Heading into the holidays, you might expect the world of cybersecurity to slow down as people turn to mistletoe and family dinners, but it's doing just the opposite. This week we had government attribution for WannaCry, a new report on the future of cybersecurity in Asia, and more passwords you probably shouldn't be using...
- It was the North Koreans, in the healthcare sector, with a cyberattack: The cybersecurity community has been buzzing for months with increasingly substantiated rumors that WannaCry was the work of North Korean operatives. This theory got a strong boost this week when the U.S. Government announced that "North Korea is directly responsible" for the ransomware epidemic. This isn't the first major announcement of this kind — the UK and Microsoft had previously both traced WannaCry to North Korea — and it isn't the first time that the U.S. has publicly attributed a cyberattack (remember Sony?), but it's still rare for the U.S. to feel strongly enough about an intrusion to make a public attribution and condemnation.
I'm reading: "It’s Official: North Korea Is Behind WannaCry."
- As goes Asia, so goes...: No one watching technology innovation and the trends in cybersecurity can ignore Asia — vast new populations getting connected, using new platforms, in countries that are rapidly expanding their technological footprint makes for a potent mix of opportunity and risk. A new report out this week uses a series of futuristic scenarios to examine what we can expect to see for cybersecurity in Asia in the years to come. From a malware attack on agricultural drones in India to the bootstrapping of China's influence across the region through its Belt and Road Initiative, the report combines just the right amount of creativity and reality to be a useful read and a potent exercise in techno-futurism.
I'm reading: "Asian Cybersecurity Futures."
- Hands together for your worst passwords of 2017: It wouldn't be the end of the year without "worst of" and "best of" lists, and a new example of one of my favorites, the worst passwords of the year, just came out. "Starwars" is on there, along with strings of sequential numbers and random first names. There are also favorites like "passw0rd", "iloveyou", "qwerty", and "abc123", as well as my new favorite "trustno1" (unfortunately, the irony doesn't make it any more secure). I know that organizations put these together by scraping through public password dumps, but every time I read them I just imagine those nice college kids on street corners with clipboards: "Hi, I'm collecting data on the passwords that are used by ordinary Americans. What's your password?"
I'm reading: "‘Password,’ ‘Monkey’ and the Other Terrible Passwords We Choose."