, wrote Jon Heimerl, Solutionary’s director of strategic security, in the brief analysis.
The attacks seem to coincide with North Korea’s apparent nuclear test on Feb. 12, he said.
“There do appear to be several parallels between escalated verbal rhetoric and escalated cyber-attacks,” Heimerl wrote. “It is evident that, whether government influenced or not, that the dual path of aggression is a new way of facing the world, at least from North Korea.”
The Internet has increasingly become the medium for deniable nation-state activity. From China’s cyber-espionage to the United States’ and Israel’s alleged attack on Iran’s nuclear program using the Stuxnet worm, cyber conflict has become a staple of nations’ covert military intelligence and reconnaissance operations.
In February, for example, incident-response firm Mandiant released a report detailing the connections between an intelligence unit of China’s People’s Liberation Army and widespread attacks on U.S. companies and interests. In a blog posted on April 24, security firm Cyber Squared said that analysts using the firm’s Threat Connect forum had found that those attacks had continued unabated and defied prediction, by hardly changing their tactics.
“Many within the global security industry, both public and private sectors, speculated that the group’s tactics, tools and procedures (TTPs) would change drastically in response to the disclosure,” the firm stated in the post. “As of late April 2013, Chinese cyber espionage threat groups have clearly continued their activity … (and) in fact, there has been little change.”
The United States is currently considering a variety of options in response to Chinese unabashed hacking, including trade sanctions and other diplomatic pressure, the prosecution of Chinese nationals in U.S. courts and striking back at the Chinese through cyber-space, according to officials cited in an Apr. 22 article in the Wall Street Journal.
The U.S. government has also signaled that cyber-operations have become a priority in the latest budget. The Obama administration plans to boost spending on cyber-security operations by $800 million to $4.7 billion, while cutting other Pentagon programs by nearly $4 billion.
The attacks emanating from North Korean IP space favor financial services, but show only slight preferences among other industries. Many other attacks focused on education, manufacturing and business services, according to Solutionary’s data. The company expects that North Korea—and other nations with smaller military forces—to focus on Internet operations to achieve their national aims.
“Given the more hard-line government in North Korea, we expect escalations like this to continue, and to become even more evident in other conflicts around the globe,” Solutionary’s Heimerl wrote.