Monday, 24 April 2017

China Hacked South Korea Over Missile Defense

Chinese state-backed hackers have recently targeted South Korean entities involved in deploying a U.S. missile-defense system, says an American cybersecurity firm, despite Beijing’s denial of retaliation against Seoul over the issue. In recent weeks, two cyberespionage groups that the firm linked to Beijing’s military and intelligence agencies have launched a variety of attacks against South Korea’s government, military, defense companies and a big conglomerate, John Hultquist, director of cyberespionage analysis at FireEye Inc., said in an interview. The California-based firm, which counts South Korean agencies as clients, including one that oversees internet security, wouldn’t name the targets.
View full story


The post China Hacked South Korea Over Missile Defense appeared first on IT SECURITY GURU.

from China Hacked South Korea Over Missile Defense

Facebook and Twitter are Stopping Hackers by Paying to be Hacked

Facebook, Twitter and Snapchat are paying hackers to find glitches in their system. Technological giants are shelling out possibly £156,000 to these ‘ethical hackers’ every day. One of the hackers has spoken out about his job. Known as Topiary online, Jake Davis is a former ‘black hat’ – meaning he was an illegal hacker. The 24-year-old was arrested at his Shetland home in 2011 but escaped a possible 10 year jail sentence. Serving just 38 days, Davis had been tagged by a police anklet for 21 months. But now he is a ‘white hat’, and is exposing tech companies’ flaws so they can patch them up.

View full story


The post Facebook and Twitter are Stopping Hackers by Paying to be Hacked appeared first on IT SECURITY GURU.

from Facebook and Twitter are Stopping Hackers by Paying to be Hacked

Aadhaar Data Leak: Personal Information of More than 1 Million Jharkhand Pensioners Released Online

In a major gaffe, personal details of around 1.5 million penioners in Jharkhand were made public on a state website of social security. The details also included people’s Aadhaar card and bank account information. The details were put on the website because of a programming error, according to the Hindustan Times. There are nearly 1.6 million pensioners in Jharkhand and around 1.4 million have linked their bank account with their Adhaar numbers to get direct benefit of subsidies. The personal details of the pensioners were made available on the Women and Child & Social Security of the Government of Jharkhand’s website, maintained by the Jharkhand Directorate of Social Security.

View full story


The post Aadhaar Data Leak: Personal Information of More than 1 Million Jharkhand Pensioners Released Online appeared first on IT SECURITY GURU.

from Aadhaar Data Leak: Personal Information of More than 1 Million Jharkhand Pensioners Released Online

Lifespan Notifies Patients of Potential Data Breach

Rhode Island’s largest health care provider says an employee’s laptop containing patient information was stolen, but there’s no indication that any patient’s information has been accessed or used as a result of the theft. The Providence Journal reports ( that Lifespan recently sent a notice about the potential data breach to about 20,000 patients. The hospital network says the computer was stolen from a car on Feb. 25. The employee immediately reported the theft to police and Lifespan. Lifespan says it began investigating and changed the employee’s credentials out of an abundance of caution. The laptop may have had work emails containing information about patients and their medication prescriptions, but it didn’t have Social Security numbers, medical diagnoses and other sensitive information in the network’s database.

View full story

ORIGINAL SOURCE: Washington Times

The post Lifespan Notifies Patients of Potential Data Breach appeared first on IT SECURITY GURU.

from Lifespan Notifies Patients of Potential Data Breach

Primary School is ‘Hacked by Extremists’ Who Threaten ‘Persecution’ in Website Rant

Police are investigating after “malicious” messages were left on a school website by Turkish nationalists in an apparent hacking attempt. Parents of students at North Mundham primary in Sussex were left concerned after the school’s website was taken over by a long message written in Turkish. The school website has been changed to a plain white background with a red logo, believed to be linked to cyber hacking group Ayyildiz Tim. The group describes itself as “patriotic”, claiming to be soldiers of the virtual world and aiming to stop anti-Turkish messages while carrying out propaganda activities.

View full story


The post Primary School is ‘Hacked by Extremists’ Who Threaten ‘Persecution’ in Website Rant appeared first on IT SECURITY GURU.

from Primary School is ‘Hacked by Extremists’ Who Threaten ‘Persecution’ in Website Rant

Cyber security centre of excellence to open at Cardiff University

A new research centre set up to provide world-leading research into the ever-growing problem of cyber security has today been launched by Cardiff University and Airbus.

 The Centre of Excellence in Cyber Security Analytics will be located at Cardiff University’s School of Computer Science and Informatics and will be the first centre of its kind in Europe.

 Together with experts from Airbus, researchers will carry out world-leading studies into machine learning, data analytics, and artificial intelligence for cyber-attack detection. This research will aim to protect corporate IT networks, intellectual property, and critical national infrastructure.

 The centre, which forms part of a strategic Memorandum of Understanding between the two parties, will also develop industry-relevant academic programmes in cyber security at the University, in an attempt to fill the skills gap that currently exists in the field.

 The agreement will also support knowledge sharing between Airbus and Cardiff University, with the potential for secondments and industrial placements to be made available for researchers and students.

 Cardiff University’s Dr Pete Burnap, Director of the Centre of Excellence for Cyber Security Analytics, said: “Cyber security analytics is about improving our resilience to cyber-attacks through data modelling to detect and block malicious behaviour before it causes its full impact; but also about understanding what motivates the behaviour, what its likely impact will be, and how to communicate security alerts among decision and policy-makers.

 “The centre is interdisciplinary by design and will draw together expertise in cyber security from across the whole University.”

 Dr Kevin Jones, Head of Cyber Security Innovation at Airbus, said: “Collaborating with leading Universities such as Cardiff to research and develop sophisticated machine learning and data analytics for attack detection is a key approach in the future protection of critical systems.  The launch of the Centre of Excellence in Cyber Security Analytics is an enabler for the rapid transfer of research into operational activities and ensures that researchers are able to access the latest techniques and data, and in addition are supported by Airbus experts.”

 In tandem with the launch of the Centre of Excellence, Cardiff University has recently been awarded almost £2m in external funding from a range of sources, including UK research councils, industry and government, to launch major new programmes over the next 3 years, aimed at developing cutting-edge machine learning algorithms to detect cyber threats targeting various internet-enabled environments, including online social media to control systems in critical national infrastructure.

 Together, Cardiff University and Airbus have already received more than £1m of funding for cyber security, including studying risks to the systems underpinning critical national infrastructure. This was part-funded by the Endeavour programme backed by Airbus and Welsh Government.

 Cardiff University’s Vice-Chancellor, Professor Colin Riordan, said: “This exciting new partnership is a great example of how Cardiff University’s expertise is linking up with world-leading businesses to make a better future for Wales and the world.

“Cyber security research is of critical importance in our digital society so it’s extremely important that we find innovative, real-world solutions to help detect, and protect against, dangerous cyber-attacks.”  

The post Cyber security centre of excellence to open at Cardiff University appeared first on IT SECURITY GURU.

from Cyber security centre of excellence to open at Cardiff University

Has Defence-in-Depth failed us?

Defence-in-depth is a philosophy that we’re all familiar with, layering security controls throughout and IT systems so that if one fails or, if vulnerability is exploited, another is there to prevent an attack.  Having become standard practice for the vast majority, this sounds like a great approach, right? Well, perhaps wrong. If the slew of headlines about compromises and breaches – as well as the velocity at which they occur – are to be believed, it would appear that it has not worked. Therefore, in spite of all its promise, perhaps defence-in-depth has failed us.

But why?

The main issue stems from the fact that each layer of defence has been a point product – a disparate technology that has its own intelligence and works within its own silo, resulting in three key challenges. First, silos can make it difficult to share intelligence – between tools or even teams – in any real way. Second, management complexity grows exponentially as you add additional management consoles for an already stretched security team. And third, these silos of technology act as an obstacle course for the attacker. As the saying goes, “every obstacle is an opportunity”, and attackers capitalise on that, successfully navigating this obstacle course every day until they accomplish their mission whether it is to steal, disrupt or damage what’s not theirs. Granted, over time adversaries have evolved, as have the technologies to catch them, however, the architecture has not. So even if the course may be harder it is still a course nonetheless.

As companies layer new products and technologies they then find themselves with numerous security products and vendors in numerous silos. And, since these products aren’t integrated, each layer in the architecture creates its own logs and events, generating a massive amount of data and a massive management challenge. So, where does all this data go, and how can you keep up?  Recent ESG research finds that 42 percent of security professionals say their organisation ignores a significant number of security alerts due to the volume and more than 30 percent say they ignore more than half! In most cases it is the security operators within the Security Operations Center (SOC) that find themselves drowning in this data as they undertake the onerous task of manually correlating logs and events for investigations and other activities.

What’s the solution?

In an attempt to overcome the data overload challenge, SIEMs emerged as a way to store all this data and aggregate and correlate logs and events. Whilst this has worked to an extent, even SIEMs have limitations. On the technology front, SIEMs can be complex and can face scale challenges with today’s volumes of data.. On the economic front, it can be costly for a company to store everything in the SIEM,thus they pick and choose what to include and what not to.

The tool of choice for SOCs has been the SIEM and it has certainly helped, but the volume of data is so great that security operators still can’t keep up. They are now looking at ways to mine through the SIEM data to find threats and breaches. One use case is to apply threat data from an outside feed – commercial, industry, government, open source, etc. – directly to the SIEM. Using data on threats found “in the wild”, the goal is to see what indicators of compromise (IoCs) may be hidden in the vast amounts of data. In theory, applying threat feeds directly to the SIEM should work and provide some relief, but in reality this approach creates new and additional challenges for multiple reasons:

  1. Lack of Context – SIEMs can only apply limited (if any) context to logs and events. Context comes from correlating events and associated indicators from inside your environment with external data on indicators, adversaries and their methods.
  2. False Positives – Without context it is impossible to determine the ‘who, what, where, when, why and how’ of an attack, in order to assess the relevance to your environment. As a result, SIEMs generate frequent false positives. Security operators end up wasting valuable resources and time chasing problems that don’t matter.
  3. Questionable Relevance – Threat intelligence feeds only offer global risk scores based on the provider’s research and visibility, not within the context of their company’s specific environment. Security operators using these global scores find themselves chasing ghosts.
  4. No Prioritisation – Prioritisation based on company-specific parameters is imperative for faster decision making that improves security posture. Intelligence priority must be calculated across many separate sources (both external and internal) and updated as more data and context comes into the system.
  5.    SIEM Architecture Limitations – As previously mentioned, SIEMs themselves are already overwhelmed by the vast volumes of logs and events defence-in-depth generates. Adding millions and millions of additional data does not scale in an affordable way. In addition, SIEMs were built as a reactive technology to gather logs and events that previously occurred.  Aggregating threat data and intelligence to correlate, contextualise and prioritise in a proactive manner is not a SIEM’s primary design.

The result? Indicators of compromise are missed, scarce resources are squandered and attacks still succeed.

How can obstacles be turned into opportunities?

SOCs need to take a page from attackers and successfully navigate this obstacle course. By automatically applying context, relevance and prioritisation to threat data prior to applying it to the SIEM, the SIEM becomes more efficient and effective. Customised threat intelligence scores based on parameters you set, coupled with context, allows for prioritisation based on what’s relevant to a specific environment. Now, using a subset of threat data that has been curated into threat intelligence, the additional overlay allows the SIEM to generate fewer false positives and encounter fewer scalability issues.

In addition, companies can make their entire security infrastructure more effective by using this threat intelligence as the glue to integrate layers of point products within a defence-in-depth strategy. By compensating for a lack of information sharing and providing richer insights, this approach helps SOCs to accelerate threat detection and response, and enhance preventative technologies with protection against future threats.

With less noise and streamlined operations SOCs can turn obstacles into opportunities. Rather than drowning in data, they can prioritise their investigations on the highest risk threats first, stop attackers from successfully navigating the obstacle course and improve security posture.

By Anthony Perridge, Regional Director, ThreatQuotient

The post Has Defence-in-Depth failed us? appeared first on IT SECURITY GURU.

from Has Defence-in-Depth failed us?