Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
October is National Cybersecurity Awareness Month (NCSAM), an effort to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. Yet, every month should be cybersecurity awareness month, every day, even. Not a day goes by when we aren’t faced with cyber risks in our daily lives – whether voting in the upcoming elections, playing Words with Friends, sending emails at work…and the future of technology holds greater vulnerabilities.
With elections around the corner, experts suggest that voting machines pose a greater threat to our elections than foreign agents. Recent findings indicate significant security flaws in our country’s voting equipment that increase the vulnerabilities of our elections. An article in The Hill asks the question “How did the security bar get set so low?” Senator Ron Wyden (D-Oregon) says “right now there are no mandatory federal cybersecurity standards for elections. It is perfectly legal for the biggest voting machine company in America…to sell a small county equipment that every cybersecurity expert in America knows is insecure.”
Researchers continue to find ongoing security issues with the voting machine industry, including poor internal company security. The article says that in 2017, the largest U.S. voting machine vendor exposed encrypted employee passwords online. What could happen? “Using those passwords, hackers could have planted malware on the company’s servers, and that malware could then be delivered to voting systems across the country with official updates.” Author Lulu Friesdat suggests that these insecure voting systems are actually leading to incorrect election results. She cites data that more than 100,000 votes could be missing from a Georgia election held last year. According to cyber risk analyst Chris Vickery, “This is the type of stuff that leads to a complete compromise.”
From voting to gaming, cyber risks continue to plague us every day. More than 200 million players of the popular mobile games Words with Friends and Draw Something had their login information stolen, according to a CBS News report. Zynga, the publisher of the games, announced there was a data breach on September 12, 2019. According to the article, the hack exposed users’ names, email addresses, login IDs, some Facebook IDs, some phone numbers and Zynga account IDs. A CNET article reports that the hacker that goes by the name Gnosticplayers accessed a database that included data from Android and iOS players who installed the game before September 2.
Emerging technologies: cyber friend or foe?
What’s on the horizon? When it comes to hacks and cyber risks, hackers are becoming increasingly innovative with the techniques they use to access sensitive data, according to the article, “Cybersecurity experts warn that these 7 emerging technologies could put your online security at risk,” in Business insider, stating that new technologies are boons to hackers, who capitalize on people’s lack of understanding of how those technologies work, as well as undiscovered holes in new systems’ security. Here’s a list of the emerging technologies that present both great opportunities and great risks – with experts raising concerns:
- AI-generated “deepfake” audio and video can help hackers scam people. Cybersecurity experts worry that hackers could use the technology for phishing scams.
- Quantum computing could easily crack encryption. Experts worry that the technology could threaten encrypted data sets that organizations, such as banks, protect for decades.
- 5G networks will bring faster speeds, and new vulnerabilities. Security pundits warn that the increased speed could make 5G devices more susceptible to DDoS attacks.
- The Internet of Things (IoT) creates new threats to security infrastructure. Hackers are increasingly finding vulnerabilities in IoT networks and using them to compromise companies’ operations.
- Hackers are using artificial intelligence (AI) to outsmart cybersecurity systems. Hackers can use AI-driven programs to quickly scan networks to find weak points, or predictive text functions to impersonate insiders and trick targets into handing over sensitive information.
- Outsourcing high-tech functions to third parties, supply-chain hacks proliferate. Third parties increase vulnerabilities.
- More operational functions are moving online. This expands the “attack surface.”
Cyber Oregon partner blog of interest