This Week in App Security News, February 17 – 23, 2018

Cryptocurrency mining on Tesla’s dime, Jenkins open source server targeted in cryptocurrency-mining hack, UK authorities hit by 98 million cyberattacks over four years, new SEC guidance on cybersecurity attacks, BDO Report on DDoS attacks, DOE requests $895M for cybersecurity, lawsuits threaten infosec research, and more.

Top News

Hackers mine cryptocurrency using Tesla’s AWS cloud

Researchers at security firm RedLock said hackers accessed one of Tesla’s Amazon cloud accounts and used it to run currency-mining software.

Read more…

Tesla cloud resources are hacked to run cryptocurrency-mining malware (Ars Technica, Feb. 20)

Poor cloud security let hackers mine cryptocurrency on Tesla’s dime (TechCrunch, Feb. 20)

Hackers Infiltrated Tesla to Mine Cryptocurrency (Motherboard, Feb. 20)

Open source Jenkins servers targeted in cryptocurrency-mining hack

The open source Jenkins Continuous Integration server is the latest target of a highly successful hacker group that has mined $3.4 million in Monero coins over 18 months, according to Ars Technica.

Read more…

Cryptocurrency-mining criminals that netted $3 million gear up for more (Ars Technica, Feb. 19)

Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers (Bleeping Computer, Feb. 17)

UK authorities hit by 98 million cyber attacks from 2013-17

UK privacy campaign group Big Brother Watch estimates UK authorities were hit by 98 million cyber attacks between 2013 and 2017.

Read more…

UK local gov: 37 cyber attacks a minute but little mandatory training (The Register, Feb. 20)

UK Councils Suffer 37 Cyber-Attacks Per Minute (InfoSecurity Magazine, Feb. 20)

New SEC guidance on cybersecurity attacks, BDO Report on DDoS attacks, DOE requests $895M for cybersecurity, lawsuits threaten infosec research

SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks (Dark Reading, Feb. 22)

New agency guidance statement also says company officials, execs can’t trade stocks if they have unannounced information on a security breach at the company.

BDO Report Says Wide Scale DDoS Attacks Were up by 91% Last Year (Homeland Security Today, Feb. 19)

Wide scale distributed denial of service (DDoS) attacks were up 91% last year, according to BDO’s Cyber Threat Insights Report, and the best way to combat them is to adopt a more holistic cybersecurity model.

DOE budgets for cybersecurity, exascale, quantum programs (Government Computer News, Feb. 20)

The $30.6 billion budget request, which calls for “transformative science and technology innovation,” would invest almost $500 million in cybersecurity technologies for energy infrastructure and $395 million specifically for enterprise cybersecurity risk management.

Lawsuits threaten infosec research — just when we need it most (ZDNet Zero Day, Feb. 19)

Steve Ragan, senior staff writer at tech news site CSO, and Dan Goodin, security editor at Ars Technica, were last year named defendants in two separate lawsuits. The cases are different, but they have a common theme: they are being sued by the companies covered in articles they wrote. 

More News

White House: Cyberattacks Cost US Economy Between $57B and $109B in 2016 (Bleeping Computer, Feb. 19)

Justice Department Unveils Cybersecurity Task Force to Protect Elections (Wall Street Journal, Feb. 20)

Report: Cryptojacking Drives 88% Of Remote Code Execution Attacks (Tom’s Hardware, Feb. 20)

7 Cryptominers & Cryptomining Botnets You Can’t Ignore (Dark Reading, Feb. 21)

North Korea’s Growing Criminal Cyberthreat (Government Technology, Feb. 20)

Electric Vehicles May Raise India’s Risk of Cyber-Security Breaches (Bloomberg, Feb. 18)

Californian may not see stars for years after conviction for DDoS attack against telescope retailer (SC Magazine, Feb. 20)

Tech leaders sign charter to boost cybersecurity in business and government (TechRepublic, Feb. 16)

Keep your finger on the pulse

Sign up for updates from Imperva, our affiliated entities and industry news.