Wednesday, 31 August 2016

Robert Schifreen on Security Awareness and Attitude

Cybersecurity is often seen as a matter of code and software. Use the right products and keep them up to date, and you can call yourself ‘secure’. But in reality, the greatest threat to security often comes from lack of awareness, and poorly-trained staff are more of a liability than an out of date firewall. […]

The post Robert Schifreen on Security Awareness and Attitude appeared first on ITsecurity.



from Robert Schifreen on Security Awareness and Attitude

Case study: Lurk group’s Angler exploit

At the beginning of the summer, Kaspersky Lab assisted in the arrest of suspects that were part of the Lurk gang, which allegedly stole more than 45 million dollars from a number of companies and banks in Russia. It was the largest financial cybercrime group to be caught in recent years. However, this wasn’t the only cybercriminal activity Lurk group has been involved in. According to analysis of the IT infrastructure behind the Lurk malware, its operators were developing and renting their exploit kit out to other cybercriminals. Their Angler exploit kit is a set of malicious programs capable of exploiting vulnerabilities in widespread software and silently installing additional malware on PCs.

For years, the Angler exploit kit was one of the most powerful tools on the underground available for hackers. Angler activity dates back to late 2013, when the kit became available for hire. Multiple cybecriminal groups involved in propagating different kinds of malware used it: from adware to banking malware and ransomware. In particular, this exploit kit was actively used by the group behind CryptXXX ransomware – one of the most active and dangerous ransomware threats online, TeslaCrypt and others. Angler was also used to propagate the Neverquest banking trojan, which was built to attack nearly 100 different banks. The operations of Angler were disrupted right after the arrest of the Lurk group.

As research conducted by Kaspersky Lab security experts has shown, the Angler exploit kit was originally created for a single purpose: to provide the Lurk group with a reliable and efficient delivery channel, allowing their banking malware to target PCs. Being a very closed group, Lurk tried to accumulate control over their crucial infrastructure instead of out-sourcing some parts of it as other groups do. However, in 2013, things changed for the gang, and they opened access to the kit to all who were willing to pay.

“We suggest that the Lurk gang’s decision to open access to Angler was partly provoked by necessity to pay bills. By the time they opened Angler for rent, the profitability of their main “business” – cyber-robbing organisations – was decreasing due to a set of security measures implemented by remote banking system software developers. These made the process of theft much harder for these hackers. However, by that time Lurk had a huge network infrastructure and a large number of “staff” – and everything had to be paid for. They therefore decided to expand their business, and they succeeded to a certain degree. While the Lurk banking trojan only posed a threat to Russian organisations, Angler has been used in attacks against users worldwide”, explained Ruslan Stoyanov, Head of Computer incident investigations department.

The Angler exploit kit – its development and support – wasn’t the only Lurk group side activity. Over more than a five year period, the group moved from creating very powerful malware for automated money theft with Remote Banking Services software, to sophisticated theft schemes involving SIM-card swap fraud and hacking specialists familiar with the inside infrastructure of banks.

All Lurk group actions during this time were monitored and documented by Kaspersky Lab security experts.

The post Case study: Lurk group’s Angler exploit appeared first on IT SECURITY GURU.



from Case study: Lurk group’s Angler exploit

Growth In Cybercrime And Uptake Of Encryption Services May Save Blackberry

The increase in cybercrime, a growing global phenomenon, is likely to drive an increase in the use of complicated mathematical algorithms to encrypt sensitive data. And that may just about save the Blackberry name from being consigned to the history books.

That’s the view of Geoff Green, president and chief executive officer of Myntex Inc. Green says: “The rapid adoption of digital technology and the scale of cybercrime globally represent significant challenges not only to law enforcement agencies but to each and every one of us that increasingly relies on IT and especially mobile communications to live and do business. Each year, about 556 million people fall victim to online fraud. More than 230 million identities are exposed and victims lose around €290 billion as a result of online criminality, making cybercrime more profitable than the global trade in cocaine, heroin and marijuana combined.

“For years, one of the most effective weapons in the battle against cybercriminals has been the Blackberry. Widely regarded as the most secure smartphone on the market and the mainstay of encrypted communications for governments and large corporates, sales of the devices have declined dramatically over the last few years but last month’s announcements by chief executive John Chen have given those of us at the forefront of this battle renewed hope.”

In July, Chen launched Blackberry’s first touchscreen-only Android handset, in a bid to diversify its range of devices and turn round performance of the firm’s hardware division. The Dtek50 smartphone offers improved security over rival Android devices – incorporating unique internal hardware, with chips protected by cryptographic keys to prevent tampering and thwart hackers – and will cost less than the firm’s previous handset. He also promised more to come with a further new phone to be unveiled before March 2017.

Earlier in July, Chen had revealed that although quarterly Blackberry sales were only around the 500,000 mark, claims that he is presiding over a dying company were well wide of the mark.

Fundamentally its security-focused software business is good and, financially, the quarterly results were up 21 per cent when compared to the same period last year.

“And that’s good”, says Green, adding: “because business owners and individuals everywhere are going to have to think more and more closely about how important privacy is to them and how they are going to ensure their digital privacy is maintained going forward as the frequency and sophistication of cybercrime increases.”

The scale of cybercrime in Europe is particularly worrying. Its residents and businesses provide attractive targets because, compared to a lot of the world, the Internet infrastructure is advanced and economies and payment systems are increasingly Internet-based. In July, in the UK, the Office for National Statistics revealed that almost six million cybercrimes were committed last year. That’s as much as every other type of crime committed in England and Wales combined. 

Again in the UK, research shows that 74 per cent of small businesses suffered some form of data breach in 2015 and that the average financial impact on a business doubled between 2014 and 2015. And, across the wider European continent, individual nations reported an average increase of 30 per cent in the number of cybercrime cases being reported, which many believe poses a significant threat to the internal market, economy and security of the European Union.

Green continues: “European firms, in particular, lag behind when it comes to implementing the highest cyber security standards. We see an alarming level of complacency, especially among smaller businesses, who falsely believe that cybercrime is an issue only larger corporations have to deal with. But the issue of cybersecurity for small businesses is made even more pressing by proposed new European regulations aimed at protecting customer data.”   

The EU’s new General Data Protection Regulation will come into force in 2018 and could result in companies being fined up to €20m or 4% of their annual turnover, whichever is greater, for allowing any security breaches to compromise customer data. We’ve all seen the headlines involving hackers or coordinated groups of activists leaking or stealing customers’ personal details or other sensitive corporate information, not only causing financial losses but huge reputational damage for the businesses involved.

According to Green: “Smaller businesses face a disproportionate risk when it comes to falling prey to cybercriminals. Many are so focused on conducting or growing their business day to day, they have neither the time nor the dedicated in-house expertise to concentrate on the issue.” 

“Add to that the increasing adoption of smartphones and tablets, mobile and cloud computing, the flexibility now given to many workforces to work remotely – often using public wifi zones – and the fact that small businesses are often attacked because they provide a less challenging gateway into bigger firms’ systems elsewhere along the supply chain and the scale of the problem is clear.”

So instead of continually playing catch up with the latest hardware and software trends or newest threats and fixes, what can business owners do to get on the front foot when it comes to choosing, managing and updating the best technology and associated security systems for their operation?

“For a start, they should stop thinking that size has anything to do with the likelihood of an attack,” asserts Green. “It’s not always about size or money, rather it’s often about what industry you are in, what you do, who you are connected to and what data you hold as well as cyber espionage.

“In business, the first step in bolstering your cyber resilience has to be a proper audit so that you know where your potential vulnerabilities lie – what sensitive information do you use, for what tasks? Who has access to it; where is it stored and what are your procedures for remote working and password protection? You need to assess what would be compromised if your data is stolen, paying particular attention to high value items like contract terms, financial and tax records, personnel and customer records. Having nothing to hide is not the same as having nothing to lose.

“People are wising up to increasingly professional looking phishing scams where pop ups on websites or emails in inboxes ask for sensitive information that criminals can use for financial gain, identity theft or the introduction of malware and malicious lines of code. But how many people consider the impact of their everyday online communications with people being intercepted? 

“Many smaller businesses are starting to appreciate the potential severity of cyber-attacks turning to proper password management, secure payment processing systems, automatic back-ups, antivirus packages and off the shelf security software for help. But encryption, a particularly powerful tool in the fight against cybercrime, where Blackberry may have a renewed role to play, is yet to generate as much momentum as you might have thought.   

Green continues: “Myntex implements PGP for BlackBerry according to the highest cryptographic standards using the most advanced mathematical processes available. As computing power increases, the algorithms for PGP’s key strength are increased to match so that your PGP solution remains secure well into the future. Since its invention in 1991, a tried and tested protocol for encrypting and authenticating data, PGP has become the de facto standard in email encryption and the mainstay of encryption technology for BlackBerrys.

“It works independently of other security software loaded onto or built into your smartphone and allows you to send email messages that only the intended recipient can read. Users can also authenticate their identity when sending secure messages, so the recipient can guarantee the message wasn’t sent by an imposter. 

“Standard email is a very insecure means of sending information. And wireless communication on a mobile device is even less secure. Messages aren’t difficult to intercept and aren’t encrypted by default. They’re sent as plain, readable text, and any third party determined enough to intercept them can read the message, clone the account, download the attached file or view the embedded photographs without the sender or recipient ever knowing. Postal mail is sent in envelopes, to protect it from prying eyes and prevent anyone from reading the content.  Essentially, our PGP solution, although infinitely more complex, serves exactly the same purpose as the envelope.

“Of course, it can’t prevent the most determined and expert of cybercriminals from intercepting an email message, but since messages are encrypted it can render the content unreadable and useless. Even for Myntex – there are no backdoors!”

Several popular online applications already utilise encryption for email messages, video-telephony and instant messaging, with WhatsApp recently announcing a major security upgrade to its network. Developers at major technology brands such as Facebook, Snapchat, Twitter and Google are all believed to be working on new encrypted email and instant messaging projects too.            

Green concludes: “We all communicate banking details, project updates, medical information, travel plans, tax codes, even gossip through emails, texts, instant messages and phone calls every day but few of us consider what would be compromised if that data was stolen, altered, diverted or exposed. With cybercrime now more profitable than the global trade in cocaine, heroin and marijuana combined, and more and more criminals exploiting the vulnerabilities of digital communications to commit a range of crimes, encrypted communications must play an increasingly important role in all of our lives in future. And that could well signal a renaissance for the trusted Blackberry brand.”

The post Growth In Cybercrime And Uptake Of Encryption Services May Save Blackberry appeared first on IT SECURITY GURU.



from Growth In Cybercrime And Uptake Of Encryption Services May Save Blackberry

Website Down? New FairWare Ransomware Could Be Responsible

Linux users are reporting a new ransomware called “FairWare” played a part in taking down their websites.

News of the ransomware first surfaced in a post on Bleeping Computer’s forums. According to the victim, attackers likely brute-forced or intercepted the password for their Linux machine. Once they acquired access, the baddies logged into the Linux servers for the website, deleted the web folder, and left a Pastebin message demanding a ransom payment of two Bitcoins for the return of the files.

View full story

ORIGINAL SOURCE: The State of Security

The post Website Down? New FairWare Ransomware Could Be Responsible appeared first on IT SECURITY GURU.



from Website Down? New FairWare Ransomware Could Be Responsible

Alex Jones’ Infowars Hacked; Thousands of Accounts Sold Online

Alex Jones, a hardcore Donald Trump supporter, radio show host, documentary filmmaker and conspiracy theorist had his site hacked by unknown attackers who stole login account credentials of tens of thousands of Prison Planet TV users.

View full story

ORIGINAL SOURCE: HackRead

The post Alex Jones’ Infowars Hacked; Thousands of Accounts Sold Online appeared first on IT SECURITY GURU.



from Alex Jones’ Infowars Hacked; Thousands of Accounts Sold Online

The Dropbox hack is real

Earlier today, Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked. Not just a little bit hacked and not in that “someone has cobbled together a list of credentials that work on Dropbox” hacked either, but proper hacked to the tune of 68 million records.

View full story

ORIGINAL SOURCE: Troy Hunt

The post The Dropbox hack is real appeared first on IT SECURITY GURU.



from The Dropbox hack is real

Exclusive: SWIFT discloses more cyber thefts, pressures banks on security

SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank.

 

View full story

ORIGINAL SOURCE: Reuters

The post Exclusive: SWIFT discloses more cyber thefts, pressures banks on security appeared first on IT SECURITY GURU.



from Exclusive: SWIFT discloses more cyber thefts, pressures banks on security

OneLogin breached, hacker finds cleartext credential notepads

Password attic OneLogin has been breached, and it’s bad, because the service that suffered the breach is one often used by people to store credentials like admin password and software keys.

View full story

ORIGINAL SOURCE: The Register

The post OneLogin breached, hacker finds cleartext credential notepads appeared first on IT SECURITY GURU.



from OneLogin breached, hacker finds cleartext credential notepads

What’s next for threat intelligence?

It seems that right now, everyone is talking about threat intelligence. Nearly every security vendor wants to get in on the action and the majority of security operations groups are either being told by their management to get on board with it, or they’ve attended various security conferences and realised they need to add threat intelligence into their security program.

That said, the questions most security operations groups always come back with, though, are: What should I get? How do I use it effectively and ultimately, how is it going to help me?

I’ve been in threat intelligence and security operations for most of my career; first with various military, government and intelligence organisations, then as a co-founder of iSIGHT Partners, and now with ThreatQuotient as VP of Strategy. I’ve worked with threat intelligence since before it was cool, helping numerous early adopters around the globe to understand what threat intelligence is and how to use it within their organisations.

In my experience, a threat intelligence platform that’s worth its salt has the potential to help organisations in three key areas, which are to communicate more effectively, focus resources more efficiently and manage risk more successfully. These are by no means the only areas of your security strategy that will feel the benefits, but here’s my quick take on why they are my top three:

Improve communication

At some stage, every CISO or SOC manager will be asked by management, concerned about the latest hack: What do you know about it? How does it affect us? What are we doing about it? A solid threat intelligence strategy provides you with a means of being proactive and ensuring that you’re on top of your cyber security, so that you’re in a position to answer these questions before they are even asked. Leaders also want a way to answer these questions in business terms and let management know what you are doing as a security operations group. Effective threat intelligence gives you the information you need to change the conversation from “we blocked a million events this month,” to “we stopped ransomware attacks which would have cost the company $2M.”

Focus resources

On a network, there are only three things security operators need to deal with; noise, nuisance and threats. You need to filter out the noise (blocking it at the perimeter or detecting it and automatically remediating), focus on threats (the real gotchas that can negatively impact shareholder value) and determine if a nuisance is actually noise or a threat and deal with it accordingly. An effective threat intelligence platform helps organise the threats and provide the information you need to isolate what really matters. It provides a means of automatically filtering the noise while also enabling threat intelligence enrichment through an analyst workbench to understand and address the nuisances. In short, a good threat intelligence platform lets you operationalise your approach to cyber security.

 Manage risk

Once you are using threat intelligence to improve communications and focus your resources, you can start diving into risk management. A threat intelligence platform lets you take a more strategic view of the business critical assets you need to protect, the threats that are targeting these assets and the ways in which they are going about it, and the countermeasures you have in place. From there, you can figure out your risk gap and turn that into a strategic discussion with the board about accepting, transferring or mitigating risk, and the investments required.

As VP of Strategy at ThreatQuotient, it’s my responsibility to ensure that our platform, ThreatQ, meets these requirements and helps organisations to strategically implement threat intelligence. Moving forward, I’m convinced that threat intelligence will be a deciding factor in the success of many cyber security strategies and it is vital that organisations are staying ahead of the curve by actively looking at how they improve communication, operationalise threat intelligence and manage risk. I therefore think we will be hearing a lot more about threat intel and seeing adoption accelerate over the coming few years.

For any security operations groups who are interested in finding out more about threat intel, I am speaking at NIAS’16, NATO’s annual cybersecurity conference on September 7th and 8th in Belgium.  I will be leading the plenary session, ‘Cyber Threat Intelligence: From Feeds to Action,’ as well as a workshop on intelligence-driven security operations programs and how these can become proactive, anticipatory and adaptive. To learn more about our work at ThreatQuotient, email sales@threatq.com.

The post What’s next for threat intelligence? appeared first on IT SECURITY GURU.



from What’s next for threat intelligence?

Can Security-as-a-Service help UK businesses plug the skills deficit?

Following reports of increasing digital talent shortages in the UK, Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender®, discusses why Security-as-a-Service could provide a short term fix.


Increased cloud adoption is forcing businesses to boost investment in their security operations, subsequently driving demand for skilled security professionals. That being said, the rapid adoption of cloud computing, IT infrastructure and security has left a knowledge gap in terms of the security expertise available to address the increasing needs of a business. To this end, companies not only require more skilled personnel, they also need more manpower in order to remain competitive and secure. This has created a rise in Security-as-a-Service (SaaS) technology and consultants.

Hiring an in-house security expert to combat the increasing levels of cloud adoption can often be problematic, as this means companies must invest a great deal in employee training. On the other hand, outsourcing security contractors is not usually something that large organisations do, preferring to utilise their own dedicated security teams that can monitor their critical infrastructures.
A security skills deficit – how will this affect the UK?

There have been numerous reports recently highlighting the UK talent shortage. IT decision makers are increasingly concerned that their departments lack the required skills to utilise current technology trends, such as the internet of things (IoT)[1]. Furthermore, although the number of students choosing to take computing A-levels increased by 16 per cent in the UK in 2016, the numbers sitting ICT A-levels fell[2]. The decreasing number of young people in the UK not taking ICT courses is of huge concern, as the most in demand jobs, such as IT security experts, rely on an early education in these skills.

A lack of security experts may bring forward a rise in SaaS, rather than full time employees. At Bitdefender, we also expect there to be a rise in recruiting security experts from other countries, along with increased spending on training current IT personnel on security matters. While this may not see immediate benefits, in the long term such investments will prove to have an increased return on investment (ROI). For companies that will be affected by security issues, it’s reasonable to expect the cost of insurance policies for data breaches to rise due to increased risk. 

The rise of the cloud – will a lack of security professionals hold adoption back?

More than a third of companies’ data resides in private clouds, and over a quarter is stored in public clouds. In terms of controlling and securing the data flow, network segregation and access, ensuring the security of these infrastructures can pose difficulties, even for experienced security professionals. While public cloud service providers may be responsible for securing their own infrastructure for compliance and regulatory purposes, securing the actual data that is in the cloud is the responsibility of the client.

Securing private clouds can also be a painful experience, and a hybrid alternative comes with other security implications that inexperienced or untrained IT departments may not be ready for. The lack of IT security professionals may affect companies trying to make the step towards a hybrid infrastructure.

In the short term, SaaS may result in a decreased need for security professionals. However, in the long-term, as companies grow and security incidents become ever-more frequent among companies utilising external security, the need for in-house security experts will become even more vital.

[1]http://ift.tt/2bl1RdW

[2]http://ift.tt/2bB5Xin

The post Can Security-as-a-Service help UK businesses plug the skills deficit? appeared first on IT SECURITY GURU.



from Can Security-as-a-Service help UK businesses plug the skills deficit?

Balancing security and convenience in online commerce

These days we are becoming increasingly reliant upon the internet, even for our day-to-day tasks. Checking our bank balance, paying a bill, shopping and socialising, are just some of the activities that we now do online.

The growth of our digital avatars, and the increasing number of tasks that we can do online, has been facilitated by the ease at which we can pay for services online. Online payment services have allowed many industries to thrive by monetising their online offerings.

The retail industry is just one of the industries that has been transformed by ecommerce, with approximately £114bn spent online in 2015. We have seen retailers, such as Amazon, flourish despite having an online only presence, overtaking their high-street rivals.

This has made things much easier for us, as we are able to do so much from wherever we are, as long as we have access to the internet. On the flip side, as so much of our daily tasks being carried out over the internet, a lot of our sensitive information is also being shared over the internet, including our personal details, financial data and even biometric identifiers.

However, recent data breaches at big organisations such as TalkTalk and the Office of Personnel Management in the US, raise concerns about the safety of this information.[1] [2]

A recent report by the Institute of Customer Service warned that consumers will become “driven by fear” of data breaches and other security issues.[3] UK Government statistics show that two-thirds of large UK businesses suffered cyber-attacks in the last year.[4] When these attacks happen, consumer details such as names, addresses and payment details are stolen and then sold on in the dark web.

The security of consumers is put at further risk by the compelling strategies in consumer convenience that have been adopted by many ecommerce companies.

Making an ecommerce payment has often been a ‘pain point’ for consumers, with complex payment processes often resulting in high levels of abandonment. To remedy this pain point, therefore reducing abandonment and increasing sales, ecommerce companies have simplified their payment processes, offering frictionless one-click payments. Amazon and Uber are two companies that have incorporated frictionless payments, and have reaped the rewards.

However, while this has improved the user experience for their consumers and resulted in additional revenue for them, it has also left their customers open to fraud. [5]

Given the increased amount of consumer information being accessed by fraudsters and criminals through data breaches, and the lax approach to security adopted by many companies, it is no surprise to see levels of fraud rising in the UK.

Recent figures show that the UK is leading Europe in card fraud, contributing to 43% of the total card fraud losses.[6] Fraud losses in the UK have increased by 18% (£88.5m) in 2015 to £492m, with ecommerce fraud accounting for £42.4m of that increase.[7]

While Chip & PIN prevents most instances of card-present fraud, currently there are there are minimal levels of security that protect against card-not-present fraud, which are the biggest issue.

Solutions such as 3DSecure are easily bypassed using only the information found on the card. The increased prevalence of one-click payments has even reduced this security even less.

Consumer facing businesses need to view security as an essential and inherent part of their products and services, rather than as a secondary consideration. Consumers themselves value security and earlier this year, we released a report that which showed that consumers are prepared to go through certain authentication processes to make the transaction more secure.

85% of consumers surveyed said they would like to be notified, by text, of a high value transaction they had carried out and then authorise it by entering their PIN[8]. In addition, 90% of online shoppers they would use PIN to authorise payment via mobile. [9]

Balancing security and convenience is a difficult task. However, that does not mean security should be compromised. To fight fraud, the industry needs to work together, with all of the entities involved in the process needing to play a part. It needs to be a collaborative effort.

The Fintech industry will play a big part in this, creating security and authentication solutions that can easily integrate with existing infrastructure, to make for a more secure payments environment.

 

About MYPINPAD

MYPINPAD is an enabler of multi-factor authentication for touchscreen devices such as mobile phones and tablets. MYPINPAD provides a modular PaaS or customer hosted platform that delivers security with familiar and friendly user authentication interfaces, including cardholder PIN. MYPINPAD operates throughout Europe and Asia. With simple integration in to modern and legacy payment systems the Company enables acquirers, issuers, card schemes, merchants and PSPs around the world to better manage risk and fraud.

[1] http://ift.tt/1UUZxNk

[2] http://ift.tt/1LwCkMM

[3] The Grocer, 2016

[4] Department for Culture, Media and Sport, 2016

[5] The Times, ‘Amazon is failing us over fraud’ , The Uber scammers who take users for a (very expensive) ride

[6] UK leads Europe in card fraud

[7] UK leads Europe in card fraud

[8] MYPINPAD, From Brick to Click, 2016

[9] MYPINPAD, From Brick to Click, 2016

The post Balancing security and convenience in online commerce appeared first on IT SECURITY GURU.



from Balancing security and convenience in online commerce

Monday, 29 August 2016

How To Become The Top Entry Level Candidate That Gets Noticed By HR

Entry level cybersecurity jobs

Get accepted for entry level cybersecurity jobs

Cyber security is quickly becoming one of the fastest growing jobs sector in the world with some of the job positions being the top most sought out for. So if you are already trying your luck at getting into cybersecurity, you are in a great position to land a job. However, some of these positions require you to be highly qualified in terms of technical skills and knowledge, which means you will have to go through extensive schooling, earning multiple certifications and getting years of on hands experience in cybersecurity.

We have compiled a list of important ‘To-Dos’ for anyone who is looking to enter cybersecurity through an entry level position. If you are that person, read on.

Entry Level Positions – How To Secure Them

A lot of new job seekers tend to fail miserably at job hunting because they are not prepared enough. Cybersecurity is a competitive field where candidates are experienced and have tons of knowledge and technical skills. As a new comer, you have probably spent months trying to search for the right job and almost always failed to gain it.

Fortunately for you, there are about 1 million openings still waiting to be filled in the cybersecurity sector alone. As cybercrime is becoming more and more powerful force to reckon with, companies and governments require more and more professionals to deal with it.

So even though there is no shortage of jobs in the cybersecurity sector, you may still face a lot of hurdles due to inexperience and lack of knowledge. Following are the challenges most newcomers face:

  • Lack of knowledge
  • Lack of practical skills
  • Lack of professional certifications
  • Incomplete education

If you lack any of the above necessary skills or knowledge, you will be overshadowed by thousands of other entry level candidates. In order to improve your chances, follow the advice below:

Focus on something – The best way to land a job in cybersecurity is to choose a field and then religiously gain knowledge and technical skills needed to excel in it. For example, if you have chosen to become an intrusion detector, learn about it, get professional certifications and volunteer with companies.

Gain Knowledge – There is no shortage of cybersecurity degrees, online courses and other resources which gives you plenty of knowledge regarding just about any field in cybersecurity. Never stop learning more about the field. Gain additional skills, learn new technologies, attend conferences, discuss new threats in forums and talk to senior level cybersecurity professionals wherever you can find them.

Grow your network – For any job, growing your network means more connections. When more people find out about you, and if they think you are useful, you will be surprised how many employers will be interested in acquiring you. Employers tend to hire people if they are referenced by someone who is already in the cybersecurity field. So befriend people who are already working in companies and watch the offers flow in your email.

 

The post How To Become The Top Entry Level Candidate That Gets Noticed By HR appeared first on Cyber Security Portal.



from Annadiane Annadiane – Cyber Security Portal http://ift.tt/2bUWc1e

Saturday, 27 August 2016

The end of humanity? – IP EXPO Europe 2016 to provide platform for AI debate

IP EXPO Europe, Europe’s number one enterprise IT event, has today announced the addition of several influential industry speakers to this year’s keynote and seminar programme. Attendees will have the opportunity to hear how key IT issues are affecting businesses and humanity alike, from Author & Founding Director of Oxford University’s Future of Humanity Institute: Nick Bostrom; the ‘Father of Java’: James Gosling; the creator of the ‘MySpace worm’ and now an Independent Security Researcher: Samy Kamkar; and Independent Cyber Security Consultant Dr Jessica Barker.

These additions to the 2016 IP EXPO Europe program are the latest in a list which already includes some of the world’s most renowned technology innovators, from the likes of HPE, Microsoft, and Amazon Web Services.

With his work influencing the likes of Bill Gates, Professor Stephen Hawking, and Elon Musk, keynote speaker Nick Bostrom, Author & Founding Director of Oxford University’s Future of Humanity Institute, is one of the world’s foremost authorities on Artificial Intelligence (AI). Opening Day One at this year’s IP EXPO Europe, Bostrom will be discussing the impact that AI and intelligent machines will have on business and society, and sets out to answer the question: ‘Will AI bring about the end of humanity?’

The ‘Father of Java’ and legendary computer programmer James Gosling will be opening Day Two of IP EXPO Europe. Gosling will be taking to the stage to give attendees a look into the creation of Java and to discuss the intersection of cloud computing and the world of remote digital communications, IoT and robotics.

Hacking attacks have been a threat since the dawn of the Internet, and whilst cyber security technologies continue to become more sophisticated, a new field of exciting research is taking place that uses side channels, physics, and low-cost tools to employ powerful defences and counter-attacks against modern cyber attacks. Independent Security Researcher, Samy Kamkar, best known for creating the fastest spreading virus of all time – The MySpace Worm – is often cited by the NSA and is joining this year’s IP EXPO Europe keynote programme to showcase some of the secretive and fascinating, hacking methods.

With a background in sociology and civic design, Dr Jessica Barker specialises in the human side of cyber security and works to encourage more young people into cyber security careers. Often called in to advise FTSE 100 companies and central Government on how they can keep their information safe, during her keynote at IP EXPO Europe Dr Barker will be addressing why humans are in fact the weakest link in the security chain. Barker will discuss how hackers are increasingly using social engineering tactics, and how to transform user behaviour both in and out of the workplace to make the online world more secure.

Bradley Maule-ffinch, Director of Strategy for IP EXPO Europe, commented: “This year’s IP EXPO Europe is set to be the biggest and best yet. With AI, Cyber Security, and STEM key areas of industry discussion, it’s fantastic to have experts in these areas joining us to help further these debates and come up with solutions. We hope that this year’s keynote and seminar programme enables attendees to take away ideas of things they can do in their own businesses, whether that be implementing a new cyber security policy, looking at future-proofing the technology industry, or getting a better understanding of how to use technology to transform their business. No doubt all of our speakers will be leaving people inspired to think differently about their technology implementations.”

A collaboration between IP EXPO Europe and Hewlett Packard Enterprise (HPE) for this year’s show will also see a special series of seminars hosted across the two day show. Featuring key industry visionaries, these seminars will focus on future technologies and how STEM skills can be better supported.

To register for IP EXPO Europe 2016 for free please visit www.ipexpoeurope.com where you can also find additional information about this year’s keynote and seminar sessions, including speaking times. Find us on Twitter and join the discussion using #IPEXPO.

The post The end of humanity? – IP EXPO Europe 2016 to provide platform for AI debate appeared first on IT SECURITY GURU.



from The end of humanity? – IP EXPO Europe 2016 to provide platform for AI debate

Friday, 26 August 2016

How To Become The Top Entry Level Candidate That Gets Noticed By HR

Entry level cybersecurity jobs

Get accepted for entry level cybersecurity jobs

Cyber security is quickly becoming one of the fastest growing jobs sector in the world with some of the job positions being the top most sought out for. So if you are already trying your luck at getting into cybersecurity, you are in a great position to land a job. However, some of these positions require you to be highly qualified in terms of technical skills and knowledge, which means you will have to go through extensive schooling, earning multiple certifications and getting years of on hands experience in cybersecurity.

We have compiled a list of important ‘To-Dos’ for anyone who is looking to enter cybersecurity through an entry level position. If you are that person, read on.

Entry Level Positions – How To Secure Them

A lot of new job seekers tend to fail miserably at job hunting because they are not prepared enough. Cybersecurity is a competitive field where candidates are experienced and have tons of knowledge and technical skills. As a new comer, you have probably spent months trying to search for the right job and almost always failed to gain it.

Fortunately for you, there are about 1 million openings still waiting to be filled in the cybersecurity sector alone. As cybercrime is becoming more and more powerful force to reckon with, companies and governments require more and more professionals to deal with it.

So even though there is no shortage of jobs in the cybersecurity sector, you may still face a lot of hurdles due to inexperience and lack of knowledge. Following are the challenges most newcomers face:

  • Lack of knowledge
  • Lack of practical skills
  • Lack of professional certifications
  • Incomplete education

If you lack any of the above necessary skills or knowledge, you will be overshadowed by thousands of other entry level candidates. In order to improve your chances, follow the advice below:

Focus on something – The best way to land a job in cybersecurity is to choose a field and then religiously gain knowledge and technical skills needed to excel in it. For example, if you have chosen to become an intrusion detector, learn about it, get professional certifications and volunteer with companies.

Gain Knowledge – There is no shortage of cybersecurity degrees, online courses and other resources which gives you plenty of knowledge regarding just about any field in cybersecurity. Never stop learning more about the field. Gain additional skills, learn new technologies, attend conferences, discuss new threats in forums and talk to senior level cybersecurity professionals wherever you can find them.

Grow your network – For any job, growing your network means more connections. When more people find out about you, and if they think you are useful, you will be surprised how many employers will be interested in acquiring you. Employers tend to hire people if they are referenced by someone who is already in the cybersecurity field. So befriend people who are already working in companies and watch the offers flow in your email.

 

The post How To Become The Top Entry Level Candidate That Gets Noticed By HR appeared first on Cyber Security Portal.



from Annadiane Annadiane – Cyber Security Portal http://ift.tt/2bW94RC

Hundreds of thousands of UK students secure their university and college places with a little help from the cloud

For students and parents all over the UK, A-level results day is one of the most important moments in the calendar year. This year on A level results morning, 424,000 students were placed in UK higher education, it’s therefore vital that technology plays its part at a time which is already stressful for a lot of young people.

The number of people accessing the system in a short period of time is very high and the UCAS website sees a huge spike in usage. At 08:00, when the systems went live on Thursday 18th August, Track, one of UCAS’ crucial online systems received 276 logins per second with students logging on as early as possible to find out if they had been accepted onto their chosen course, and in total Track handled in excess of 1.4 million logins during that day. Last year, UCAS supported more than 700,000 people with their applications to universities and colleges in the UK.

To meet this demand, UCAS uses the Amazon Web Services (AWS) cloud platform. This provides resilience and support to students during this heavy usage period. A-level results day is a perfect example of where cloud technology delivers exceptional benefits, enabling UCAS to scale up for the single day where incredibly high numbers of users need their service. This is also especially cost effective as it eliminates the need to have expensive hardware under-utilized through periods of less intense activity. UCAS has also turned to AWS Cloud technology for a large proportion of its critical back-end infrastructure.

Fatuma Mahad, Director of Technology and Operations at UCAS said “Hundreds of thousands of students and hundreds of universities and colleges from across the UK rely on our services to make A-level results day a success. This is why we’re continuing to invest in our online systems, to ensure UCAS delivers the best possible service to all of its customers. A high level of service is expected from us, and cloud computing is a technology that’s proven to work and that we rely on.”

In order to ensure that the admissions service runs as smoothly as possible for customers, the organisation is utilising AWS’s European Region in Dublin and is taking advantage of Amazon EC2, Amazon S3, Amazon EBS, Elastic Load Balancing, Amazon Virtual Private Cloud, AWS CloudFormation, Amazon CloudSearch, Amazon Elasticsearch Service, AWS CloudTrail, Amazon CloudWatch, AWS Key Management Service, Amazon Simple Queue Service, Auto Scaling and Amazon Relational Database Service.

The post Hundreds of thousands of UK students secure their university and college places with a little help from the cloud appeared first on IT SECURITY GURU.



from Hundreds of thousands of UK students secure their university and college places with a little help from the cloud

Could You Make A Billion Dollars With Ransomware?

Bitcoin has not only changed the economics of cybercrime by providing crooks with an encrypted, nearly anonymous payment system autonomous from any central bank. It’s also changed researchers’ ability to track how much money criminals are making.

“Bitcoin is based on Blockchain, and Blockchain is a public ledger of transactions. So all Bitcoin transactions are public,” explains Mikko Hypponen, F-Secure’s Chief Research Officer. “Now, you don’t know who is who. But we can see money moving around, and we can see the amounts.”

Every victim of Ransomware — malware that encrypts files and demands a payment for their release — is given a unique wallet to transfer money into. Once paid, some ransomware gangs move the bitcoins to a central wallet.

“We’ve been monitoring some of those wallets,” Mikko says. “And we see Bitcoins worth millions and millions. We see a lot of money.”

Watching crooks rake in so much money, tax-free, got him thinking: “I began to wonder if there are in fact cybercrime unicorns.”

cybercrime unicorn?

A tech unicorn is a privately held tech company valued at more than a billion dollars. Think Uber, AirBNB or Spotify — only without the investors, the overhead and oversight. (Though the scam is so profitable that some gangs actually have customer service operations that could rival a small startup.)

“Can we use this comparison model to cybercrime gangs?” Mikko asks. “We probably can’t.”

It’s simply too hard to cash out.

Investors in Uber have people literally begging to buy their stakes in the company. Ransomware gangs, however, have to continually imagine ways to turn their Bitcoin into currency.

“They buy prepaid cards and then they sell these cards on Ebay and Craigslist,” he says. “A lot of those gangs also use online casinos to launder the money.”

But even that’s not so easy, even if the goal is to sit down at a online table and attempt to lose all your money to another member of your gang.

“If you lose large amounts of money you will get banned. So the gangs started using bots that played realistically and still lose – but not as obviously.”

Law enforcement is well aware of extremely alluring economics of this threat. In 2015, the FBI’s Internet Crime Complaint Center received “2,453 complaints identified as Ransomware with losses of over $1.6 million.”

In 2016, hardly has a month gone by without a high-profile case like Hollywood Presbyterian Medical Center paying 40 Bitcoin, about $17,000 USD at the time, to recover its files. And these are just the cases we’re hearing about.

The scam is so effective that it seemed that the FBI was recommending that victims actually pay the ransom. But it turned out their answer was actually more nuanced.

“The official answer is the FBI does not advise on whether or not people should pay,” Sean Sullivan, F-Secure Security Advisor, writes. “But if victims haven’t taken precautions… then paying is the only remaining alternative to recover files.”

What sort of precautions? For Mikko, the answer obvious.

“Backups. If you get hit you restore yesterday’s backup and carry on working. It could be more cumbersome if it’s not just one workstation, if your whole network gets hit. But of course you should always have good, up to date, offline backups. And ‘offline’ is the key!”

What’s also obvious is that too few people are prepared when Ransomware hits.

Barring any disruptions to the Bitcoin market, F-Secure Labs predicts this threat will likely persist, with even more targeted efforts designed to elicit even greater sums.

If you end up in an unfortunate situation when your files are held hostage, remember that you’re dealing with someone who thinks of cybercrime as a business.

So you can always try to negotiate. What else do you have to lose?

The post Could You Make A Billion Dollars With Ransomware? appeared first on IT SECURITY GURU.



from Could You Make A Billion Dollars With Ransomware?

Top Ransomware Families Making Their Way Through APAC Region

SecureWorks® Counter Threat Unit (CTU)® researchers have tracked the spread of several notorious ransomware families to the Asia-Pacific region, underscoring efforts by some attackers to localise their tools to target multiple geographies.

According to the CTU, the current top four ransomware families – Locky, Cerber, CryptXXX and TorrentLocker – are targeting computer users in Japan with localized versions of their threats. In addition, the threat actors behind CryptXXX have developed a localized version for South Korea as well.

“Unlike other types of malware that are mostly designed to compromise the system covertly, ransomware requires end-user interaction to achieve its goal – collecting ransom,” explained SecureWorks researcher You Nakatsuru. “This makes localizing the threat particularly useful to attackers.”

Localisation can take one or all of the following forms: attackers can write ransomware messages in the local language; strategically compromise local websites; deliver the ransomware via spam campaigns in the local language; or provide payment instruments using local bitcoin wallet and exchange market lists.

In Japan in particular, SecureWorks has noted a spike in ransomware infections starting in 2015. Before that, ransomware infections were not that common in the region because ransomware was primarily delivered via spam emails written in English. As a result, Japan-based computer users tended not to fall prey to the malicious emails. However, since 2015 there has been an uptick in ransomware in the area being distributed using exploit kits, and ransomware authors have started developing multi-language ransomware such as Locky.

The effort by cyber attackers to localise their weapons highlights the importance of information sharing and situational awareness, as a threat in one geographical region can soon become a threat in another.  Below is a chart of when several ransomware families were initially spotted in the region by members of the security community. The dates noted in the table below are the first reported dates from each Asia-Pacific country’s national Computer Security Incident Response Team.

Untitled

Table 1. Initial ransomware incident reported in each geographical area

HK – Hong Kong, China

MY – Malaysia

JP – Japan

KR – Republic of Korea (S. Korea)

TW – Chinese Taipei (Taiwan)

MO – Macao

*pink cells with (localized) included are the dates on which a localised version variant were discovered. The exact Japan discovery date for Cerber is unknown, aside from it being discovered in March.

CTU researchers discovered that the Locky ransomware was being used by threat actors to target computer users in Asia-Pacific during Q12016, the very same time the ransomware was being used to infect victims in North America and EMEA, indicating that the threat actors were targeting multiple countries during the same timeframe.

Localisation can happen at different paces. For example, despite the English version of CryptXXX being reported in the region in April 2016, a localized version of the ransomware was not reported in Japan and South Korea until May 2016.

In contrast, the CTU team noted that it took nearly a year and a half for a localized version of CryptoLocker to be identified in South Korea after the English version was reported in Hong Kong. This localised version is believed to be the work of a different group. However, in the case of CryptXXX, CTU suspects that the localised variant that appeared in May is the work of the same threat actors using CryptXXX elsewhere in the region.

Any time gap between the discovery of threats in different regions offers an opportunity for other areas to proactively protect themselves against attacks. While “local” malware variants may use different infrastructures and network indicators, such as IPs and domains, countermeasures designed to detect/filter ransomware command and control (C2) packets will be still effective unless significant change in C2 protocol occurs.

Additional research findings

  • “SecureWorks CTU has observed over four dozen distinct families of ransomware emerge since the beginning of 2015. The most prolific families can each be responsible for millions of spam emails, hundreds of thousands of infected systems, and millions of dollars in ransom payments. Generally , 0.25% to 3.0% of victims elect to pay a ransom to the attackers holding their data hostage. We ascertain the largest operations are making several million dollars per year and the annual losses from all ransomware families combined exceed $10 million annually. The cost of business disruption, lost data, and infection remediation due to ransomware likely extends into the hundreds of millions of dollars annually,” said Keith Jarvis, senior security researcher for SecureWorks’ Counter Threat Unit research team. Jarvis explains, “meaning attackers need to destroy data on anywhere from 30 to 400 computers for every victim who relents and pays the ransom.”

The top four ransomware families of August 2016 are:

  • Locky—it is run by one single group who in turn utilizes two main affiliate groups to seed out the ransomware
  • Cerber—The CTU saw Cerber emerge in February 2016, and the hackers who were using CryptoWall switch over to Cerber
  • CryptXXX
  • TorrentLocker—it is the elder statesman of the ransomware ecosystem and is run by a single hacker group.

The top ransomware families are being spread via malicious spam and exploit kits.

SecureWorks CTU researches saw high volumes of CryptXxx a commodity ransomware during June, 2016.  CTU researchers observed ransom demands of 0.7, 1.2, or 2.4 BTC, with most victims receiving a demand for 1.2 BTC. CTU analysis revealed at least 69 victims who paid ransoms totaling more than 85.6 BTC (approximately $53,500) from June 6 to July 7, 2016.

In the first part of 2016, SecureWorks Security and Risk Consulting Team (SRC) and CTU Team saw the following APT-Style Ransomware Cases:

Case Study 1

A U.S. based technology company had 30% of their systems, within their network compromised, with the samsam ransomware. The initial intrusion started two months before the ransomware was deployed. The initial ransom demand, made by the attackers, was for 1.5 bitcoins per system or 22 bitcoins for all systems compromised within the network.

Case Study 2

A U.S. based manufacturing company was a victim of ransomware, and the initial access vector used to launch the ransomware was first compromised in 2013. The ransom demanded was again 1.5 bitcoins per system or 22 bitcoins for all systems.

Case Study 3

A transportation company had numerous systems compromised with samsam ransomware. The activity was uncovered when system administrators started losing their ability to remotely administer key servers in the network. The ransom demanded was 1 bitcoin per system.   

Aspects of Tactics/Tools/Vulnerabilities Used in Ransomware Incidents, as monitored by Dell SecureWorks Incident Response Team and Special Ops CTU Team

  • Infections are not occurring as a result of phishing, such as with Locky
  • Access is being gained through vulnerabilities to older, unpatched, unmanaged, externally-facing applications (web, CMS, etc., eg: JBoss)
  • Most of the work is done using widely available tools, as well as basic batch files and .vbs scripts (which tend to be left behind)
  • The adversary obtains credentials, and then begins reconnaissance activities to identify systems
  • Once credentials have been obtained (such as domain admin credentials), there is no need to look for “vulnerable” systems, because they are all vulnerable
  • Reconnaissance is “noisy”; an external tool is downloaded, installed, and run
  • The time between initial compromise to reconnaissance to pushing out ransomware varies, but in the cases we’ve seen, it’s several months
  • This means that with proper instrumentation and monitoring, this illicit activity could have been caught early, and the ransom obviated
  • The ransom notification included in the infection states 1.5 bitcoin to decrypt a single system, or 22 bitcoin to decrypt all systems
  • The CTU worked one ransomware incident where, after the victim initiated communication with the adversary, the ransom demanded was raised to 40 bitcoins for all systems, as opposed to 22 bitcoins.

 

The post Top Ransomware Families Making Their Way Through APAC Region appeared first on IT SECURITY GURU.



from Top Ransomware Families Making Their Way Through APAC Region

HP laptop blocks over-shoulder snooping

Computer firm HP has developed two new laptops that feature an optional privacy mode, which obscures the screen unless viewed face-on. The technology, called Sure View, darkens the picture by “up to 95%” when observed from wide angles. HP said the laptop can ensure privacy when used in public spaces.

View full story

ORIGINAL SOURCE: BBC

The post HP laptop blocks over-shoulder snooping appeared first on IT SECURITY GURU.



from HP laptop blocks over-shoulder snooping

Mobile Bank Heist: Hackers Target Your Phone

Cyberthieves have a new way to hack into consumer bank accounts: mobile phones. Malicious software programs with names like Acecard and GM Bot are gaining popularity around the world as criminals look for new and lucrative ways to attack the financial-services industry. Cyberthieves are using such so-called malware to steal banking credentials from unsuspecting consumers when they log onto their bank accounts via their mobile phones, according to law-enforcement officials and cybersecurity specialists.

View full story

ORIGINAL SOURCE: Wall Street Journal

The post Mobile Bank Heist: Hackers Target Your Phone appeared first on IT SECURITY GURU.



from Mobile Bank Heist: Hackers Target Your Phone

Firms Could Target WhatsApp Users After Privacy Policy Change

Businesses could soon be able to target WhatsApp users following changes to the messaging app’s privacy policy. With a renewed focus on revenue, it’s the first time the app has changed its policy since it was acquired by Facebook for $21.8bn two years ago. The updated terms will grant the social network access to users’ phone numbers and analytics data, facilitating better tailored ads on its core platform.

View full story

ORIGINAL SOURCE: Huffington Post

The post Firms Could Target WhatsApp Users After Privacy Policy Change appeared first on IT SECURITY GURU.



from Firms Could Target WhatsApp Users After Privacy Policy Change

Apple tackles iPhone one-tap spyware flaws

Flaws in Apple’s iOS operating system have been discovered that made it possible to install spyware on a target’s device merely by getting them to click on a link. The discovery was made after a human rights lawyer alerted security researchers to unsolicited text messages he had received.

View full story

ORIGINAL SOURCE: BBC

The post Apple tackles iPhone one-tap spyware flaws appeared first on IT SECURITY GURU.



from Apple tackles iPhone one-tap spyware flaws

A quarter of banks’ data breaches are down to lost phones and laptops

One in four breaches (25.3 per cent) in the US financial services sector over recent years were due to lost or stolen devices, according to a new study. Cloud security firm Bitglass further reports that one in five recorded breaches over the last 10 years were the result of hacking. More than 60 financial sector organisations suffered recurring breaches in the last decade, including most major banks.

View full story

ORIGINAL SOURCE: BBC

The post A quarter of banks’ data breaches are down to lost phones and laptops appeared first on IT SECURITY GURU.



from A quarter of banks’ data breaches are down to lost phones and laptops

Pokémon GO: A meme in the essential balance of work and play

Pokémon GO is this summer’s craze, with the latest figures showing that 7.5 million people have downloaded it. And along with Rattata and Pidgey, people have also been discovering a number of personal risks while playing – notably, falling off cliffs or even wandering in front of traffic. But what about business risks?  If an employee uses their personal phone (even if they don’t play Pokémon GO) for work e-mail (e.g. BYOD) are they unknowingly introducing risk to their employer?  Even worse, are they risks that the business isn’t aware of or prepared to handle?

There is a clear risk involved with BYOD, but beyond malicious apps, there are subtler risks at play here.  In order to play Pokémon GO, you agree to allow Niantic to track your location, access your camera and “certain personal information (such as your email address) that your privacy settings on the applicable account permit us to access.”1   Even more concerning are other parts of the Pokémon GO ‘Terms of Service’ that you must agree to in order to play the game.

In particular, the statement “By making any User Content available through the Services, you grant to Niantic a nonexclusive, perpetual, irrevocable, transferable, sub licensable, worldwide, royalty-free license to use, copy, modify, create derivative works based upon, publicly display, publicly perform, and distribute your User Content…”2 I’m no lawyer, but those are terms that seem out of place on a device with proprietary business information and sensitive customer content.  But we can segment the corporate data from game data, right?  Well, on an IOS device I’d be inclined to agree as Apple’s sandboxing is solid.  But what if your employee, intentionally or otherwise, uses their Gmail account for work e-mail?  What if the employee uses the same password for their Gmail or Facebook account as Active Directory?  The easiest way to sign up for Pokémon GO is to use your Gmail account or Facebook account, and even if password re-use isn’t relevant, you’ve just provided your Facebook or Gmail account password to a gaming company.  Last I heard, gaming companies aren’t immune to compromise, which could put all kinds of personal and professional information at risk, particularly when Facebook accounts are threatened.

So let’s recap a bit. In order to play Pokémon GO, people need to:

  • Give up their Gmail or Facebook account password
  • Allow a gaming company to track their physical location at all times
  • Give access to their camera (as needed)

I can’t speak to the percentage of people who gave up their Facebook account password, but given the number of people playing the game, it has to be a pretty wide net.  In addition to not being a lawyer, I’m also not a conspiracy theorist, but that sounds like pretty juicy information for someone to use (be it for good or evil).  Being paranoid, I’m going to assume the latter.

Given all that, what are the clear risks to businesses?  I’d say the primary risk is password re-use.  While we can assume that Niantic doesn’t plan to exploit Gmail and Facebook account credentials, we *can* assume that they will be targeted by malicious actors who do plan to exploit said credentials.  If someone were to compromise customer Personally Identifiable Information (PII) from Niantic, the amount of business-specific information harvested could be significant – particularly if there is a lag between the compromise, detecting the breach and public disclosure.  So, if your employees are using the same password for Gmail and/or Facebook as they are for Office 365, and Niantic gets hacked … well, you know the drill.

So what can businesses do? A lot of it has to do with solid policies and user education but technology is important too:

  • Invest in a solid security awareness program. Employees need to understand the risks inherent with mixing church (personal) and state (corporate) on the same device.
  • Write a security policy that resonates with your employees. Well written policies tend to be well read and adhered to, and poorly written policies tend to be poorly read.
  • Make sure every device that interacts with your network is secured.  While educating employees is essential, millennials are coming and they expect to be secure, everywhere, on any device and without impacting the user experience.
  • Ensure BYOD is a privilege, not a right.  There is skin in the game on both sides of the table and while the benefits are clear (e.g. companies save money, employees pick their own smartdevice) there are also responsibilities for both parties.

We need to make peace with the fact that we’re owned by every device we depend on and every app we can’t live without and that these devices are already a utility for work, health, and play.  Trying to force a single application to suit solely business interest will likely be counterproductive. Security professionals and business leaders should be looking for  technology solutions which will  support the user’s interests, as well as the business requirements.

The post Pokémon GO: A meme in the essential balance of work and play appeared first on IT SECURITY GURU.



from Pokémon GO: A meme in the essential balance of work and play

Automation requires humanity

Automation is becoming ubiquitous across most industries. In manufacturing, global sales of industrial robots are expected to almost double in volume by 2018, reaching 400,000 units[1]. In the home, revenue from the home automation segment is expected to hit over $6 million this year and show an annual growth rate of CAGR 28.19%[2].

One of the biggest areas for automation we have seen is in the automotive industry, with the appetite for fully autonomous, self-drive vehicles growing. Earlier this month, automotive giant Mercedes-Benz previewed the potential future of urban transportation by trialling its autonomous CityPilot bus in Amsterdam. This was in a move it claimed would make public transport operate “even more safely, efficiently, and comfortably”[3].

This claim of the safety benefits is maybe not as flippant as it first sounds. Science fiction films often feature a central computer that is a collective amalgamation of numerous thoughts. But there is no reason for it to remain fiction. An automated vehicle could be the safest on the road were it to tap into a collective driving experience. Think of how you yourself drive home from work, go through traffic lights and circumvent roundabouts. It is all done naturally through a built up knowledge from experience. Now, imagine that the experiences from all of the drivers in the UK are uploaded into one database and used to drive the automated cars of the future. The automated car would be a driver with millions of years’ experience.

This would be the ultimate in collective consciousness big data. Yet, as with big data in all its forms, the valuable information lying beneath needs to be unlocked through effective analytics so that the findings can be processed, extrapolated and used correctly.

This data can be used by city planners across the globe who are falling over themselves to develop ‘smart cities’ built upon automation. For instance, in an effort to address the growing problems of congestion on the roads, Singapore has recently started testing a small fleet of automated Audi taxis to carry passengers around a business park[4]. The driverless cabs are thought to reduce the cost of an average journey by 70 per cent by removing the need for a driver. Although the cars will initially have drivers ready to take over if the technology fails, the plan is to gradually phase the human out in 2019. The pilot ends in 2020 with a view to rolling out a wider deployment after that. The cars will be fitted with software that will allow commuters to book them, in a similar way to ride-sharing services Uber and Lyft. Similar pilot programmes in the US and Europe are likely to be announced later this year.

Driven, in part, by the wider trend for digital transformation, automation is here to stay. What is important, is to look at automation from the entire business perspective and end-to-end process.  Organisations 20 years ago would automate a software test on a straightforward algorithm, however now we have a mass of integrated systems as well as embedded software and engineering that must integrate. This makes quality assurance and testing of such integrated systems far more complex and, therefore, demand complex automated test strategies.

The only way to assure that a business works as it should is to continuously test the entire business process, to ensure that an upgrade being implemented at one part of the digital ‘chain’ won’t affect digital operations elsewhere.

Whilst it is possible to pool together combined knowledge into actionable digital intelligence that can be used to automate the majority of the quality assurance process, it is important to remember that it takes a human to predict what a human will do. Because of this, it is never wise to completely remove humans from the quality assurance process, however we believe at least 30% of transactional activities involving IT will be automated by robots over the next 5-10 years.

In conclusion, the automation of a business process needs to be underpinned by a comprehensive end-to-end quality assurance plan that includes an optimum combination of automated static analysis and expert human review. Any quality assurance needs to be done from the very beginning of a product or service development, and continued throughout. It is not enough to just test the new process to see if it will pass or not. The advisory capacity of domain knowledge is crucial to ensuring that automation isn’t simply an automatic route to disaster.

 

1 http://ift.tt/2bQvzHR

2 http://ift.tt/2byQZvs

3 http://ift.tt/2bQuWxT

4 http://ift.tt/2aibx7t

 

[1] http://ift.tt/2bQvzHR

[2] http://ift.tt/2byQZvs

[3] http://ift.tt/2bQuWxT

[4] http://ift.tt/2aibx7t

The post Automation requires humanity appeared first on IT SECURITY GURU.



from Automation requires humanity

Wednesday, 24 August 2016

Organisations need to get prepared: three steps for dealing with a data breach

The numerous data breaches that have hit the media headlines over the past few years demonstrate how imperative it is that every organisation creates a detailed action plan in the event that a hacker is able to infiltrate their system and steal a treasure trove of data. What’s more, cyber threats are evolving, fast, as criminal gangs embark upon increasingly targeted attacks, from social engineering to exploring the dark web for company specific information, to even placing rogue individuals into an organisation as employees.

There are multiple tools available to organisations today to keep them safe from the hackers. However, for those organisations that don’t have the correct measures in place, dealing with the aftermath of an attack is essential. As such, Stuart Poole-Robb, Chief Executive of Business Intelligence and Security Adviser, KCS Group Europe, gives three steps to take to recover from a data breach if the worst should happen.

  1. Identify the source of the breach

The first step that organisations need to take is to identify the source of the breach. Gaining advice from an external source is essential here, as it is likely that the missing links in the cyber security strategy were already over looked by in house-IT and/or existing consultants. A fresh pair of eyes is therefore needed to examine the situation from all angles.

  1. Assess the extent of the damage  

After the source of the breach has been detected, the next step is to assess the full extent of the damage; has more data been compromised than initially realised? A full search on the Dark Web using embedded sources often reveals not only how much of the company’s sensitive data is already for sale to the highest bidder but also data that was leaked or stolen in previous unrecognised breaches. A full forensic search is now required internally on the compromised systems, ideally with the aid of products that can inspect logs and trace the start of the breach.

  1. Strengthen IT security defences

Finally, organisations need to strengthen the IT defences currently in place and safeguard against future attacks. Organisations need to fight intelligence with intelligence.  Are employees trustworthy – and if so, are they switched on to the risks associated with social networks? Are potential business partners, suppliers and investors who they appear to be? Is a competitor looking to cause reputational damage? Or is a specific company weakness being discussed or traded on the dark web? From penetration tests to demonstrate employees’ vulnerability to social engineering to dark web vulnerability reports and thorough background checks, by fusing intelligence led security measures with existing security tools and processes, organisations change the game.

Conclusion

Cyber hackers no longer operate only online; they increasingly exploit ‘traditional’ criminal skills in person to bypass cyber security procedures and gain specific insight into a corporation and its employees.  And they invest huge amounts of time and resources to target specific organisations, for a range of objectives.

There is simply no way that the cyber security tools currently deployed can fight this form of targeted attack. It is only by fusing intelligence led security that delivers insight into specific risks with the right security tools and processes that organisations can start to fight back. And the fact remains that in this age of such sophisticated hackers, a post-breach action plan is essential. Without a plan, the alternative could be disastrous: careers would be on the line, shareholders would be furious and clients would be disgruntled. No organisation should take the chance.

The post Organisations need to get prepared: three steps for dealing with a data breach appeared first on IT SECURITY GURU.



from Organisations need to get prepared: three steps for dealing with a data breach

Poor security ‘aided’ Ashley Madison hack

The Ashley Madison dating site had “inadequate” security systems and used fake icons to make people think it was safe, reveals a report. The Toronto-based firm’s security systems were investigated by privacy watchdogs in Canada and Australia. The attack on Ashley Madison in July 2015 took data on millions of users.

View full story

ORIGINAL SOURCE: BBC

The post Poor security ‘aided’ Ashley Madison hack appeared first on IT SECURITY GURU.



from Poor security ‘aided’ Ashley Madison hack

UK becomes the world’s second most targeted nation for DDoS attacks as assaults rise over 220%

Distributed denial of service (DDoS) attacks have increased by a whopping 220% in the last year “with no signs of abating”, fuelled by DDoS-for-hire services and the use of “hit-and-run” tactics, new data shows. According to cybersecurity firm Imperva’s annual “DDoS Threat Landscape Report”, DDoS attacks rose by 221% between April 2015 and March 2016, with the UK becoming the second most popular target in the world. DDoS attacks occur when a threat actor persistently overloads a company’s network with fake traffic in order to bring it down, rendering it useless to clients. DDoS attacks are now one of the most common cyber threats facing online organisations, the firm found.

View full story

ORIGINAL SOURCE: International Business Times

The post UK becomes the world’s second most targeted nation for DDoS attacks as assaults rise over 220% appeared first on IT SECURITY GURU.



from UK becomes the world’s second most targeted nation for DDoS attacks as assaults rise over 220%

‘Grand Theft Auto’ Fan Site Hacked

Details for nearly 200,000 Grand Theft Auto fan site users have been traded on the digital underground. GTAGaming.com, which posts news, screenshots, and other information about theGrand Theft Auto video game series, was breached earlier this month. A source provided Motherboard with the data after finding it on a hacking forum, and it contains email addresses, hashed passwords, dates of birth, and IP addresses. The hacking forum has since shut down.

View full story

ORIGINAL SOURCE: Motherboard

The post ‘Grand Theft Auto’ Fan Site Hacked appeared first on IT SECURITY GURU.



from ‘Grand Theft Auto’ Fan Site Hacked

Blizzard blighted by another DDoS storm

Blizzard, the game developer behind World of Warcraft and Overwatch, was hit by another DDoS attack on Tuesday. The assault coincides with the final day of its Overwatch Summer Games event. In an update to an official Twitter account, Blizzard admitted the assault was affecting its ability to deliver services. “We continue to actively monitor an ongoing DDOS attack against network providers, affecting latency/connections to our games,” it said.

View full story

ORIGINAL SOURCE: The Register

The post Blizzard blighted by another DDoS storm appeared first on IT SECURITY GURU.



from Blizzard blighted by another DDoS storm

University hit 21 times in one year by ransomware

Universities and NHS trusts in England have been hit hard by ransomware in the last year, according to Freedom of Information requests carried out by two cybersecurity firms. Bournemouth University, which boasts a cybersecurity centre, has been hit 21 times in the last 12 months. Twenty-eight NHS Trusts said they had been affected. Ransomware is a form of computer malware which encrypts files and then demands a ransom for their release.

View full story

ORIGINAL SOURCE: BBC

The post University hit 21 times in one year by ransomware appeared first on IT SECURITY GURU.



from University hit 21 times in one year by ransomware

Dating Sites Hit by Luring Attacks via TOR Network

Researchers from Imperva have published a new blog post which warns against an increase in Luring attacks targeting dating sites via the TOR network.

Luring attacks are mounted by a competing dating site to lure users from the victim site to the attacker site. Most Luring attacks target multiple dating services and send spam messages to a large number of users, inviting them to different dating sites, probably all controlled by the same hacker. The motivation for the attacker is clear—to divert customers away from the competitor’s site and lure them to the attacker’s site.

Imperva researchers have recently witnessed an increase in attackers using the TOR network to carry out luring attacks in order to hide their identities.

Luring attacks from the Tor network are characterized by messages arriving from Tor clients at a relatively low (but steady) request rate of 1-3 requests every day, probably to sneak under the radar of rate-limit mechanisms to avoid automatic browser detection checks. Despite the very low rate of the requests Imperva has seen, it is likely that the actual total number of requests was much higher, with only a few requests exposed in their glimpse of the Tor user traffic.

Without a doubt, there is the collateral damage from the attack fronted by the hundreds of luring-oriented highly attractive fake profiles. The attack also confuses the few users remaining in the victim website, harassing them and lowering the overall credibility of the site.

Commenting on the discovery, Itsik Mantin, director of security research at Imperva, said: “These attacks have the potential to significantly disrupt business for dating site operators. By using the TOR network the attackers are able to hide their real location and their identities making them even more difficult to detect and block. In order to protect against Luring attacks it is recommended dating sites closely monitor for fake accounts and close down anything which is deemed illegitimate. It is also advisable to close monitor all TOR traffic and block anything suspicious.”

The post Dating Sites Hit by Luring Attacks via TOR Network appeared first on IT SECURITY GURU.



from Dating Sites Hit by Luring Attacks via TOR Network

Cybercriminals recruit insiders to attack telecoms providers

Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources – according to a Kaspersky Lab intelligence report into security threats facing the telecommunications industry.

Telecommunications providers are a top target for cyber-attacks. They operate and manage the world’s networks, voice and data transmissions, and store vast amounts of sensitive data. This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.

To achieve their goals, cybercriminals often use insiders as part of their malicious ‘toolset’, to help them breach the perimeter of a telecommunications company and perpetrate their crimes. New research by Kaspersky Lab and B2B International[i] reveals that 28 per cent of all cyber-attacks, and 38 per cent of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.

Compromising employees

According to the Kaspersky Lab researchers, attackers engage or entrap telecoms employees in the following ways:

  • Using publically available or previously stolen data sources to find compromising information on employees of the company they want to hack. They then blackmail targeted individuals, forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.
  • Recruiting willing insiders through underground message boards or through the services of “black recruiters”.  These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.

The blackmailing approach has grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data-leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact. 

The insiders most in demand

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.

However, insider threats can take all forms. The Kaspersky Lab researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege. In another example, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.

“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in a world where attackers don’t hesitate to exploit insider vulnerabilities. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody somewhere has you in their sights. The sooner you know about it, the better you can prepare,” said Denis Gorchakov, security expert, Kaspersky Lab.

In order to protect the organisation from insider threat, Kaspersky Lab advises the following:

  • Educate your staff about responsible cybersecurity behavior and the dangers to look out for, and introduce robust policies about the use of corporate email addresses;
  • Use Threat Intelligence Services to understand why cybercriminals might be looking at your company and to find out if someone is offering an insider “service” in your organisation;
  • Restrict access to the most sensitive information and systems;
  • Do a regular security audit of the company’s IT infrastructure.

Read more about insiders and other typical cyber-threats facing telecommunications companies on Securelist.

[i] Corporate IT Security Risks Survey, 2016, Kaspersky Lab and B2B International

The post Cybercriminals recruit insiders to attack telecoms providers appeared first on IT SECURITY GURU.



from Cybercriminals recruit insiders to attack telecoms providers

New report shows that Peer-to-Peer sharing sites are major target for cybercriminals during summer months

Peer-to-Peer (P2P) media platforms saw a tremendous spike in fraudulent activity ahead of the holiday season, a new report has revealed. As many Brits planned for their summer breaks and holidays in the sun, review sites and other media platforms have become a major target amongst cybercriminals over the last 90 days.

During the second quarter of 2016 ThreatMetrix®, The Digital Identity Company™ – which protects and monitors more than 20 billion online transactions each year – spotted that fraudulent new account registrations had increased 350 percent over the previous year, ahead of the holiday season.

P2P marketplaces are now more popular than ever, with consumers preferring to trust user-generated content over the individual brands or organisations’ websites. One of the biggest reasons consumers flock to peer-to-peer marketplaces is often to save money and nowadays P2P sites offer a way of shopping around to make sure they get the best deals. However, cybercriminals have spotted a huge opportunity with this trend and are using it to their advantage.

“Using compromised and stolen identities from recent breaches and social engineering hacks, fraudsters are able to exploit these platforms and readers.  While there is no direct victim of malicious or false content, the impact is extensive.  Over the last few months we’ve seen and stopped millions of compromised identities being tested each day by cybercriminals and bots mimicking the behaviour of trusted customers” commented Vanita Pandey, vice president, strategy and product marketing at ThreatMetrix.

UK-specific data and trends:

  • Over 55 million attacks were detected and stopped in real time across Europe; a 66 percent increase over the previous year.
  • UK is the top European attack destination for key countries within and outside the EU. Dridex took around 20M from UK bank accounts last year.
  • Nearly 1 in 4 media transactions were rejected in Q2 Europe-wide ahead of the key holiday season. This represents a 92 percent increase over 2015 as fraudsters attempt to sign up for new accounts, create fraudulent content and distribute spam and malware.
  • Over 10 percent of European account creations are now rejected as the impact of multiple high profile data breaches is felt keenly.
  • Fraudsters are attempting to sign up for new accounts with stolen and spoofed identities which are easily available for sale on the dark web. This represents an increase of 123 percent since 2015.
  • In the UK 58 percent of transactions are coming from mobile devices – significantly higher than the global number of 40 percent.

Other key findings from the report include:

  • Attacks are becoming more prevalent and are evolving in scope, depth and complexity: In Q2 2016 The ThreatMetrix Network processed 5.2 billion transactions, identifying and stopping 112 million attacks globally. This represents a 50 percent increase over the previous year. The exploitation of stolen data is global and coordinated, resulting in huge attack spikes following a large breach.
  • Bot attacks continue their relentless rise: 450 million bot attacks were detected and stopped this quarter, a 50 percent increase over last quarter.
  • As mobile transactions increase, fraudsters’ mobile attacks evolve: Mobile transactions are growing at a rate of 200 percent year-over-year, and 40 percent of Network transactions now come from mobile devices. The Network’s reported its first mobile bot attack this quarter, as fraudsters seek to capitalise on the increasing popularity of mobile commerce.

About the ThreatMetrix Q2 2016 Cybercrime Report

The ThreatMetrix Q2 Cybercrime Report is based on actual cybercrime attacks from April 2016 – June 2016 that were detected by the ThreatMetrix Digital Identity Network during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

  • Download the Q2 2016 Cybercrime Report Here
  • Download the EMEA Q2 Deepdive Here

The post New report shows that Peer-to-Peer sharing sites are major target for cybercriminals during summer months appeared first on IT SECURITY GURU.



from New report shows that Peer-to-Peer sharing sites are major target for cybercriminals during summer months