SANS has done some good work in security, but its webcast on next-gen product evaluation is based on fallacies.
from SANS, Signatures, Next-Gen and DIY Testing
SANS has done some good work in security, but its webcast on next-gen product evaluation is based on fallacies.
As the world rushes headlong into taking all manner of devices and systems online, there are few opportunities to sit back and consider the consequences of these decisions.
Australia had one such opportunity this week as a Senate inquiry heard testimony into how everything went wrong during Census night on August 9.
As a multinational giant had its incompetence and fragility exposed — and an almost AU$10 million contract turned into AU$30 million in remediation — a discussion could have been had around outsourcing, getting value for money from taxpayer funds, consistent chipping away of the public sector, privacy implications, and whether an online Census is even a good idea at all.
View full story
ORIGINAL SOURCE: ZDnet
The post The IoT security doomsday is lurking, but we cannot talk about it properly appeared first on IT SECURITY GURU.
IDC famously claims that the digital shadow of each human is already 45 Gigabytes and expected to rise. When considering this in a business setting, it’s no wonder that the pressure on networks is already straining at the seams.
Coming to the rescue is next generation technology in the form of 10 Gigabit switching. Despite this being an untrodden territory for many SMBs, our recent research shows that 100 per cent of them foresee the need to transition to 10 Gigabit switching either now or in the future.
View full story
ORIGINAL SOURCE: ITProPortal
The post The inevitable future of the connected business: Are you ready? appeared first on IT SECURITY GURU.
Mozilla has shuttered more than 130 serious vulnerabilities reported by community hackers this year. The browser-backing outfit announced the statistics in a post covering its bug bounty program and broader information security efforts. More than 500 million users ran Firefox at the close of 2015. It’s since become the world’s second-most-used browser.
View full story
ORIGINAL SOURCE: The Register
Switzerland’s national rail service (SBB) plans to start selling the digital currency Bitcoin at stations next month. From 11 November, customers will be able to trade Swiss francs for Bitcoins using ticket machines.
They will not be able to buy tickets with the web-based currency, though. The SBB said it had been testing customer demand for Bitcoin across the country, and had decided to launch a two-year pilot project.
View full story
ORIGINAL SOURCE: BBC News
The post Swiss railway ticket machines to sell Bitcoin digital currency appeared first on IT SECURITY GURU.
An Arbor ASERT Team researcher spotted threat actors actively updating and customising the Mirai botnet source code that was leaked less than two weeks ago.
The firm’s principal engineer Roland Dobbins noted relatively high concentrations of Mirai nodes which were observed in China, Hong Kong, Macau, Vietnam, Taiwan, South Korea, Thailand, Indonesia, Brazil, and Spain that included updates to remove erroneous Mirai bot backdoor reference, added Dyn post-mortem link, and refined descriptive verbiage, according to a 26 October blog post.
View full story
ORIGINAL SOURCE: SC magazine
The post Researchers spot cyber-crooks actively upgrading Mirai botnet appeared first on IT SECURITY GURU.
The UK public has expressed that it would like to see the data deemed by the Investigatory Powers Tribunal (IPT) to be unlawfully collected by GCHQ and MI5 on UK citizens for over a decade deleted. This is according to a OnePoll survey conducted on behalf of security and privacy advice and comparison site Comparitech.com. According to the study carried out on 1,000 members of the UK public, 70% said they would like to see their illegally gathered data deleted – something which the IPT ruling failed to stipulate in its ruling. A further 45% of respondents felt that compensation was also in order.
“While almost half of those surveyed said they should be compensated for any nefarious activity they may have been subjected to, a far healthier 70% thought that the UK government should now delete all personal data it has acquired through illegal means,” said Lee Munson, security researcher for Comparitech.com. “Whether or not that happens remains to be seen – or not, as the case may be – but what is clear is that the British public still do not have a grasp on data privacy and wiretapping laws.”
One third of the UK public said the case had decreased their trust in the UK Government, while a whopping 68% said it had decreased their trust in online platforms such as social media and email. When asked if they were more concerned about hackers stealing or the government illegally collecting their private information, 51% were more concerned about hackers, 14% were most concerned with the government and almost a third (31%) said they were equally concerned about both.
“These stats clearly show that public is constantly fighting a battle of who to trust in regards to their privacy,” continued Munson. “For now, the best advice for the public is to trust no one when it comes to leaving a trail of personal information online and to arm themselves with the tools and knowledge to help keep their personal information safe. For the powers that be who have yet to decide what to do with the data that has been illegally collected so far: the public has spoken – delete it.”
In fact, 38% of the public felt so strongly about privacy, that they would consider paying for products that increase their online privacy. To find out more and for further analysis, please see Lee’s blog on Comparitech.com.
Comparitech.com’s mission is to help consumers make more savvy decisions when they subscribe to tech services such as VPNs, antivirus and online security products, cloud backup and more. First and foremost it is a pro-consumer website providing information, tools and comparison to help consumers in the US, UK and further afield to research, compare tech services.
For more information: https://www.comparitech.com/blog/vpn-privacy/public-calls-for-deletion-of-unlawfully-collected-data/
The post Public calls for deletion of data unlawfully collected by UK Government appeared first on IT SECURITY GURU.
I laugh a lot these days. It’s the fail safe response of my CPS – my Crying Prevention System. After all, real men don’t cry, do they? But what can you do when every day brings a new absurdity that borders on insanity? Here’s an example from David Levy. He has moved from being technical […]
Artificial intelligence (AI) is the future. It’s a complex subject that basically boils down to mathematics. Mathematical rules, or algorithms, process data and deliver decisions (actually, they deliver probabilities and we decide what level of probability constitutes a decision). Those decisions already control much of our lives, from something as simple as stop/go sequences that […]
I’ve been thinking about PUPs recently. Some people call them PUAs; but PUP (potentially unwanted program) has an onomatopoeic ring to it. These are the apps you choose because they say they do one thing, but then they covertly do other more damaging things. They are called ‘potentially unwanted’ because it is possible that you […]
Facebook has inconspicuously announced that it intends ‘to begin allowing more items that people find newsworthy, significant, or important to the public interest — even if they might otherwise violate our standards.’ Facecrooks is understandably unenthusiastic: ‘This policy change … may help Facebook avoid controversies like … censoring a historic picture from the Vietnam War […]
By Paul Marshall, Chief Customer Officer, at Eseye
The internet has been recovering from high profile DDoS attacks on Friday that took down Dyn (the DNS provider to Reddit, Spotify, SoundCloud and a multitude of other sites). In the media, the blame for this attack has been firmly placed on IoT devices and as a supplier of connectivity to IoT and M2M devices, we are keen to share advice on how devices should be secured.
The following methods and tactics have been developed from our experience and if used, should prevent the IoT devices from becoming infected with the Mirai malware.
Beyond the altruism of protecting others (and yourself) from potential DDoS attacks, securing your device and connectivity delivery will also improve the device in the following ways:
As a manufacturer or designer of a connected device you cannot rely on the end user securing the device for you. Setting a unique username and password in the factory is the bare minimum, preferably you should insist these are changed when the device is first powered on (whether this is completed by the end user or remotely by the management company). A mistake common in the compromised devices was that the web interface username and password were separate to the command line versions; even the most security conscious end users wouldn’t have been able to secure the devices.
The device should run a number of monitoring functions that look for potentially malicious interactions from unknown IP addresses. This will prevent a bot from trawling the internet and repeatedly trying to guess the username and password. The device needs to be regularly updated and its security analysed. Leaving a device unsupported for any length of time raises the potential of the device being compromised.
If you run your own server (not cloud based) ensure the server is correctly maintained and secured. At the device level ensure the data from your devices is recognisable and as difficult to spoof as possible. This can be achieved in a number of ways, for example, a secure VPN from device to server and encrypting the packets or locking down the addresses that send to the server.
Work with your connectivity supplier to log all communications paths and understand the dependencies. Installing a secure VPN tunnel to your datacentre is helpful, but do the devices also have an external dependency? Test a subset of devices by removing their ability to access certain services. Do they fail? Do they fail gracefully? And do they recover without needing human intervention?
While IoT/ M2M devices are in their infancy, stories like the Dyn DDoS are likely to continue. However, security must remain a key element of the deployment strategy and currently does require additional time and resource, particularly to deploy at scale.
The post IoT Security: how to reduce the risk of another Dyn DDoS attack appeared first on IT SECURITY GURU.
According to research commissioned by Rackspace® (NYSE: RAX) and carried out by Vanson Bourne* amongst 300 large UK organisations, more than half (54 percent) of those using open source technologies perceive external security threats as the biggest challenge to adoption. In fact, nearly half (49 percent) of the respondents whose organisations are not yet 100 percent open source still see proprietary, or closed source, technologies as more secure, with a further 43 percent concerned about the vulnerabilities related to open source code.
These insights were part of the Rackspace State of Open Source report, which was conducted amongst IT decision makers in large UK businesses, and found that – despite these fears – open source is thriving in the enterprise. 90 percent of those surveyed deploy open source-based enterprise applications, while the vast majority (89 percent) say that, over the last three years, open source has become more professional, making it more attractive for enterprise development and use.
Business benefits of open source
Open source users cite several benefits driving their usage:
These benefits have led most (85 percent) respondents that use open source to migrate a closed source project to an open source project at some point.
John Engates, Chief Technology Officer at Rackspace, said: “While open source technologies have been around for many years, it is great to see that enterprise businesses are finally dipping their toes in and seeing the tangible benefits. However, while the perception issue is significant, we don’t expect that open source usage will decline because of security concerns. As an industry, open source code is amongst the most scrutinised, and its commitment to transparency means that – where there are vulnerabilities – businesses will be aware of these and take steps to protect themselves.”
App development top usage for open source, Artificial Intelligence and Internet of Things-related deployments still low
In terms of how open source is being used within the enterprise, respondents also provided their most common deployments:
Although the Internet of Things (IoT) and Artificial Intelligence (AI) are amongst the most talked about technological advances in recent times, businesses are not using open source widely in either. In fact, just a quarter (27 percent) of businesses are using open source for IoT and a fifth (20 percent) for AI – despite the majority of innovations coming through in these sectors being based (in some form at least) on open sourced code.
Private education (67 percent) leads amongst open source users for AI – encouraging given the level of research that takes place in these institutions, aiming to further the scope of AI in the future.
However, while open source’s popularity is undoubted, the research clearly demonstrates that businesses prefer using mixed sources and the flexibility this affords. Of those not already using entirely open source, just over half of respondents (51 percent) said that they would never become ‘100 percent open source’ (i.e use open source for all of their projects) – taking a ‘best of both worlds’ approach with mixed sources. Just two percent of organisations who currently use some form of open source said that they would move to a 100 percent open source model in the next two years, with only 31 percent in the next five years.
Engates, continues: “Every industry and business sector faces disruption, enabled by the digitalisation of products and services, and the ability to manage the scale and agility needed in today’s competitive environment. With an increasing amount of a company’s value derived from software, the acceptance of open source as a viable solution helps businesses compete. By using the same strategies and tactics as the market leaders, businesses of all sizes will be able to build and launch innovative solutions faster than by using closed source technologies in isolation.”
Having the right skills for the job
Only around one in three respondents think that they have all of the necessary skills within their organisation to develop solutions using open source – particularly when it comes to using components/technologies (32 percent), implementing open source projects (33 percent) and managing open source projects (34 percent). In addition, a majority of respondents indicated that they are actively taking steps to increase their workforce’s capabilities:
In fact, 80 percent of the respondents from organisations that use open source say that their organisation relies on partners and third parties to develop, implement and/or manage their open source technologies.
 Open source denotes software for which the original source code is made freely available and may be redistributed and modified among other organisations.
The post Despite security fears, open source is fuelling innovation and cost savings in UK businesses appeared first on IT SECURITY GURU.
Thales, a leader in critical information systems, cybersecurity and data protection, today announced the results of its survey into attitudes towards organisations that have experienced data breaches. The survey showed that 84 percent of respondents would reduce or eliminate the use of an organisation’s products or services following breaches, and only 16 percent of respondents would continue to use an organisation’s products or services as usual.
If you found out an organisation whose products or services you use had multiple data breaches, which of the following best describes how you would react?
16% – I would continue to use their products or services as usual
27% – I would limit my usage of their products or services
37% – I would only use their products or services if I had no alternatives
20% – I would stop using their products or services completely
“It’s important for firms to recognise just how much of their customer base might be lost in the wake of breach incidents,” said Sol Cates, vice president of technology strategy at Thales e-Security. “With more than half of respondents saying that they would either immediately stop using an organisation’s products or services altogether, or use them only if they have no other choice, effective security controls specifically placed around data to prevent and minimise damage from data breaches become an absolute requirement.”
The survey also questioned respondents on what they would be most concerned about following a breach of their personal information. The results showed that theft of money from bank accounts was the primary concern, second to identity theft:
If your personal information were stolen in a data breach of an organisation you do business with, which of the following would you be most concerned about?
46% – Money being stolen from my bank account
38% – My identity being stolen
9% – My account login information being stolen
7% – Receiving more spam emails
“The theft of money from someone’s bank account as the result of a breach is a very tangible fear, but realistically it is much less likely than other outcomes,” continued Cates, “The implications of identity theft should pose far more of a concern, as they can be extremely painful and long lasting, with clean-up from incidents taking months or even years, and having long term effects on using and obtaining credit when it is really needed. Once your data is ‘in the wild’, your life is never the same.”
The post 84% of Brits Reconsider Brands Affected by Data Breaches appeared first on IT SECURITY GURU.
Analytic software firm FICO today launched the FICO® Enterprise Security Score, a metric that reveals the likelihood an organisation will be breached due to a cyber attack. This score can be used by an enterprise to understand and shore up its defence gaps, and by third parties such as cyber insurance providers, potential partners and customers who need an objective measure of a firm’s cyber risk.
The FICO Enterprise Security Score is an upgrade of the solutions previously offered by QuadMetrics, which FICO acquired in May. FICO upgraded the QuadMetrics analytics with FICO’s advanced analytics technologies that power various industry-leading solutions from FICO, including FICO® Falcon® Fraud Platform.
The FICO® Enterprise Security Score performs a complex assessment of network assets, applies advanced predictive algorithms, and then condenses the results down to a three-digit score that rank-orders based on the odds of breach for an organisation, allowing an empirical comparison of organisations’ cyber security risk. The score represents the likelihood of the enterprise suffering a material breach in the next 12 months. Organisations can use this score to understand and track their own performance, or share it with business partners as an easy-to-understand surrogate for a more in-depth exchange of security posture details. The score comes with current threat profile characteristics and granular insights into potential security issues.
“The need for a standard, empirically derived analytic measure of cybersecurity risk gets stronger every day,” said Doug Clare, vice president of cybersecurity solutions at FICO. “There have been attempts to quantify a firm’s security posture, but they lack the predictive element, which is FICO’s speciality. We aim to bring to cybersecurity the consistency, transparency and predictive power we have brought to credit history in the US through the FICO Score.”
The FICO® Enterprise Security Score is backed by a highly scalable, cloud-based platform that evaluates the entire Internet address space for information to assess the security of any network. This unique asset is updated with billions of data points from around the globe, and enhanced with public and proprietary source information. There is no software or hardware to install, and no integration work to perform.
“To date, cyber insurance underwriting has been challenging, as threats change constantly,” said Clare. “Without a clear industry benchmark or standardised risk criteria, insurers have had to rely on a wide range of high-touch methods and judgemental criteria when establishing cyber policies and premiums. The FICO Enterprise Security Score delivers a trusted, empirically derived, long-term view of cyber risk that can improve not only the underwriting process but ongoing portfolio risk assessments.”
“Information security professionals actually have a fairly good understanding of the challenges and threats of cybersecurity, but often aren’t able to see the cohesive effects of their countermeasures and diligence, affecting both their overall effectiveness and their ability to quantify the risk for their business partners,” said CEB Senior Executive Advisor Jason Malo. “Benchmarking at an enterprise level could help complement current metrics and also provide a risk measurement framework for ongoing management and project investment.”
“By combining our wide network of data resources with FICO’s industry leading advanced analytics, we’ve created the most powerful and accurate forecast of a company’s cyber risk,” said Manish Karir, former CTO of QuadMetrics, and product manager of the Enterprise Security Score. “This score gives chief information security officers details they need to protect their own network assets. It also provides an empirically derived standard benchmark for cyber insurance providers and everyone else in the cybersecurity ecosystem.”
“QuadMetrics provided a very unique scoring index, indicating the likelihood of cyber security problems for an organisation,” said Joe Sawasky, CEO of Merit, a non-profit, Member-owned organisation governed by Michigan’s public universities that owns and operates America’s longest-running regional research and education network. “This proved invaluable to our member organisations in Michigan, given that cyber risk is now among the top business risks overall. The FICO enhancements will make this an even stronger solution, which provides value not only to CIOs but also to CFOs, risk management professionals and boards.”
The post FICO Enterprise Security Score Gives Long-Term View of Cyber Risk Exposure appeared first on IT SECURITY GURU.
A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials. In this case, ProofPoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers’ accounts on Twitter.
ORIGINAL SOURCE: International Business Times
The post Hackers target all major UK banks with new Twitter phishing campaign appeared first on IT SECURITY GURU.
The development of the market for stolen data and related hacking skills indicate that the business of cybercrime in the healthcare sector is growing, according to Intel Security. “In an industry in which the personal is paramount, the loss of trust could be catastrophic to its progress and prospects for success,” said Raj Samani, Intel Security’s CTO for Europe, the Middle East, and Africa.
ORIGINAL SOURCE: Help Net Security
The post Stolen medical records available for sale from $0.03 per record appeared first on IT SECURITY GURU.
A new tech support scam displays a fake blue screen of death (BSoD) in an effort to trick users into installing malware on their Windows computers. The threat, which Microsoft calls SupportScam:MSIL/Hicurdismos.A, builds off a long lineage of tech support scams. Some of those ruses have even mimicked other Windows features, including the update process, to try to trick users into purchasing unnecessary software.
ORIGINAL SOURCE: Graham Cluley
The post Blue screen of death with a support number? Beware the malware scam appeared first on IT SECURITY GURU.
Paypal has patched a boneheaded two factor authentication breach that allowed attackers to switch off the critical account control in minutes by changing a zero to a one. British MWR InfoSecurity consultant Henry Hoggart (@_mobisek) discovered and quietly reported the flaw to the payment giant. Attackers with username and passwords in hand need only mess with post requests changing securityquestion0 to securityquestion1 for two factor authentication to be bypassed.
ORIGINAL SOURCE: The Register
The post PayPal patches bone-headed two factor authentication bypass appeared first on IT SECURITY GURU.
Back in March, Microsoft took a step in the right direction when it added a new feature in Office 2016 that allowed network administrators to use a local Group Policy for their organization and block macro scripts that downloaded content off the Internet, rendering macro-based malware ineffective. Yesterday, in a statement from the Microsoft Malware Protection Center, the company announced that it ported the feature to Office 2013, following numerous customer requests.
ORIGINAL SOURCE: Softpedia
The post Microsoft Backports Office 2016 Anti-Macro-Malware Feature to Office 2013 appeared first on IT SECURITY GURU.
By Joe Bombagi, Director of SteelFusion, EMEA & APJ at Riverbed Technology
The benefits of cloud adoption – including increased employee productivity, and reduced operational costs – are enabling businesses to become more global and interconnected. Organisations large and small are rolling out an increasing number of cloud applications, enabling employee access to sensitive data from branch offices located all over the world. However, increasing reliance on cloud technologies has also compounded businesses’ data security concerns. According to a recent Unisys survey, 42% of respondents named security as the most challenging aspect of cloud management, far outweighing all other concerns. With employees accessing and sharing sensitive data from worldwide locations and though an array of devices, organisations face the challenge of protecting valuable intellectual property, customer data, and ultimately their reputation and bottom line.
As a result, different countries are putting in place their own set of compliance requirements. For example, the European Union’s General Data Protection Regulation (GDPR) will have a major effect on all companies managing personal data within the EU, whether they are based in Europe or not. Similarly, organisations have to comply with local data protection laws if operating in the US, Russia, or the Middle East, to name just a few. This could be particularly diffiult for companies with branch offices located worldwide, who will have to ensure compliance with the regulations governing in each of the regions in which they operate. Non-compliance brings the risk of facing harsh consequences.
As a result, most organisations will need to adopt entirely new behaviours in the way they collect and use sensitive data. With that in mind, here are a few actions organisations can implement to ensure they comply with current regulations, no matter where they operate.
Businesses across the world will need to take a long, hard look at their security measures and adapt to regional laws. Businesses will have to strike the right balance between protecting customer information and making sure users of that data can continue to operate the way they need to. This could be a challenge especially when considering that, until recently, businesses often collected employee and customer information with only a vague sense of how the data might eventually be stored and used.
So, the first step towards compliance is for businesses to have a full understanding of where their information resides, and where it travels. Businesses need to create maps describing the flow of personal data within their network. This is a core requirement because many companies collect user data and process it in the cloud, in a different region than where it originated.
There are lots of tools dedicated to providing network security, including vulnerability scanners, intrusion detection and prevention, and firewalls, among many others. Every company has its own ideas and approaches when it comes to securing their corporate network. No matter which tools they choose to implement, it is important to recognise that no one tool is failsafe. A firewall will help keep people outside your network from getting in, but does nothing to help once someone is on the inside. An intrusion device will help identify when someone intrudes, but does nothing to secure the perimeter.
This is why it is imperative for companies to regularly perform and document risk assessments. Using new technologies, IT teams can easily monitor the network, report on access violations, prove or disprove access concerns, identify areas where issues occur, and help remediate those issues. They can then leverage this information to ensure they know what is happening throughout the network, ensure no one is doing things they shouldn’t, and in the worst-case scenario of an intrusion or other violation, determine what happened and identify proper mitigation factors.
A Data Protection Officer (DPO) is an expert in data-privacy law, responsible for conducting data privacy assessments and ensuring appropriate policies are in place.
Companies operating in the EU will need to do one of two things: Either name a DPO, and equip them with all the tools they need, or provide a personal data map that explains why their business qualifies for exemption. Though not all countries stipulate the need for a DPO, having a person on hand who is responsible for the efficient management of information can help companies to ensure compliance with global information-related laws and regulations.
Organisations should look to have privacy protections built in throughout their operations. This requires paying special attention to every detail around what is happening in the cloud, as well as an understanding of how different applications interact. By establishing holistic, real-time, end-to-end visibility into cloud and on premise application performance across the entire network, IT can establish a clear line of sight into how apps are performing. Using application monitoring tools, IT can then identify the cause of performance issues, fix them immediately, and proactively improve performance. This improved visibility into application performance will ensure compliance with data security regulations and will result in increased productivity and revenue for the organisation, as well as improved customer service, product quality and employee engagement.
As more and more organisations move to the cloud for day-to-day operations, visibility across public, private and hybrid clouds will become critical. A dramatic increase in network complexity, and new, highly distributed application architectures demands a radical new approach to how IT looks at the network and its application performance infrastructure.
With many of today’s organisations going global in the cloud, achieving increased visibility, optimisation and control for networks and applications is a must. Fortunately, they and the decision-makers behind them have the time and tools needed to capitalise on the cloud without being held back by regulations.
The post Ensuring data security compliance – no matter where your organisation is located appeared first on IT SECURITY GURU.
Tenable Network Security, Inc.®, announced today that it has acquired FlawCheck, becoming the first vulnerability management company to provide security for Docker containers and support organizations’ modern DevOps processes.
“Information technology is undergoing a profound change due to DevOps, containers and the mass migration of operations and infrastructure to the cloud,” said Renaud Deraison, chief technology officer and co-founder, Tenable Network Security. “Tenable understands that next-generation technologies bring with them a range of new security challenges, which is why we are accelerating our investment in this area.”
Founded by Anthony Bettini and Sasan Padidar — who between them have previously held prominent roles at Facebook, Google, Intel and McAfee — FlawCheck helps organizations scan container images for vulnerabilities, malware and other risks. The product provides vulnerability and malware detection, along with continuous monitoring, for Docker containers, integrating with the continuous integration and continuous deployment (CI/CD) systems that build container images to ensure every container reaching production is secure and compliant with enterprise policy.
“Containers are changing the software development and deployment process, but many organizations don’t have a way to properly maintain and secure them,” said Bettini. “FlawCheck scans containers early in the software development lifecycle to make it easier and safer to deploy them in production, and then continuously monitors them for vulnerabilities and malware. By seamlessly incorporating FlawCheck into their development and deployment processes, enterprises gain visibility into the hidden security risks present in containers, enabling fast remediation without slowing innovation cycles.”
Organizations struggle to gain visibility into container-based malware and vulnerabilities and ensure the security of production code because containers are often rebuilt and redeployed on the fly, are active on networks for only short periods of time and exist outside of normal patching processes.
“As the IT world moves from old to new software development practices, we’ve seen time-to-production decrease by orders of magnitude,” said Adrian Sanabria, senior security analyst, 451 Research. “New technologies — cloud, containers — and the speed of new processes — DevOps — are creating the need for products that are purpose-built, easily integrated and easily automated.”
“FlawCheck is an amazing product that excels at detecting threats that otherwise would remain invisible, which is critical, because you can’t remediate what you don’t detect,” said Deraison. “The unique capabilities within FlawCheck to continuously monitor container images for malware and vulnerabilities are a natural extension of the container security capabilities already available to Tenable customers. We’re now working to bring a fully integrated product to market in 2017. The creativity and experience Tony and Sasan possess make them valuable additions to Tenable and I’m excited about what their presence means for the future of this company.”
For more information on how Tenable is delivering increased security for Docker containers and adding visibility into the DevOps process, please visit http://tenable.com/flawcheck.
The post Tenable Network Security Acquires Container Security Company FlawCheck appeared first on IT SECURITY GURU.
Gemalto, the world leader in digital security, has found that the number of postings in the UK for positions requiring skills in Internet of Things (IoT) related technologies has increased by 70% over the past year, rising 120 places in the ranking of IT jobs. The figures from UK jobs statistics website IT Jobs Watch, as of 18th October, show that the growth in connected devices and implementation of smart city projects are fuelling demand for the skills needed to make them a success.
The data also showed that demand for the skills needed to make IoT projects successful was also on the rise:
o Vacancies for cybersecurity roles rose substantially over the last year, increasing by 73%
o Companies are increasingly looking for people who can build Security Architecture, which rose by 43% and also for Security Engineers, demand for which rose by 9%
o The median salary for a Data Manager grew by 7%
o Enterprise data management is also in demand, with the skill increasing its ranking of importance in IT jobs by 35 places compared to 2015
o Those comfortable around Big Data are becoming sought after, with the skill moving up 12 places in the list of most desired attributes
o The number of permanent jobs citing data analytics rose by 15% and 62 places in the rankings
o Demand for Artificial Intelligence knowledge has also seen rapid growth, becoming one of the most desired skills around, with the number of roles mentioning it increasing by 300%. This resulted in an impressive rise of 240 places in the most sort after skills in IT
Nicolas Chalvin, Vice President – M2M / IoT Solutions & Services at Gemalto, comments: “Technology moves at an incredibly fast pace and companies are continuously looking for the people with the skills to help them embrace the latest innovations. Growth in smart cities is building interest in IoT but in order to get ahead, companies need to be looking for a range of skills, not just one, to set them apart from their competitors. As a result, we’re starting to see new roles such as IoT Architect and IoT Engineer being introduced to the market as companies look for the best way to tap into the IoT market.
“Given the growth in demand for IoT knowledge, it’s encouraging to see demand for cybersecurity skills also on the increase – showing that organisations appreciate the need to secure the data they collect. As more IoT projects go live, keeping these secure is vital to ensuring consumer confidence in their usage, protecting confidential data and making them a success.”
Today, Citrix announced new research which revealed that an average of £27,818 is now spent by many local authorities on health and safety training, nearly double the spend in 2015 (£14,061 per local authority). This is considerably more than the amount being committed to data protection and IT security training – just £3,378 per local authority.
This new data was obtained by a Freedom of Information (FoI) request issued to 129 local authorities, with 109 organisations responding. The findings compare the amount of revenue committed to training courses such as health and safety, meditation, working at heights and managing difficult situations, with that spent on protecting data from cyber-attackers like IT security and data protection training.
The findings reveal that nearly £1.2m has been committed between the councils this fiscal year on health and safety, meditation, working at heights and managing difficult situations training, compared to £104,711 on IT security and data protection courses.
A majority (86 per cent) of local authorities spent nothing at all on IT security training this year. However, several (24) have stated they provide free ‘e-learning’ or ‘on the job’ data protection and IT security training.
Interestingly, over the past two fiscal years an average of 714 smart devices per local authority – such as smartphones and tablets – have been issued to staff, totaling more than 56,000 overall. However, respondents indicated that 39.6 per cent of these aren’t protected by enterprise mobility management software.
Jon Cook, Director, Sales, UK & Ireland, Citrix, said: “A broad scope of training is vital in today’s work environment. We commend local authorities for arming their employees with these additional skills, as well as seeking to improve their work / life balance through issuing smart devices and committing to a well-rounded programme of training courses.
“However, cyber threats continue to be more prolific and advanced today than ever before. And with the responsibility for managing citizen data, coupled with the risk of penalties of up-to £500,000 for data-breaches, it is crucial that employees know how to keep information secure from external threats.
“With the stakes so high, councils must ensure that staff understand the importance of data protection in the growing threat landscape.”
The number of intellectual property cyber theft incidents in the next 12 months is expected to increase, according to 58 percent of respondents to a recent Deloitte poll. When asked which category of potential adversary they believe is most likely to attempt theft of their organizations’ IP, the prevailing percentage of respondents (20.1 percent) answered “employees or other insiders.” Yet, only 16.7 percent of respondents said access to IP is very limited, on a need-to-know basis only.
ORIGINAL SOURCE: Help Net Security
Netskope Threat Research Labs today published a report digging into the CloudFanta malware campaign, which is suspected to have stolen more than 26,000 email credentials since it began operation in July 2016. CloudFanta leverages the Sugarsync cloud storage app to distribute malware capable of stealing user credentials and observing online banking activity to obtain users’ information.
ORIGINAL SOURCE: Dark Reading
The post CloudFanta Malware Targets Victims Via Cloud Storage App appeared first on IT SECURITY GURU.
There are several theories and claims as to who might be behind the distributed denial-of-service (DDoS) attacks launched last week against DNS provider Dyn, but researchers believe the attacks were actually launched by script kiddies. The DDoS attacks launched on Friday against Dyn’s managed DNS infrastructure caused disruptions for several major websites, including PayPal, Twitter, Reddit, GitHub, Amazon, Netflix and Spotify.
ORIGINAL SOURCE: SecurityWeek
New variants of Locky are being released at a rapid rate lately. Yesterday, we had a new variant that appends the .SH*T extension to encrypted files and today they switched to using the .THOR extension. Maybe Locky had its mouth washed out with soap for cursing? Regardless of the reasons for the switch, I am happy as I won’t have posts with curse words all over the forums.
ORIGINAL SOURCE: Bleeping Computer
The post Locky Ransomware switches to THOR Extension after being a Bad Malware appeared first on IT SECURITY GURU.
Corero Network Security has disclosed a new DDoS attack vector observed for the first time against its customers last week. The technique is an amplification attack, which utilizes the Lightweight Directory Access Protocol (LDAP): one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in most online servers.
Original source: Help Net Security
Corero Network Security , a security solutions provider against DDoS attacks, has disclosed a significant new zero-day DDoS attack vector observed for the first time against its customers last week. The new technique is an amplification attack, which utilizes the Lightweight Directory Access Protocol (LDAP): one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in most online servers.
While Corero’s team of DDoS mitigation experts has so far only observed a handful of short but extremely powerful attacks against their protected customers originating from this vector; the technique has potential to inflict significant damage by leveraging an amplification factor seen at a peak of as much as 55x. Therefore, in terms of its potential scale, if combined with the Internet of Things botnet that was utilized in the recent 655 Gigabyte attack against Brian Krebs’s website, we could soon see new records broken in the DDoS attack landscape, with potential to reach tens of Terabits per second in size in the not too distant future. The DDoS landscape has been extremely volatile in recent weeks, particularly with the release of the Mirai code and subsequent Mirai infected Internet of Things (IoT) devices, and we expect this trend to continue for the foreseeable future.
Dave Larson, CTO/COO at Corero Network Security, explains: “This new vector may represent a substantial escalation in the already dangerous DDoS landscape, with potential for events that will make recent attacks that have been making headlines seem small by comparison. When combined with other methods, particularly IoT botnets, we could soon see attacks reaching previously unimaginable scale, with far-reaching impact. Terabit scale attacks could soon become a common reality and could significantly impact the availability of the Internet– at least degrading it in certain regions.”
Reflection and amplification attacks
In this case, the attacker sends a simple query to a vulnerable reflector supporting the Connectionless LDAP service (CLDAP) and using address spoofing makes it appear to originate from the intended victim. The CLDAP service responds to the spoofed address, sending unwanted network traffic to the attacker’s intended target.
Amplification techniques allow bad actors to intensify the size of their attacks, because the responses generated by the LDAP servers are much larger than the attacker’s queries. In this case, the LDAP service responses are capable of reaching very high bandwidth and we have seen an average amplification factor of 46x and a peak of 55x.
Dave Larson explains: “LDAP is not the first, and will not be the last, protocol or service to be exploited in this fashion. Novel amplification attacks like this occur because there are so many open services on the Internet that will respond to spoofed record queries. However, a lot of these attacks could be eased by proper service provider hygiene, by correctly identifying spoofed IP addresses before these requests are admitted to the network. Specifically, following the best common practice, BCP 38, described in the Internet Engineering Task Force (IETF) RFC 2827, which describes router configurations that are designed to eliminate spoofed IP address usage by employing meaningful ingress filtering techniques, would reduce the overall problem of reflected DDoS by at least an order of magnitude.
“Today’s DDoS attacks are increasingly automated, meaning that attackers can switch vectors faster than any human can respond. The only effective defense against this type of DDoS attack vector requires automated mitigation techniques. Relying on out-of-band scrubbing DDoS protection to stop these attacks will cause significant collateral damage. Given the short duration and high volume attacks, legacy solutions simply cannot identify and properly mitigate in time to protect network availability.”
The post Corero Warns of Powerful New DDoS Attack Vector with Potential for Terabit-Scale DDoS Events appeared first on IT SECURITY GURU.
With Nintendo’s secretive ‘NX’ project finally given a trailer reveal as the Nintendo Switch, gamers have finally been given some answers on Nintendo’s new product, but there are still some important questions left to answer. The trailer does a good job of showing the USP of their new product – a home console which can […]
The post Nintendo Switch reveal wows gamers but alienates stock market appeared first on ITsecurity.
York said that his company worked with Akamai and Flashpoint to analyze the source of the junk traffic that targeted its managed DNS services, which provide on-demand DNS servers for popular websites such as Reddit, Imgur, Twitter, GitHub, Spotify, Soundcloud, PayPal, Yelp, and others. Because of this DDoS attack, Dyn’s DNS servers weren’t able to resolve DNS queries for the aforementioned services, and users couldn’t access those websites, because their browsers and apps couldn’t resolve the “domain.com” text into an IP address where they needed to connect.
View full story
Original source: Softpedia
The Jester is, for me, a huge moral dilemma. Hacking is against the law. Jester is considered to be a private pro-America individual cyber vigilante hacker. But is he? The FBI has huge success in tracking down and arresting the hackers they go for. I say nothing about the morality of their methods, only that […]
by Mike Simmonds, managing director, Axial Systems
When BYOD originally took off, security concerns drove companies to take measures to counteract the risks of allowing remote access to company data from employee devices. Many believed they had shut the door to cybercrime. In reality, data breaches have continued to soar. According to research from PwC, showcased in a recent infographic from Swivel Secure, the number of small firms experiencing a data breach jumped by 14% last year – and although in 2014, the average cost of such a breach was £90k, it rose to £190k in 2015. The number of large companies suffering a breach rose 9% over the same period, with average costs per breach increasing from £800k in 2014 to a phenomenal £2.3 million last year. In total, a staggering 90% of large businesses admitted to a data breach, with more than two-thirds having been attacked by an unauthorised outsider in the last year.
Scoping the Challenge
The possibility of being fined is another significant concern. The new General Data Protection Regulations (GDPR) puts stringent new data protection requirements in place and will impact any companies holding any data at all about any EU citizen. The most severe penalty available for non-compliance with GDPR is a fine up to €20 million, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
For businesses that fall victim to these cyber-criminals, the reputational damage suffered can also be severe. Serious fines attract media coverage and may deter prospective customers signing up. The inability of the business to recover what has been lost by the breach can further compromise credibility. After all, while some cyber-criminals steal data, others corrupt it and make it worthless. Ransomware, for example, may simply encrypt all of the business’s data with a key that the organisation cannot access. The business has no recourse to any third party in its bid to retrieve the information, further undermining its credibility with prospects and customers. So why are we seeing more breaches and what steps can businesses take to protect themselves and bring cybercrime under tighter control?
Part of the reason for the rise is probably down to greater reporting. The pending introduction of GDPR means that if you do suffer a breach, you have to reveal it to the authorities. The regulation was approved by the European Parliament in April 2016 and all organisations that process personally identifiable information (PII) must comply with it by 25 May 2018. So, businesses need to get their reporting mechanisms in place as soon as possible.
This higher level of reporting though should not disguise the fact that the increase in data breaches is real and many factors are fuelling it. Data growth is continuing to rise exponentially – and so too is the volume of data potentially available to hackers online. In line with this, cyber-criminals are becoming increasingly sophisticated. Many have organised into professional groups, with a highly-skilled workforce operating across far-flung networks. Breaches are becoming more targeted also at least in part because it is as cheap and easy to launch targeted attacks today as it is to adopt a blanket bomb approach.
At the same time, many businesses are migrating their data to the cloud for storage (one in three now use cloud data storage, according to the survey), changing the nature of access again and bringing with it a whole raft of new security concerns. Businesses now need to think about more than just their own security and ensure that their level is at least mirrored by that of their cloud service provider. They must be confident, for example, that any data transitioned to the care of that provider is encrypted the moment it lands rather than post-landing. Most companies do not realise that if they are using cloud services, they are themselves still liable for the security/integrity of any data forwarded to those services. With the coming of GDPR and the associated fines, this is hugely important. Simply saying it’s the fault of the service provider for any data loss just won’t pass muster in this context.
At Axial, we advise customers to encrypt data themselves as it leaves their building. This ensures there are two layers of encryption – so that if one is compromised, one remains encrypted, whether the data is in motion between the office location and cloud service or whether it is at rest at each location.
Key Role of Authentication
Whatever the nature of the data it is looking to protect, the business must exercise ‘due diligence’ at all times and that means much more than just taking a cursory glance at the data. In this context, following due diligence entails the business undertaking a thorough review of its data protection processes and what steps it can take to make them even more secure. The data from the Swivel Secure infographic, which draws on 2015 research from PwC indicates that organisations still have much to do in this respect. 32% of those surveyed had not had any form of security risk assessment. More than a quarter (26%) do not evaluate how effective their security expenditure is, while just 60% said they were confident that they had adequate security skills to manage their risk for next year.
While ease of access is of course important, businesses also have to be focused on ensuring that employees never compromise security in exchange for it. There is a need for education here. Take the manager that needs to deliver a presentation the next day and wants to store it in an accessible place. There is a natural inclination to save the slides in multiple locations – on the company laptop, on a file sharing application and on a memory stick, perhaps, with the rationale that if one location fails, the others can serve as a back-up.
Such an approach creates its own problems, however – and users need to be made aware of the issues and concerns. If the laptop is left on a train, it could be easy prey for anyone with the skill and inclination to break into it. The file sharing application could potentially be compromised also, while USB sticks are frequently lost. Simply by taking the data outside of the corporate infrastructure, you are bypassing all the security infrastructure and potentially putting sensitive information at risk.
It’s a clear demonstration of how so many businesses can make themselves vulnerable by effectively sleepwalking into data breaches. So what’s the solution? Technology should always be part of it. Anti-virus and anti-malware software needs to be implemented and kept up to date. Data leakage protection can also be put in place, providing electronic tracking of files, or putting systems in place that stop users arbitrarily dropping data out to cloud services. Critically though, adaptive authentication, in which risk-based multi-factor authentication is used to ensure the protection of users accessing websites, portals, browsers or applications, also has an increasingly key role to play.
Being able to manage user authentication based on such parameters as who, when, where and what is essential, of course. Adaptive authentication solutions such as Swivel’s AuthControl provide the ability to manage how users authenticate to the network or individual applications based on multiple parameters and a risk score. For example, a business may decide that access to HR/Finance records carries a high risk whereas mail does not. In that case, name/password may be sufficient for mail access but two-factor user authentication and a digital (machine) certificate are required to access the finance application – even for the same user.
Furthermore, adaptive authentication provides a great user experience in hybrid environments where a combination of on-premises, remote access and cloud services are delivered by the business.
So adaptive authentication is key but it has to be delivered as part of an overall strategy. Technology is critically important but ultimately countering data breaches effectively is also about education. Businesses need to hammer home the message that employees need to take a responsible approach to managing and protecting their data. They must be aware of the potential security threats and do all they can to mitigate them – from keeping care of devices they use at work to making sure their passwords are consistently strong. The battle against the cyber-criminals will continue but if businesses are to fight back and reverse the ongoing trends, they need their employees to be onside and focused on keeping data safe.
The post ‘The need to stay alert as data breach costs rise’ appeared first on IT SECURITY GURU.
Sophos discusses whether it’s worth reporting ransomware.
Victims of ransomware have a lot to cope with. After they’ve recovered from the shock of losing access to files, there’s the small matter of whether to pay the ransom to get them back.
Regardless of the outcome, victims are left worried about how best to clean their computer to avoid being hit by a follow-up attack.
In most cases reporting any of this probably doesn’t figure high on the to-do list: which organization should they contact and, frankly, would it make any difference anyway?
This lack of confidence is probably justified in many countries, with victims of cybercrimes often simply advised to go to a local police station and hope a staff member will be in a good enough mood to talk to them.
Ransomware reporting is, in a way, a microcosm of the larger issue of how best to tackle cyberattacks.
Reporting burglary, car theft or mugging, would be a no-brainer. But online fraud or ransomware extortion? If it happens on a computer, there’s a tendency for people to see it as either the victim’s problem or for the bank or service provider to sort out.
Faced with soaring online crime, police forces and government have realized that to have any chance of containing online crime means treating in in the same way as any other type of law breaking. Intelligence is needed to warn the public of attacks and evidence gathered for possible future prosecutions.
The catch is that amassing better intelligence will be about getting the public to overcome years of conditioning and start telling law enforcement what has happened to them. These investigations are essential. Without real-time reporting, knowing what the criminals are up to and gathering evidence quickly enough to catch perpetrators, becomes impossible.
The good news is that in the US, UK and a few parts of Europe reporting ransomware and extortion is getting easier.
Only weeks ago, the FBI put out its first ever note encouraging ransomware victims to report attacks in some detail through the Agency’s Crime Complaint Center (IC3).
A few months earlier, Europol, the Dutch police and a clutch of cybersecurity firms got in on the act by launching a portal, No More Ransom, which is meant to act as a single point of contact and advice for confused ransomware victims unsure about whether to tell anyone.
The UK, which likes to think of itself as ahead of the game, launched an online cybercrime reporting system in 2009 in the form of Action Fraud. Ransomware and phishing attacks can now be notified through an online tool for victims who end out of pocket.
The UK’s Office of National Statistics (ONS) even grasped the nettle this year and added cybercrime as a separate heading in its 2015-2016 crime statistics for England and Wales, a further sign of changing attitudes.
Worthy though these reporting systems are, awareness of their existence – and importance – among the public remains weak.
To pick one example, the FBI’s 2015 Internet Crime Report (which uses numbers drawn from the IC3 reporting service) recorded only 2,453 ransomware complaints for the year – likely a huge underestimate of the true scale of the problem.
Until public reporting improves, tackling ransomware in a centralized, top-down manner could prove incredibly difficult, leaving more accurate estimates of campaigns in the lap of cybersecurity firms whose specialism is measuring the effect of attacks on computers rather than human victims.
By: Chris Stoneff, VP Technical Management, Lieberman Software
The last Verizon Data Breach Investigation Report stated that 63% of data breaches involved cyber criminals using weak, default or stolen passwords to access information they shouldn’t. With this in mind, it’s good to remember that being a small business is no excuse for poor password security. This is especially so when it comes to the administrator passwords that protect access to the most sensitive areas of a company’s network, like file stores and corporate email. When these credentials are compromised by bad guys, it is easier for them to move around the network and infiltrate critical systems and even gain access to your valuable customer data.
Stolen credentials are one of the easiest ways to exploit small businesses. Many Small and Medium Enterprises (SMEs) may think they don’t have the budgets or the means for effective cyber security. However, small businesses that think they are too insignificant to warrant proper cyber security efforts need to carefully consider who their customers are and how unhappy they would be if their data was compromised. When we look back at Target, one of the biggest data breaches of all time, the breach was discovered to have come through one of Target’s small third party vendors with weak passwords that never changed.
At a bare minimum, companies need to make sure that employees rotate passwords and don’t use the standard ones they use for their personal online accounts. Passwords should be strong – more than 8 characters and include upper and lower case characters as well as numbers.
For those that struggle with endless strings of passwords, there are also affordable Privileged Account Management products that can automate time-consuming manual password changes to ease IT administration burdens. By changing passwords faster than intruders can exploit them, these security products provide real-time containment of attacks that breach the perimeter, and prevent anonymous “nesting” on the network.
Large enterprises are taking cyber security seriously and getting harder to breach. Hackers historically always take the path of least resistance, if that path is via a smaller business with tempting customers, you better believe they will take the easy route. Getting a few basics right, like password security, will go a long way to protecting even the smallest business.
Nick Cano’s Game Hacking walks an unusual line between gaming, computer security and coding. Many involved in the gaming industry, especially with online gaming, know that security can be just as challenging and serious a subject as in other spheres of computing; but to many – even many gamers – video games are still not quite […]
I believe in balance. All problems are caused by imbalance. Illnesses are caused by imbalances in the body; wars are caused by imbalances in the ether; and even support scams are caused by imbalance. I had another call from Microsoft’s computer maintenance department. I wasn’t feeling good. I am ashamed to say I told him […]
Ransomware is the buzzword of the moment, but other scams haven't gone away. Some are even converging with ransomware.
Anti-malware machine and head of the Shellphish DARPA Grand Challenge bronze-medallist team has won US$100,000 from Google for security research efforts. University of California Santa Barbara doctor Giovanni Vigna landed Google’s Security, Privacy and Anti-Abuse award for his long line of research into malware detection. Google did not specify the specific work for which he was awarded but Dr. Vigna has co-published dozens of papers in the field among some 200 works spanning Android, networking, and web-based attacks.
ORIGINAL SOURCE: The Register
The post Google pays $100k to anti-malware crusader Giovanni Vigna appeared first on IT SECURITY GURU.
The web design platform Weebly was hacked in February, according to the data breach notification site LeakedSource. Usernames and passwords for more than 43 million accounts were taken in the breach, although the passwords are secured with the strong hashing algorithm bcrypt. Weebly said in an email to customers that user IP addresses were also taken in the breach. “We do not believe that any customer website has been improperly accessed,” Weebly said in the notice to users.” The company also said that it does not store credit card information, making fraudulent charges unlikely.
ORIGINAL SOURCE: Tech Crunch
One of the biggest breaches in India has compromised as many as 3.2 million payment cards as banks scramble to replace cards and request users to change security codes. Officials believe the breach originated from malware on the Hitachi Payment Services platform, which provides ATM and point of sale services, is responsible for the breach said 2.6 million of the affected cards are on the Visa and MasterCard platform, according to The Economic Times.
ORIGINAL SOURCE: SC Magazine
The post 3.2M payment cards affected in massive Indian POS breach appeared first on IT SECURITY GURU.
A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.
ORIGINAL SOURCE: Ars Technica
The post “Most serious” Linux privilege-escalation bug ever is under active exploit appeared first on IT SECURITY GURU.
US authorities have officially charged Martin Gottesfeld, 32, of Somerville, Massachusetts, for launching DDoS attacks against Boston Children’s Hospital and the Wayside Youth and Family Support Network, a mental illness treatment facility in Framingham, Massachusetts.
ORIGINAL SOURCE: Softpedia
The post Anonymous Hacker Officially Charged for Boston Hospital DDoS Attacks appeared first on IT SECURITY GURU.
Lastline Co-Founder and CTO, Giovanni Vigna, has been awarded a $100,000 “Security, Privacy and Anti-Abuse” award from Google, Inc., for his research work “related to Cybercrime Understanding and Innovative Malware Detection Techniques,” which he performed at the University of California Santa Barbara (UCSB).
Giovanni Vigna, Ph.D, has a long history of excellence in publishing research and software related to malware detection. Dr. Vigna, together with Dr. Christopher Kruegel, also of UCSB, and Dr. Engin Kirda of Northeastern University in Boston, have long led teams of malware researchers from their respective institutions plus University of Vienna and Eurecom Institute in France. As a group, they are associated with the International Security Lab (http://www.iseclab.org), and they have published hundreds of scientific papers in top conferences, addressing all facets of advanced malware, from cybercrime and the underground economy, to the analysis of evasive malware using static and dynamic analysis, to the identification of malicious web sites, to new approaches to protect Android applications. Together in 2011, these three professors founded Lastline, Inc., to bring to market the industry’s most effective malware detection sandboxing technology.
Today, Dr. Vigna, as Lastline’s Chief Technology Officer, remains tightly connected to his academic roots and committed to the advanced research and discovery that has reshaped the security sector’s state-of-the-art for evasive malware detection. His leadership has helped formulate and evolve enterprise security best practices. Through his efforts, Lastline has again in 2016 been recognized by several leading analyst and testing organizations for its innovative solutions. In addition to industry success, the founders’ academic teams have been similarly distinguished.
This past summer, Dr. Vigna led the “Shellphish” computer science team (made up of graduate students from UC Santa Barbara) to the finals of the Defense Advanced Research Projects Agency (DARPA)-sponsored Cyber Grand Challenge, in which Artificial Intelligence Autonomous Hacking Systems competed against one another. Shellphish was one of 7 teams that qualified for the finals of the competition, which happened this past August. The team’s autonomous system, Mechanical Phish, placed third at the competition, bringing home a $750,000 cash award.
“There is a different bar that is set in academics that lends itself particularly well in the cybersecurity industry,” said Giovanni Vigna. “In Silicon Valley, there is this concept of shipping a product which it is ‘good enough.’ In academia, the focus is on novel ideas. Only through innovation one can stay ahead of the ever-changing threat landscape. We have brought this line of thinking into Lastline, which continuously innovate its approach to malware analysis to deliver the most effective protection to its customers. It is not a coincidence that Lastline was independently tested out this year with the highest detection rate and zero false positives – establishing another set of performance accuracy benchmarks for threat detection and mitigation.”
The post Google’s $100K cybersecurity award given to University of California Santa Barbara appeared first on IT SECURITY GURU.
International finance has become hugely complex. The increased velocity of trading, the development of highly sophisticated instruments and the growth of stringent regulation has been matched by the demand for far more elaborate security, surveillance and reporting.
Just as the nature of the financial world has become more complicated, the activities of criminals and fraudsters have also evolved. The integrity of a financial institution’s operations is now at risk from insiders with specialised knowledge, their collusion with crooks at trading partners, the activities of experienced global money launderers and increasingly, the skills of cyber criminals.
The volume of data and constantly changing variables that has to be monitored and investigated in order to maintain security against these fast-developing threats is huge. It involves spotting suspicious links and patterns from among vast amounts of very different kinds of data and it is a task that conventional relational databases are incapable of performing well.
It is only the deployment of graph analytics run on a supercomputing platform that allows connections to be made and anomalies flagged up rapidly and accurately with remarkably low levels of time-consuming false positives.
Skeptics (or the ignorant) may question why graph analytics is so suitable in this field. The simple answer is that relational analytics techniques come to a standstill when an enterprise such as a bank or insurance company has to rely on querying such large volumes of structured and unstructured data.
If surveillance only involved data in tables, relational techniques would suffice. But in the real world, detection depends on establishing suspicious links and connections from all kinds of information in many different formats.
Faced with these challenges, even Hadoop, the distributed storage and processing framework, will not deliver the magic that is often ascribed to it.
Thriving on complexity
Graph, by contrast, thrives on high levels of complexity and interconnectedness and has no rival in discerning significant relationship patterns between variegated data types. What might cause conventional analytics to explode, graph analytics can accomplish in seconds.
In a simple example, an investment bank concerned about insider-trading may wish to find all employees who have used instant messaging to contact a third party who is a friend on Facebook with someone else who has access to the back-office settlements system. For graph, this is a simple matter of three hops, unlike conventional methods that require three sets of data to be joined together.
Snuffing out cyber threats
Equally, when protecting financial institutions from cyber-attack, a graph engine will draw on data from a dozen or more sources to determine whether a pattern of activity represents a suspicious anomaly that has to be countered immediately.
An entire network infrastructure and its links to third parties can be represented in graph, establishing connections with patterns of previous cyber security incidents and with technical information on government security databases.
This is a level of complexity that only graph can handle, given that the data volumes required for cyber detection can be huge, including weblogs, telemetry, emails, firewall and IP data. In a large enterprise this can easily amount to 20 terabytes per day, some of it structured in tables, but much of it only semi-structured.
Graph’s capacity to cope with complexity on this level is behind the growth in new cyber reconnaissance and analytics services that build a high-resolution image of each organisation’s cyber landscape from the criminal or unscrupulous rival’s perspective.
Cyber analytics, using graph’s ability to join together pieces of knowledge at vast scale, gives users insights at a much higher level of frequency, leaving conventional signature-based security trailing in its wake.
Multiple analytics workloads can be run concurrently on a single platform, exploiting the speed of supercomputing to identify relationships and look for behavioural patterns from data that is now generated and stored at a much faster rate than it can be analysed. Without this protection, malicious content has the space to hide and operate undetected.
Once an organisation sees its vulnerability from an adversary’s perspective, it can position its resources to have the biggest impact on boosting security.
This capacity to determine links and connections from raw data also makes graph supreme in finding new patterns of fraud.
It can protect an organisation by creating a new set of rules that are pushed out to operational systems, determining when an alert should be triggered, immediately flagging up suspicious chains of events.
For example, the chain may be that a bank trader phones a colleague in IT and then at the close of trading, the door security technology indicates they have walked out within a minute of each other, followed by another data source showing the IT employee quickly purchasing shares.
In addition to establishing patterns, graph’s ability to explore hidden corners is vital – illuminating fraud, for example, by drawing on data already in the public domain, such as an employee or contractor’s friendship on social media with a CFO.
In insurance fraud, a graph engine has the power to expose collusion where real identities are being recycled or manipulated to create fake evidence. A single social connection from among thousands can unravel an entire plot, saving large amounts of money.
Reducing the cost of AML
In anti-money laundering (AML) operations, supercomputer-powered graph analytics can also take a scythe to costs. Conventional AML can involve many thousands of staff at a large multi-national investment bank and often requires the expensive blocking of transactions while investigations are conducted. With graph, the time it takes for such investigations can be slashed from typically, three-to-four hours, to a mere 20 minutes.
Graph analytics is fast and effective in handling these challenges because it does not integrate data, it takes the feeds from the systems and goes straight to work as a complementary technology.
Graph analytics on highly connected data is all in memory operating on all the nodes and edges at the same time. This can be a problem for larger use cases for banks with millions of accounts and transactions. No compute node is big enough for all the memory needed. Firms have handled this lack of graph scaleability by partitioning their data unnaturally across many compute nodes. This has meant that you have to make assumptions about what questions can be asked so that only a single node is involved. The problem is that opportunities to exploit the complexity of todays or future data sources cannot be fully exploited.
Powered by supercomputing technologies, Cray’s graph engine uniquely creates a single memory space that uses the fast interconnect spanning many compute nodes, making it the most scalable graph technology available.
It means it can expand to meet evolving needs, without having to store data in a way that makes assumptions about the questions to be answered and the relationships between the nodes.
It is not necessary to “normalise” the data in order to achieve the desired outcome, merely to add a new set of nodes and relations between the nodes.
Beefed-up security and big ROI
Indeed, across the full range of use cases, the combination of graph analytics and supercomputing delivers substantial return on investment for financial institutions of all sizes with remarkable rapidity, saving time and costly man-hours, offering a shortcut to a level of expertise that would otherwise be inaccessible.
Without it, banks and finance houses that rely on relational databases and more conventional approaches risk floundering in dark, sustaining severe damage from disasters that could have been foreseen and prevented long ago.
The post How banks are keeping ahead of criminals with supercharged graph analytics appeared first on IT SECURITY GURU.