A major false alarm — Turkey's widespread power blackout apparently was not, as early reports blared, the result of a cyber attack — rattled users of the European electrical grid at midweek. While the disruption was contained and remediated, observers warn that power grids throughout the developed world remain vulnerable to cyber attack. Their warnings also have broader application to ICS/SCADA networks.
Israeli sources, led by Check Point, continue to point to Lebanon as the source of the Volatile Cedar espionage campaign. Attribution wavers between the Lebanese government and unnamed "political groups."
The Laziok reconnaissance and industrial espionage Trojan Symantec reported this week is decidedly not a cutting-edge tool, but that doesn't matter. It's been able successfully to exploit a flaw in Windows Active X Control that was patched back in 2012. This highlights, of course, the importance of patching, and of keeping systems up-to-date. (Coincidentally, NetMarketShare reports that Windows XP — support for which ended on April 8, 2014 — still has more users than its Windows 8 successor, which is hardly good news from the herd immunity point-of-view.)
The denial-of-service attack that began afflicting GitHub last week, now by consensus attributed to the Chinese government, might have been mitigated by more widespread use of https (or so says the Electronic Frontier Foundation).
Several reports track trends in cyber criminal markets.
In industry news, CipherCloud buys Anicut Systems, CACI acquires LTC Engineering Associates, and Motorola Solutions buys PublicEngines.
President Obama's "national emergency" Executive Order on sanctions for cyber attacks draws foreseeably mixed reactions.