|
|
|
|
|
Cyber Daily: Hack Me If You Can
|
|
|
|
|
|
Hello. In more than 20 years of reporting on cybercrime, Wall Street Journal reporter Robert McMillan has never come face-to-face with a criminal hacker. Until he met Dmitry Smilyanets.
Dmitry grew up during the fall of the Soviet Union, a computer-loving kid with big dreams. He became part of a generation of Russian hackers who cut their teeth in the early days of the internet and went from stealing passwords to hacking some of America’s biggest companies.
On The Journal podcast series, "Hack Me If You Can," listen to Dmitry's stories of, as he put it, "being manager of the largest hacking group ever prosecuted in the United States."
All told, U.S. officials say that Dmitriy's gang cost its victims more than $300 million dollars in damages.
More below.
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
Block 90% of DDoS attacks with Two Simple Steps
There were more than 4.4M DDoS attacks in the second half of 2021. But that’s no reason for enterprises and service providers to cower in fear. Learn the two ways you can thwart DDoS attacks.
Read More
|
|
|
|
|
|
"I knew of Dmitriy's work before I knew his name. But where I found Dmitriy, well, it wasn't where I expected. He wasn't in some bunker in Moscow or a maximum security prison. He was living in a gated community in New Jersey."
That's how WSJ's Robert McMillan describes his first face-to-face encounter with Mr. Smilianets.
|
|
"Dmitriy was an only child living in Moscow, and he remembers the violence and the upheaval wrought by the breakup of the USSR," Mr. McMillan explains. How Mr. Smilianets got from there to New Jersey in the course of many years is the story of how Russia became a criminal hacking superpower.
|
|
|
It's also the story of how U.S. businesses became ripe targets for hacking sprees that today have created a cybersecurity landscape where criminal hackers and nation-state attackers can be one and the same.
Listen to Part 1, Part 2 and Part 3.
|
|
|
|
Robert Half breached: Recruiting firm Robert Half International Inc. is notifying 1,058 people that their personal data, along with wage and tax information, were exposed in an account compromise between April 26 and May 16. After detecting suspicious activity at RobertHalf.com, the company required password resets and strengthened authentication controls at the site, Global Privacy Officer Christopher Hoffmann said in a letter to state regulators.
|
|
Several eye-care providers are notifying patients of data breaches after a third-party tech provider was hacked. In December 2021, an unauthorized party accessed and deleted databases and configuration files at Charlotte, N.C.-based Eye Care Leaders, which provides practice management software to eye doctors across the U.S. Practices including Harkins Eye Clinic in Nebraska, Precision Eye Care in Missouri and McCoy Vision Center in Alabama each said tens of thousands of patients were affected. The Department of Health and Human Services is investigating the incident.
|
|
|
PHOTO: SIPHIWE SIBEKO
/REUTERS
|
|
|
Africa's Shoprite grocery chain hit in ransomware attack: Networks and other systems at Shoprite Holdings Ltd. were down after hackers launched malware known as RansomHouse at Africa's largest supermarket chain. Customers conducting money transfers in Eswatini, Namibia and Zambia might have had their personal data compromised, the company said. (Bleeping Computer)
|
|
|
-
Shoprite operates 2,913 stores across Africa under 11 physical and online brands including Checkers and LiquorShop.
|
|
|
|
Corporate security chiefs, amid a world-wide shortage of cyber talent, look for recruits wherever they can. While candidates are needed at all levels, the right entry-level and junior staff can be elusive.
As the chart above shows, when chief information security officers look to other functions at their companies, they've had some success in filling starter roles. According to the professional organization (ISC)2, the top personality traits of strong entry-level cyber employees are:
-
Problem solving
-
Creativity
-
Analytical thinking
-
Desire to learn
-
Critical thinking
Lack of skilled personnel is a key obstacle in improving corporate cyber defenses, according to a survey of 7,000 executives world-wide by insurer Munich Re. Colleges and universities in recent years have increasingly offered certificate programs and majors in the field. Even so, the number of graduates doesn't fill all the positions needed to adequately protect U.S. businesses.
We've covered how companies including McDonald's and Visa are shifting tactics to fill their cyber needs. One change: stripping certain job descriptions of degree requirements.
Some boot camps billed as stepping stones to a career in cybersecurity haven't met expectations.
Lots of public-private partnerships have emerged to train promising candidates in cybersecurity. Venture capitalists and tech firms, for example, are in the midst of raising $1 million to fund cyber education in California.
How have you changed your approach to cybersecurity staffing? Let us know.
|
|
|
|
|
On June 1, the WSJ Pro Cybersecurity Forum gathered an audience of executives and senior practitioners from countries across the globe to share their perspectives on a variety of cyber challenges. Here we provide a summary of key points from our panels, interviews, presentations and breakout sessions. And here you can watch recordings from the forum.
|
|
|
|
|
|
|
|
|
|