Cyber Security News Update 11/23/2018

Chinese hackers have stepped up their attempts to steal secrets from Australian companies according to reports coming from the region which point to a large increase in the number of attempted attacks. The attacks violate an agreement between the two countries to avoid and discourage the two countries from stealing each other’s secrets and instead focus on building a healthy trading relationship. These attacks were directed by the Chinese government, according to Australia, under “Operation Cloud Hopper” and the attacks were initially spotted by the Five Eyes intelligence coalition. Five Eyes is the agreement under which the United States, United Kingdom, Canada, Australia, and New Zealand share nearly all of their intelligence with each other and refrain from spying on the other “eyes.” Five Eyes is aimed towards collecting intelligence on what are deemed the biggest threats to the Western world which would be China, Russia, North Korea, Iran, Cuba and other opposition countries. Five Eyes also performs limited spying on allies as well, such as Germany, which was revealed by Edward Snowden. The Chinese government has responded by saying that any attacks coming from China are purely coincidental, unrelated to the Chinese government and that any statements saying that they have the backing of the PRC are “devoid of facts and full of hidden motives.” This increase in attacks mirrors a spike in activity against the United States from the PRC, which has been accused of breaking a similar agreement that it had with the US.
Source: China reportedly steps up efforts to steal Australian company secrets

The United Kingdom’s National Cyber Security Centre (NCSC) released its first cybersecurity threat warning for Black Friday, as the holiday attracts a variety of scams and attempts to steal personal information. Phishing emails are an easy way to get access to information when every store is sending multiple emails in the days leading up to the event. Lowered consumer suspicion means its easier for an attacker to gain access to payment information and with the high volume in sales on Black Friday, their fraudulent purchases may go undetected. The NCSC aren’t the only ones to release warnings this year, as several major telecom have released warnings to their consumers showing how several companies have overlooked security concerns in the name of providing costumers with quicker or easier to use products. However, this expediency will lead to a data breach at some point as invariably the least protected systems and databases will be targeted first and the sooner a company stars preparing for the attacks the easier it becomes to defend against them.
Source: Gone phishing: It’s Black Friday, let’s talk about cybersecurity

Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.