Yahoo Will Notify Users of 'state-sponsored' Hacks

 

Yahoo has become the latest technology company to promise to alert its users if it thinks their accounts have been attacked by “state-sponsored actors” – hackers working on behalf of governments.

“Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor,” said Bob Lord, Yahoo’s chief information security officer, in a blog post announcing the change.

“We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks. Our notifications provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.”

Those actions include turning on two-step verification; changing their password to a stronger one that has never been used before; updating their account recovery information; and checking recent activity on their account.

Yahoo’s move comes two months after Facebook made a similar announcement in October, telling its users that it would notify them “if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state”.

In December, Twitter warned a number of its users that they may have been the targets of a state-sponsored attack, including several experts in information security and privacy.

Google, meanwhile, made this move in June 2012 for a subset of its users who it believed might be targets for phishing, malware or other attacks from state-sponsored “bad actors”.

By necessity, all of these companies decline to provide detailed information on the potential attackers they have identified.
“In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,” wrote Lord. “To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers,” explained Facebook.

The likelihood of online attacks coming from state-sponsored actors has been increasingly talked about in 2015.

Richard Ledgett, deputy director of the US National Security Agency, claimed in October that “if you are connected to the Internet, you are vulnerable to determined nation-state attackers”.

Guardian: http://bit.ly/22GDix6

« Now Anonymous Declares Cyberwar On Turkey
Fighting Cybercrime As The World Goes Digital »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

KELA

KELA

KELA's powerful cybercrime intelligence platform uncovers and neutralizes the most relevant cybersecurity threats coming from the hardest-to-reach places on the internet.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

SubCom

SubCom

How Much Do You Trust Your Endpoint? With our ‘Habituation Neural Fabric’ based endpoint security platform, you can observe and manage the Trust Score of your endpoints in real-time.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Awareness Software Limited (ASL)

Awareness Software Limited (ASL)

As Hosting Specialists, Awareness Software offer practical and affordable hosting solutions including backup and disaster recovery and a range of cybersecurity services.

Securitybricks

Securitybricks

Securitybricks specialize in cloud security and compliance. Our mission is to automate regulatory compliance backed by human validation.