Top Tech News HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR MONDAY APRIL 24

Close Search Box
Top Tech News
NETWORK SECURITY
Yahoo Joins Facebook To Warn of State-Sponsored Hacks
Posted December 24, 2015
Yahoo Joins Facebook To Warn of State-Sponsored Hacks
Next Story
EARLIER
Google Starts Testing Password-Free Logins Using Your Phone
THIS STORY
Yahoo Joins Facebook To Warn of State-Sponsored Hacks
Next Story
LATER
Cybersecurity Predictions and Key Threats for 2016
YOU ARE HERE:   HOME arrow NETWORK SECURITY arrow THIS STORY
NEWS OPS

By Shirley Siluk. Updated December 24, 2015 10:35AM

SHARE

ALSO SEE

While plenty of cyberattacks are still conducted by the stereotypical "hacker in a basement," state-sponsored hacking is also on the rise -- prompting Yahoo to become the latest tech company to offer warnings of such attacks. In a blog post earlier this week, chief information security officer Bob Lord said Yahoo will offer specific security suggestions to users who appear to be the targets of state-sponsored attacks.

Facebook made a similar pledge in October. And earlier this month, Twitter also sent its first e-mail warning to some users it suspected had been singled out by state-sponsored hackers. Google has been offering such warnings since 2012.

Foreign nation-states accounted for 8 percent of cyberthreats to organizations in 2014, with another 23 percent caused by unknown perpetrators, according to PwC's 2015 U.S. State of Cybercrime Survey. Individuals can also be targeted by state-sponsored hackers for a variety of reasons, including "eavesdropping, stealing information, and/or unmasking anonymous users," a research team told the Usenix Security Symposium last year.

Refining Detection of State Threats

Yahoo is continually working to "refine our detection and notification of state-sponsored threats," Lord said in his blog post. However, he also noted it would not publicly share the reasons for suspecting such threats "to prevent the actors from learning our detection methods."

Yahoo users who receive notifications of possible state-sponsored attacks should take a number of steps to protect their accounts, Lord said. They include enabling two-step verification or Yahoo's Account Key password-free login system; checking recent account activity and settings for suspicious signs; and using strong passwords that are not shared with other people or other accounts.

"It's important to note that if you receive one of these notifications, it does not necessarily mean that your account has been compromised," Lord added. "Rather, we strongly suspect that you may have been a target of an attack, and want to encourage you to take steps to secure your online presence."

Lord also noted that receiving such notices does not mean that Yahoo's own systems have been compromised in any way.

Rise of 'State-Enabled Actors'

In addition to other types of hacking, there have been a large number of attacks led by nation-states or state-supported groups in 2015, according to a report released earlier this month by the cybersecurity company FireEye.

"This year had its fair share of incidents potentially carried out by the stereotypical 'hacker in the basement,' " noted the report, "Looking Forward: The 2016 Security Landscape." However, there were also campaigns from state-enabled actors in 2015, "including the groups responsible for gaining unauthorized access to healthcare organizations and stealing the personal information of millions of customers and employees," according to the report.

China, for example, is believed to have supported recent hack attacks against healthcare and insurance companies including Anthem and Premera. Other nation-states believed to be active in cyberattacks include the U.S., Russia, North Korea and Iran.

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Mrs. Spragins:
Posted: 2015-12-30 @ 11:09am PT
I am grateful that Yahoo has joined the growing list of vendors willing to issue these type of warnings!

Mark:
Posted: 2015-12-29 @ 12:47am PT
Hey Josh - FYI, Yahoo owns more than just Yahoo... See a list of 114+ entities [on Wikipedia]. So it's ALL their business units they are referring to, and others in the industry at large are encouraged to do the same, obviously.

JOSH:
Posted: 2015-12-25 @ 4:37am PT
But how? Are they going to send a post letter at home address? Because not so many people really log in to yahoo accounts anyway!

MORE IN NETWORK SECURITY

Next Article >

INSIDE TOP TECH NEWS NETWORK SITES SERVICES BENEFITS