Yahoo Will Notify Users of 'state-sponsored' Hacks

 

Yahoo has become the latest technology company to promise to alert its users if it thinks their accounts have been attacked by “state-sponsored actors” – hackers working on behalf of governments.

“Yahoo will now notify you if we strongly suspect that your account may have been targeted by a state-sponsored actor,” said Bob Lord, Yahoo’s chief information security officer, in a blog post announcing the change.

“We’ll provide these specific notifications so that our users can take appropriate measures to protect their accounts and devices in light of these sophisticated attacks. Our notifications provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.”

Those actions include turning on two-step verification; changing their password to a stronger one that has never been used before; updating their account recovery information; and checking recent activity on their account.

Yahoo’s move comes two months after Facebook made a similar announcement in October, telling its users that it would notify them “if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state”.

In December, Twitter warned a number of its users that they may have been the targets of a state-sponsored attack, including several experts in information security and privacy.

Google, meanwhile, made this move in June 2012 for a subset of its users who it believed might be targets for phishing, malware or other attacks from state-sponsored “bad actors”.

By necessity, all of these companies decline to provide detailed information on the potential attackers they have identified.
“In order to prevent the actors from learning our detection methods, we do not share any details publicly about these attacks,” wrote Lord. “To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers,” explained Facebook.

The likelihood of online attacks coming from state-sponsored actors has been increasingly talked about in 2015.

Richard Ledgett, deputy director of the US National Security Agency, claimed in October that “if you are connected to the Internet, you are vulnerable to determined nation-state attackers”.

Guardian: http://bit.ly/22GDix6

« Now Anonymous Declares Cyberwar On Turkey
Fighting Cybercrime As The World Goes Digital »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

usecure

usecure

usecure is a global provider of computer-based cyber security awareness training, offering the market’s most time-efficient, cost-effective and admin-lite solution for reducing insider threats.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

Concorde Technology Group

Concorde Technology Group

Concorde Technology Group is one of the UK’s leading IT support and services providers, delivering cost-effective and innovative IT solutions to businesses across the country.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

Modat

Modat

Modat is an AI-powered, research-driven company focused on developing products and services that enable cybersecurity professionals to outpace adversaries.