QOTD - FBI Director - Two Kinds of Companies

There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese. 
-- James Comey, FBI Director

Src: FBI Director James Comey on threat of ISIS, cybercrime - CBS News

QOTD - World War C (C=CyberSpace)

Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible theater of operations. Once limited to opportunistic criminals, cyber attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power.  
-- FireEye report entitled "World War C"

Src: How Classified NSA Exploit tools RADON and DEWSWEEPER Work - InfoSec Institute

Note: the rest of the page linked above is also worth reading, along with the original FireEye report of course (link to PDF). Here's the rest of the paragraph from FireEye's original paragraph (src):
From strategic cyber espionage campaigns, such as Moonlight Maze and Titan Rain, to the destructive, such as military cyber strikes on Georgia and Iran, human and international conflicts are entering a new phase in their long histories. In this shadowy battlefield, victories are fought with bits instead of bullets, malware instead of militias, and botnets instead of bombs. 
These covert assaults are largely unseen by the public. Unlike the wars of yesteryear, this cyber war produces no dramatic images of exploding warheads, crumbled buildings, or fleeing civilians. But the list of casualties—which already includes some of the biggest names in technology, financial services, defense, and government—is growing larger by the day.

QOTD - Blame it on Snowden

There are probably 30 governments who are going through that catalog and saying, 'I didn't know you could do that,' and saying, 'Find somebody who will give me one of these.'
[...]
authoritarian governments around the world are going to have new tools, and our tools are going to be less effective.
and
You can have these programs, of course, but if you debate intelligence programs in the clear, the chances are they are not particularly effective programs after they've been debated in that fashion. So I think that it's a very damaging debate to have. 
-- Stewart Baker, former assistant secretary of Homeland Security,
as interviewed by NPR

Src: The Case Against Clemency: Expert Says Snowden's Leaks Hurt Security : The Two-Way : NPR

Editorial note: There. End of debate! There should be no debate.

QOTD - On Zero Day Attacks

Zero-day attacks last between 19 days and 30 months, with a median of 8 months and an average of approximately 10 months. This shows that attackers have plenty of time to execute their attack without hinderance before it becomes a known vulnerability.
After zero-day vulnerabilities are disclosed, the number of malware variants exploiting them increases 183–85,000 times and the number of attacks increases 2–100,000 times.
[...]
Once a vulnerability has been announced hackers worldwide get to work creating their attacks for the vulnerability. Knowing this data it is best to keep a machine up to date on patches. 
Src: Zero-day Attack Data | Cyber Security
Link to full paper

Note: emphasis is mine

QOTD - FBI on Hackers and Basements

We're in a day when a person can commit about 15,000 bank robberies sitting in their basement.
-- Robert Anderson, executive assistant director of the FBI's Criminal Cyber Response and Services Branch

Src: Officials warn 500 million financial records hacked