While plenty of cyberattacks are still conducted by the stereotypical “hacker in a basement,” state-sponsored hacking is also on the rise — prompting Yahoo to become the latest tech company to offer warnings of such attacks. In a blog post earlier this week, chief information security officer Bob Lord said Yahoo will offer specific security suggestions to users who appear to be the targets of state-sponsored attacks.
Facebook made a similar pledge in October. And earlier this month, Twitter also sent its first e-mail warning to some users it suspected had been singled out by state-sponsored hackers. Google has been offering such warnings since 2012.
Foreign nation-states accounted for 8 percent of cyberthreats to organizations in 2014, with another 23 percent caused by unknown perpetrators, according to PwC’s 2015 U.S. State of Cybercrime Survey. Individuals can also be targeted by state-sponsored hackers for a variety of reasons, including “eavesdropping, stealing information, and/or unmasking anonymous users,” a research team told the Usenix Security Symposium last year.
Refining Detection of State Threats
Yahoo is continually working to “refine our detection and notification of state-sponsored threats,” Lord said in his blog post. However, he also noted it would not publicly share the reasons for suspecting such threats “to prevent the actors from learning our detection methods.”
Yahoo users who receive notifications of possible state-sponsored attacks should take a number of steps to protect their accounts, Lord said. They include enabling two-step verification or Yahoo’s Account Key password-free login system; checking recent account activity and settings for suspicious signs; and using strong passwords that are not shared with other people or other accounts.
“It’s important to note that if you receive one of these notifications, it does not necessarily mean that your account has been compromised,” Lord added. “Rather, we strongly suspect that you may have been a target of an attack, and want to encourage you to take steps to secure your online presence.”
Lord also noted that receiving such notices does not mean that Yahoo’s own systems have been compromised in any way.
Rise of ‘State-Enabled Actors’
In addition to other types of hacking, there have been a large number of attacks led by nation-states or state-supported groups in 2015, according to a report released earlier this month by the cybersecurity company FireEye.
“This year had its fair share of incidents potentially carried out by the stereotypical ‘hacker in the basement,’ ” noted the report, “Looking Forward: The 2016 Security Landscape.” However, there were also campaigns from state-enabled actors in 2015, “including the groups responsible for gaining unauthorized access to healthcare organizations and stealing the personal information of millions of customers and employees,” according to the report.
China, for example, is believed to have supported recent hack attacks against healthcare and insurance companies including Anthem and Premera. Other nation-states believed to be active in cyberattacks include the U.S., Russia, North Korea and Iran.
Posted: 2015-12-25 @ 4:37am PT
But how? Are they going to send a post letter at home address? Because not so many people really log in to yahoo accounts anyway!
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.