Sony continues to recover from its encounter with the "Guardians of Peace." As it restores network services, the company reaches out to employees whose personal information may have been compromised in the breach. Production of a Bond movie is reportedly disrupted, and, in an interesting legal development, Sony dispatches Boies, David Boies, to wage lawfare against those (for the most part journalists) the company alleges are making illegal use of stolen information. Observers think the company, which has extensive cyber insurance, may not have enough to cover the costs the attack is exacting.
An AP story on one man's experience with identity theft (in his case fallout from the Target breach) suggests the difficulty of assessing the real extent of damage done in a cyber attack.
Ransomware surges, with new distribution methods and more advanced infection mechanisms.
Check Point outlines a troubling new attack technique against Android phones: "man-in-the-Binder."
Several insights into the criminal market appear today. Cyber criminals are building (and trading in) increasingly plausible fake identities. They're also showing a renewed interest in attacking point-of-sale vendors (coincidentally, a vulnerability is discovered in Honeywell point-of-sale software). Holiday spam uses spoofed big-box retailers as phishbait. And Dell SecureWorks publishes an overview of the blackmarket, which includes price lists — stolen identities are up — and plenty of guarantees of satisfaction-or-your-money-back.
In the US, observers see two policy trends: Congress is sending essentially status-quo cyber bills to the President, and, in the absence of legislation, regulatory agencies increasingly rely on coaxed voluntary compliance.