The Health Exchange Security and Transparency Act, H.R. 3811, is a one-sentence bill that simply requires customers to be notified of any Obamacare website security breach no later than two business days after its discovery. It was passed in a 291-122 vote, with 67 Democrats breaking ranks in support.
Prior to this bill, there was no legal requirement for the Department of Health and Human Services to notify an individual if his or her personal information had been breached.To continue reading click here...
- Best Investments 2014: Turn Our Greatest Threat Into Your Biggest Profit The FBI says cyber-attacks have replaced domestic terrorism as the top threat to the U.S. homeland. That means government and business spending on cybersecurity is about to take off - and will keep going up for years to come. It also means that cybersecurity companies are going to reap epic profits...
How to Spot the Best Stocks to Buy in Tech's Fastest-Growing Sector
This week saw San Jose, California networking giant Cisco Systems Inc. (Nasdaq:CSCO) purchase Columbia, Maryland-based cybersecurity company Sourcefire, Inc. (Nasdaq:FIRE).
The purchase price was a rather steep $2.7 billion. That's $76 per share - a handsome 29% premium to the around $49 share price early Monday, before the deal was announced. Shares of FIRE are now trading at just under $76 a share.
If you're looking for stocks to buy, these shares have probably had enough fun for one night, but they may have found a decent support level.
Sourcefire has spurned suitors before, and dallied with its fair share of M&A activity - turning down a buy offer from Barracuda Networks, while acquiring antivirus companies Immunet and Clam AntiVirus in the last decade
An Ever More Urgent NeedAttacks on computer networks are, without exaggeration, ceaseless. There is at least one ongoing attack somewhere in the world at any given time. Sourcefire is one of many network security firms filling an increasingly vital niche.
Sourcefire's flagship product, FirePOWER, which is based on the open-source Snort intrusion detection system, is acknowledged to be among the best in the industry.
Snort itself is said to be the most widely deployed IDP technology on earth. One of the more interesting products is their Advanced Malware Protection, which analyzes malware attacks and works to predict and prevent even the very worst attacks.
It's this kind of killer, boutique technology that makes companies like Sourcefire so attractive to the big boys.Read More...
Cybersecurity: See Who's On This Latest Hacker Hit List
A group of mostly Middle East and North Africa based criminal hackers launched a cyber-attack campaign Tuesday that tested the cybersecurity of U.S. government agencies, financial institutions and commercial businesses.
Dubbed OpUSA, the effort is the latest in a string of cyber-attacks on crucial U.S. entities aimed at slowing down or blocking these heavily trafficked sites.
"We see this as a widening in the cyber war front and organizations may require new tactics or technical defenses to defend," Carl Herberger, VP of security solutions at Radware Ltd. (Nasdaq: RDWR) told FOX Business Network.
"We anticipate that today's [Tuesday] attacks will be against high impact targets, including government websites, law enforcement organizations, brand-name entities, financial services organizations and critical infrastructure providers," he added.
The Department of Homeland Security and the FBI warned of the attacks weeks ago.
"The attacks will likely result in limited disruptions and mostly consistent of nuisance level attacks against publicly accessible web pages and possible data exploitation," read an unclassified memo from Homeland Security, first obtained by cybersecurity blog KrebsOnSecurity.com.
"Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message," the alert said.
Indeed, the story made its rounds in the media, while cybersecurity personnel were on high alert.Read More...
4 Stocks to Buy in the Exploding Cybersecurity Market
There's a story out of England I heard recently that's one of the most ironic tales of how developments in technology - cybersecurity, in particular - need to be taken more seriously.
The story started in 2009, when 18-year-old Nicholas Webber was arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London.
When police examined Webber's laptop, they found details of 100,000 stolen credit cards linked to losses totaling 16.2 million pounds ($24.6 million)
Turns out Webber ran the Internet crime forum GhostMarket. The site allowed hackers to meet up virtually, create computer viruses and share stolen IDs and private credit card data.
In 2011 Webber was sentenced to five years in prison. Once in prison Webber was allowed to participate in a computer class.
And earlier this year, he hacked the prison computer system.Read More...
The Cybersecurity Investment Opportunity Everyone Is Missing
With cyber-attacks on U.S. corporations hitting more and more frequently, many investors have already realized that cybersecurity companies have a bright future.
But cybersecurity isn't the only business experiencing growth as a result of the rise in cyber-attacks.
As the attacks have increased, so have losses, creating an opportunity for insurance companies.
The Betterly Report, which tracks specialty insurance products, said in a report last year that it expected cyber-insurance premiums for 2012 to add up to about $1 billion in the U.S. alone.... Read More...
How to Invest in Cybersecurity
More and more companies are asking how to invest in cybersecurity, as the industry looks to be the only area of U.S. defense spending that will escape the looming budget cuts slated for March 1.
As Money Morning Executive Editor William Patalon III explained in his recent report, "The Cyber-Hacking of America," the booming interest in cyber-defense stems from the increasing number of threats targeting the United States.
Patalon said the intelligence community's National Intelligence Estimate, used to brief lawmakers, found "the U.S. is the target of a massive, sustained, cyber-espionage campaign."
A separate report released last week by Virginia-based cybersecurity firm Mandiant Corp. found a Chinese military unit was behind cyberattacks on at least 141 organizations since 2006.
"We know that the U.S. Federal Reserve has been hacked, we know that The New York Times has been hacked, and that's just the beginning," said Patalon. "This is going to be a major, major story and something that investors need to watch."
China's Cyber Attacks on the United States Will Only Get Worse
Sometimes the truth is scarier than fiction, like in the case of China's cyber attacks on the United States.
In what reads more like a crime novel than a true story, a report released today (Tuesday) from Virginia-based cybersecurity firm Mandiant, a specific Chinese military unit is likely behind one of the largest cyber attacks aimed at American corporations and infrastructure.
China's Unit 61398, housed in a 12-story building in Shanghai with a headcount in the hundreds, is being accused of stealing "hundreds of terabytes of data from at least 141 organizations" since 2006. Some 115 targets in 20 different industrial sectors from energy and aerospace to transportation to financial institutions are said to have been violated.
The investigation tracked, for the first time, individual members of the savviest Chinese hacking group, dubbed "Comment Crew" and "Shanghai Group," directly to the military unit's headquarters. While Mandiant couldn't pinpoint the hackers' exact whereabouts inside the high-rise, the firm very convincingly makes the case that the building is where the attacks originated.
"Once [Unit 61398] has established access [to a target network], they periodically revisit the victim's network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contacts lists from victim organizations' leadership," the detailed 74-page report reads.
American officials also confirmed that digital forensic evidence presented by Mandiant leads to the Shanghai building as the prime source of the attacks, according to The New York Times, which first reported on Mandiant's findings Monday. Mandiant is the same firm The Times secured to investigate the cyber attacks that infiltrated their own systems in China last month.
The Chinese government adamantly denies the allegations. Chinese Foreign Ministry spokesperson Hong Lei said at a press conference the claims in the Mandiant report were unsupported.
"To make groundless accusations based on some rough material is neither responsible nor professional. Cyberattacks are anonymous and transnational, and it is hard to trace the origin of attacks, so I don't know how the findings of the report are credible," The Wall Street Journal reported.Read More...
The Cyber-Hacking of America Is Going to Cost Us Big Time
We’ve been warning for some time now that cybersecurity would emerge as one of the top issues for investors to track.
In a column we published on February 1st, we even predicted that the cyber-hacking of America would turn into one of the top stories of 2013. And that’s precisely how it’s turning out.
A brand-new National Intelligence Estimate (NIE) report has just concluded that the United States “is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness.”
Guess who the culprit is… Read More...
Fed Hack Attack Highlights Growing Need for Cybersecurity
Not even the ultra-secretive U.S. Federal Reserve has been spared from aggressive cyberattacks - making cybersecurity an even bigger concern in 2013 than before.
The central bank acknowledged this week it was the victim of a "hack attack" after the group Anonymous claimed responsibility in a Tweet on Super Bowl Sunday.
"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," the Fed said in a statement. "Exposure was fixed shortly after discovery and is no longer an issue. The incident did not affect critical operations of the Federal Reserve system."
Anonymous claimed it had compromised 4,000 bankers' credentials on a private computer system the Fed uses to communicate with bankers in emergencies such as natural disasters and potential acts of terrorism.
Hackers also are believed to have accessed private information including data on banks the government agency oversees as well as Fed forecasts for future economic policy actions.
The Fed said all those affected by the breach had been contacted.
The cyberattack underscores the importance of cybersecurity at a time when high-profile attacks have grown more common.
Just a few days after the Super Bowl Sunday attack, Internet security company McAfee reported a hacking operation spanning at least five years had targeted 72 governments, corporations and organizations, 49 of them in the United States.
What McAfee dubbed "Operation Shady Rat" hit government agencies at the federal, state and county level and compromised classified government information.
Reuters reported organizations hacked in the attack included the United Nations, the Association of Southeast Asian Nations and the International Olympic Committee.
Other targeted organizations included those in defense, electronics, computer security, information technology, news media, and communications technology sectors.Read More...
How the Pentagon Aims to Stop China's Cyber-Hacking of America
Between deficit fears and budget skirmishes, it's tough to get excited about defense-related investments right now. Defense outlays are destined to shrink.
But there's one area where spending is slated to go up...
And I mean go way up.
Here at Money Morning, we've talked a lot about the massive surge in cybersecurity and cyber-terrorism spending that's destined to unfold in the years to come. Much of our focus has been on private-sector spending - although we also said the Pentagon and the rest of the federal government would also be factors.
Well, over the weekend, the Pentagon gave us a hefty reminder of why we're watching this sector so closely... Read More...
This "Massive" Cybersecurity Attack Targets Your Money
If you haven't yet been the victim of a cybersecurity attack, you might be soon depending on what bank you use.
Computer security firm McAfee issued a report yesterday (Thursday) alleging a "massive cyberattack" was being planned for next spring.
According to CNNMoney, a gang of criminals headed by a Russian cyber mafia chief known as NSD had developed a powerful "Trojan Horse" program designed to take money out of victims' bank accounts and channel it into their own.
The plan, called "Project Blitzkrieg," was aimed at 30 U.S. financial institutions, including online payment company PayPal, and was based on a malware program that would clone an account holder's computer to make it look like the accounts were being accessed from the owner's home computer, avoiding security questions that would deny the criminals access to the accounts. The idea was to then access thousands of accounts simultaneously to take out small amounts of cash from each one that would total millions of dollars.
Project Blitzkrieg first came to light when notices were posted on hacker Websites looking for hackers to join the group planning the attack. They offered a share of the loot for service.
Once the plan was discovered, it seems to have "gone dark."
It is impossible to know if Project Blitzkrieg has been cancelled or whether it is proceeding under much tighter security but security companies, including McAfee, have been working with banks to bolster their security.
To continue reading, please click here...
Cybersecurity Companies Gear Up for Huge Role in 2013
Cyber threats from hacktivists, criminal enterprises, and others will only grow worse in 2013 and beyond - increasing the importance of cybersecurity companies.
This has led the Obama administration to continually warn about cyber threats that are capable of causing widespread damage.
In a recent speech, Defense Secretary Leon Panetta said computer assaults from rogue countries or terrorists could be as destructive as the Sept. 11 attacks. At the Pentagon, plans have been in place since 2010 to combat this threat.
But it's not just the nation's security that is at risk. Most global corporations are also vulnerable to cyberattacks.
An August cyberattack on Saudi Arabia's state oil company, Saudi Aramco, incapacitated about 30,000 computers. It was probably the most destructive attack ever launched against a non-government entity.
The risk of an attack is particularly high in the corporate sector because of the complacency of its executives. According to a recent study by the consultancy firm PwC, entitled PwC's 2013 Global State of Information Security Survey, most executives are too optimistic about their companies' ability to handle cyberattacks.
The study warned that the rise in the number and sophistication of security incidents globally, along with scrimped corporate budgets, are leaving many firms open to attack. The survey found that, in reality, only 8% of companies truly qualify as information security leaders, with many faults detected.
For example, one of the most common faults found was the lack of a security strategy (protection against malware, etc.) to address personal devices used for work purposes in the workplace.
Mark Lobel, a principal in PwC's Advisory practice, told the Financial Times, "Security models of the past decade are no longer effective. Companies...should prepare to play a new game - one that requires advanced skills and strategy to win against emerging threats."
To continue reading, please click here...
Cybersecurity Act Could Survive with Executive Order
The Senate shot down the Cybersecurity Act of 2012 (CSA2012) for a second time last Wednesday in a close 51-47 vote, leaving proponents to wonder if the bill is dead.
The Obama administration, however, is not quite ready to completely write off the act and looks ready to use whatever muscle it has to get the measure passed without full support. That's why the White House is likely to deliver an executive order to keep the act from disappearing.
"As tonight's vote in the Senate illustrates, the current prospects for a cybersecurity bill are limited. Congressional inaction in light of the risks to our nation may require the administration to issue an executive order as a precursor to the updated laws we need. We think the risk is too great for the Administration not to act," White House Cybersecurity Coordinator Michael Daniel said in a statement.
Daniel continued to state that the administration still believes "comprehensive legislation is needed to fully address the threat we face in cyberspace."
Defense Secretary Leon Panetta in a speech in New York last month said cyberattacks by extremist groups could deliver as much destruction as Sept. 11. He has called the resulting damage from cyberattacks comparable to a "digital Pearl Harbor."
To continue reading, please click here...
Stuxnet Virus Triggers New Era of Cyber Attacks – Is the U.S. Ready?
Due to threatening cyber attacks like the Stuxnet virus, the United States has made cybersecurity a top priority.
But are we still too vulnerable?
After all, cyber attacks have gotten more sophisticated, and more targeted to specific operations in the past couple of years.
They also often remain undetected for long periods of time. Less than 5% of cybersecurity attacks are discovered within hours, while almost 80% aren't found for weeks or months, according to Verizon's 2011 threat report.
The growing concern caused FBI Director Robert Mueller to warn last week that cyber attacks will become the No. 1 terrorist threat to the United States - which is why Congress is trying to pass the first U.S. cybersecurity law.
"We will suffer a catastrophic cyberattack," said House Intelligence Committee Chairman Rep. Mike Rogers, R-AL. "The clock is ticking."
The Stuxnet Virus
Much of the fear surrounding a U.S. cyber attack has escalated due to the Stuxnet virus.
The Stuxnet virus was first detected in June 2010 when a software security firm's Iranian client complained about a software glitch.
"As soon as we saw it, we knew it was something completely different. And red flags started to go up straightaway," Liam O Murchu, an operations manager at antivirus company Symantec Corp. (Nasdaq: SYMC), told "60 Minutes" correspondent Steve Kroft in a March 4 segment on Stuxnet.
To continue reading, please click here... Read More...
Cybersecurity Stocks: The 100% Gain That's Yours For the Taking
If you read the Money Morning special report Five Ways to Profit from Cybersecurity Stocks back on Sept. 26 - and followed our recommendations - you've fared pretty well.
But if you were also a Private Briefing charter subscriber, and invested in the one cybersecurity stock that we held back for that premium service ... well, you've enjoyed a fabulous return - and in less than three weeks.
Take a look for yourself. We recommended five stocks in... Read More...