Wednesday, 30 November 2016

National Lottery data breach – Industry Reaction

Thousands of customer accounts on the National Lottery website may have been compromised.

Camelot said it believes that “around 26,500 players’ accounts were accessed”, but fewer than 50 accounts have had activity take place since the hack.

The National Lottery operator said it became aware of “suspicious activity” on a number of players’ online National Lottery Accounts on Monday.

The Guru reached out to the cyber security community to get reactions to the latest data breach.

Alex Cruz-Farmer, VP at NSFOCUS:

“This is a great example of where hackers are getting smarter, and are systematically testing username and passwords across a full spectrum of victim websites. With these persistent and systematic attacks, it is showing how vulnerable we, as users, are without the right security mechanisms in place. This is also a great reminder to everyone to stay vigilant, and to try and avoid using the same passwords across multiple platforms and websites”.

Lee Munson, security researcher for

“The fact that the National Lottery has seen players’ accounts hacked is hardly surprising, given the fact that all companies should be asking when it will happen to them, not if. It’s also no more of a surprise to learn that those behind the attack have likely used login credentials stolen from elsewhere on the web. Such an approach is becoming increasingly common, mainly because the average user recycles the same one or two passwords across all of their accounts.

While Camelot has done the right thing in freezing some accounts and enforcing password changes, it really is up to everyone to take more responsibility for their own security by using different login credentials for every single account they sign up for. If using multiple different passwords sounds tricky, do not worry, as password managers can make that aspect of your online security very easy indeed.”

Alex Mathews, EMEA technical manager, Positive Technologies:

 “Big consumer brands which hold vast amounts of personal details are pay-dirt for cybercriminals. They often hold massive databases of  information which can be used for follow-up attacks on other services.  The people contacted should make sure they keep a close eye on their online accounts for phishing and other suspicious activity.  If anything looks awry, then it is probably best to treat it with caution.  Now is probably a good time for the affected people to change their passwords across the board.” 

Gavin Millard, EMEA technical director, Tenable Network Security:

“Rather than the usual breach being caused by an insecure web application, blurting out confidential information with a carefully crafted request, Camelot are claiming the breach of 26,500 user accounts are due to the credentials being swiped from another website not related to The National Lottery and used to login. 

“With so many systems being breached, reusing the same password on multiple sites is a major risk. If your password is exposed on one breach, this can be leveraged against many other systems to cause further losses and exposure of personal details. Users should protect themselves against simple attacks like this by having individual passwords for any site that holds personal details. Password management is a pain, but with so much of our personal details being stored online and entrusted by more organisations than ever before, it is necessary to protect yourself from fraudulent activity by practising good password use.”

Oliver Pinson-Roxburgh, EMEA director at Alert Logic:

“The National Lottery breach highlights the challenge all organisations face today – and reiterates the fact that consumers have a significant role to play in protecting their online accounts.  Attackers leave digital fingerprints in their network activity or system logs that can be spotted if you know what to look for, and have qualified people looking for it. Through continuous monitoring, 24×7, and being able to distinguish normal from abnormal, organisations can identify and act against sophisticated attackers. Front the statement given by Camelot their monitoring uncovered the breach but the breach likely occurred due to poor password management from their customers. 

“Consumers will be forced to change the password on their National Lottery account, and any other accounts that use the same password.  However they need to ensure that they don’t use the same password for other accounts, You should keep track of all the user accounts and passwords you maintain on the Internet.

“A passphrase is also highly recommended, instead of a password.  You can take a common phrase and create a pattern that means something to you, then add minor edits as a way to keep passphrases different.  An example is: The sun rise is great today.  A simple passphrase could be: Tsr!Gr82day.  The passphrase is 11 characters long and contains number, upper/lower case letters and a symbol.  The exclamation mark (!) substitutes for the “i” in the word is.  You can add something specific to make the passphrase different on multiple accounts. 

This really demonstrates that no brand is safe and whilst organisations need stringent security policies and technologies, consumers play a role in the security of their accounts.”

Nick Brown, group managing director at GBG:

“Whilst National Lottery has told users that financial information was not leaked, this data breach is by no means of less significant concern. Card details can be replaced but the other – more personal – information, such as your name, your job and where you live can easily be pieced together by criminals, who browse, haggle and sell personal details on the dark web, and use it for identity theft. 

It’s sadly got to a point that you have to assume your identity, at some point, will be compromised. In the first instance, identity thieves will use the real identity of an individual and thereafter, create synthetic identities compiled from elements of the data stolen from a user. Organisations, therefore, need to learn from these hacks – especially as they become more common – and use more data, analytical insights and triangulation of multiple identity proofing techniques to minimise the effects of identity theft for both the user and the businesses serving them. In short, the more transparent we can be with data, the more it can be used to gather insights and intelligence that will stop the bad guys in their tracks.”

James Romer, Chief Security Architect  EMEA, SecureAuth Corporation:

“This is not the first breach of this kind, Three Mobile, Deliveroo and now the National lottery and all in the span of a month. While steering clear of password reuse and adopting a password manager to allow for complex passwords will improve a consumer’s personal cybersecurity posture, today’s incident underlines the need to strengthen access controls. For too long organisations have relied on passwords as the single form of access control and it is simply not strong enough, nor adequate to protect vital applications and data. Multi-factor, adaptive authentication, renders stolen credentials completely worthless, taking advantage of the contextual information that exists today around our identities, devices and locations, making it much harder to compromise accounts. Particularly on sites like the National Lottery where money deposits are stored and customers save their card details for convenience, leaving them left with holes in their bank accounts too. Luckily, on this occasional no money or banking credentials were obtained. However this should serve as a stark reminder of why organisations must strengthen their defences against cyber adversaries by employing cutting edge adaptive authentication.”  

David Navin, Head of Corporate at Smoothwall: 

“The cyber hack of National Lottery accounts highlights that financial details are not always an attacker’s end game, and demonstrates how something as simple as an email address and password can be all they need to cause damage. This once again has emphasised the issue of end users not updating or using a variety of complex passwords for different accounts, thus making them vulnerable as we’ve seen with this latest breach. 

“However, the onus also lies with the companies themselves, who have a responsibility to safeguard their customers’ data and information even if the end users are not. In a digital world where companies are interconnected, hackers will look to find their weak spots and points of entry which can be through a supplier or a partner that doesn’t see itself as an appealing target. Such companies are not only an attractive option to hackers – they are often an easy one. 

“No matter how big or small, all companies must protect their data and that of their partners and suppliers. They need to comply with regulation and build a layered security defence which spans encryption, firewalls, web filtering and ongoing threat monitoring as well as a proactive stance. Companies need to have all the measures and contingency plans in place so that if a breach does occur, they are able to recover and instil customer confidence as soon as possible.” 

John Madelin, CEO of RelianceACSN:

“There are some interesting features associated with the data breach suffered by the National Lottery website. First, it was a vulnerability suffered through interaction with third parties, a consistent weakness in today’s online partnerships.  Another common feature is the gap between the hackers getting in, and capitalizing on their position. Usually the time between compromise and theft is wide enough to cause serious cash loss, in this case it appears they didn’t take money or target Camelot’s financials, yet.

 “This also highlights the fact that there are many motives that drive hackers beyond direct financial gain and that a compromise is a first step to finding and stealing valuable assets of many kinds, including data such as emails and passwords which in the wrong hands are hugely valuable. In the National Lottery’s case it looks like the cyber criminals were after personal data which they would be able to sell on the black market at a later date, and first indications suggest that Camelot was able to step in before serious damage was done. To avoid situations such as this, organisations need to understand the hidden value of the data they hold and why criminals might find it valuable – one man’s trash could be a cybercriminal’s treasure.”

Andy Herrington, Head of Cyber Professional Services in UK & Ireland at Fujitsu:

“The statement by Camelot once again draws attention to the cyber challenge presented to today’s enterprise. While it appears that 26,500 National Lottery players’ accounts were accessed, it is interesting to note that Camelot’s response is very different from many incidents reported over the course of this year. 

“It appears to be very much a pro-active statement which seeks to re-assure users by providing details of the incident in a very controlled way which is easy to understand. The fact that Camelot’s monitoring systems have played a clear role and that they have been able to investigate the incident, threat vector and impact quickly also demonstrates a level of maturity and control.

 “While it is yet another incident it does clearly demonstrate that organisations which prepare themselves appropriately, including monitoring and forensic services underpinned by effective incident processes, are better prepared for what many consider ‘the inevitable’. This is the direction that many organisations will need to take in preparation for GDPR.”

Chris Hodson, EMEA CISO at Zscaler:

Cybercriminals may have hit the holiday jackpot with over 26,500 registered National Lottery users. With no technical details included in the National Lottery’s statement about how the data was exfiltrated, just that it was, we can only speculate as to the tactics of these hackers. The act of stealing personal information from these accounts but leaving financial credentials untouched, also highlights that the motives of the criminals was not immediate financial fraud but highly sought personal identifiable information.

“The National Lottery have now outlined that no payment details or money were accessed, but that does not lessen the impact of the breach. Confidential data can still be used to build a false customer profile or commit subsequent fraud at scale.

“With the General Data Protection Regulation looming for kick-off in 2018, we have to wonder how the National Lottery would have responded if such requirements were imposed on them today? 

“To mitigate risks in the short term, account holders should update passwords and avoid using the same password across multiple sites. Instead they should consider using a password vault to store a variety of different, and more complex passwords without becoming reliant on the security of corporate enterprises.”


The post National Lottery data breach – Industry Reaction appeared first on IT SECURITY GURU.

from National Lottery data breach – Industry Reaction

Making the Case for DevOps in the Boardroom. Are You Ready?

Axway has recently partnered with industry analyst firm Ovum to conduct a global survey consisting of 450 senior IT decision makers to determine how organisations are preparing to meet the needs of today’s digital economy. The findings highlighted two key concerns for IT leaders, and DevOps pros in particular.

  1. More than half of the enterprises have failed to comply with customer-driven service level agreements (SLA), face non-compliance with data security regulations and are worried about data integration issues.
  2. Nearly a third of the respondents indicated that they have not explored digital business initiatives and the role of APIs in digital transformation.

While these findings focus on the organisation itself, they imply a much broader business impact. Below are some key guidelines to help the DevOps team address these challenges.

Speak Truth to Power

It is particularly worrying that 36 percent of businesses are not planning to invest in the use of APIs, despite skyrocketing customer expectations for much more digital experiences. This suggests that either the business has not prioritised digital initiatives or that their IT team is struggling to make a case for the necessary funding. So what should you do if your team is in this situation?

It’s essential to make the case in board level language rather than ‘tech speak’. Management doesn’t care for speeds and feeds, but it does care about business consequences.  Here are two crucial statements that your team can use to get the C-suite’s attention and financial backing:

  1. Slow IT threatens the survival of the business.

Failure to invest in IT will slow down business innovation and the ability to launch new digital services, which runs the risk of damaging the customer experience. This will eventually result in brand and revenue damage, but can be preventable with an API-first DevOps strategy in place.

  1. A security breach – or compliance failure – could result in executive prosecutions.

Execs are not always as aware as they should be that security or compliance failures can result in civil and even criminal liability, not to mention the damage such an event can have on your company’s brand. Work closely with the Chief Compliance Officer (or Chief Legal Officer) to help clearly spell out plausible risk scenarios to the CEO, CFO and the broader C-Suite. Explain why having up-to-date technology that’s fit for purpose is critical to ensure the necessary levels of compliance and security.

Don’t Fly Blind: Integrate Smarter and Faster

More than 50 percent of respondents noted a lack of end-to-end visibility, non-compliance with data security regulations and limited integration with backend systems as being potential issues. 57 percent are also relying on B2B integration gateways that are more than five years old and often lack any form of API management capabilities. This can create a huge challenge when building and integrating digital and cloud services.

Unfortunately, the speed of change isn’t slowing down. Quite the opposite – it’s increasing. IT needs to ensure it has a go-forward solution for this issue and APIs are key to delivering the visibility and integration needed for a high-performance, compliant organisation.

Digital transformation via APIs requires a wholesale revaluation of process, people and product – so ask the hard questions now.

  • What needs to change at the IT level to enable the broader digital strategy? Which services and products need to be digitally re-engineered or integrated differently?
  • Does my technology platform support all current compliance requirements and give me the flexibility to meet shifting demands?
  • Does my team use a true “cradle to the grave” lifecycle approach to API creation and management?
  • Is my team structured properly to allow a true DevOps model, where continuous updates in parallel are the norm and not the exception?

Always Think Ahead

Be assertive and implement smart changes on your terms now so that your DevOps team is future proofed for the digital age. Here are three recommendations on how you should approach digital business transformation:

  • Personalise your plan: There isn’t a “one-size-fits-all” approach. Instead, you need to carefully evaluate how DevOps can support your company’s overall IT objectives and assess how you need to approach the goals of individual releases.
  • Take a holistic approach: Don’t think of DevOps as just a list of sequential process steps and activities. Instead, look at how you can optimise the overall process to eliminate overlapping tools and inefficiencies and maximize impact.
  • Think long term: Develop your strategy and process to enable continuous delivery as this will give you the flexibility and agility needed to meet constantly shifting customer demands.

This might seem daunting, but this “rethink” is essential as it is the only way we can meet – and ultimately exceed – rising customer expectations.

Technology has tipped the balance in favour of the customer and to be successful in this new digital world we all need to rethink the traditional IT processes. And while there is no “one-size-fits-all” approach as different organisations are at different stages of their own journey, implementing smart changes now can make a huge difference to the long-term success of your business.

The post Making the Case for DevOps in the Boardroom. Are You Ready? appeared first on IT SECURITY GURU.

from Making the Case for DevOps in the Boardroom. Are You Ready?

78% of IT and computing businesses do not see Brexit as a threat

Leading commercial insurer RSA has today released a report, Future Impacts, which assesses the effects of economic events such as Brexit on business growth, as well as the risks that businesses face and how they are managing those risks.

The research found that Brexit is not perceived as a risk by 78% of businesses in IT and computing, with 35% stating that leaving the EU will have no impact at all, and 43% saying it will have a positive effect on their business. This compares to an average of 70% amongst SMEs across the UK. However, SMEs did identify a range of more significant threats which many companies are not sufficiently protected against.

29% of SMEs in IT and computing sector say they would go out of business if faced with an unexpected bill of £50,000, compared to a national average of 28%. Yet 49% of SMEs in the IT and computing sector are not insured against any of their top three risks, which is slightly lower than the national average of 58%.

The top three risks UK SMEs identified were:

  1. Economic uncertainty (35%)
  2. Increasing market competition (35%)
  3. Cash flow (31%)

Additionally, almost nine in 10 (88%) insurance brokers see underinsurance as a problem for their SME clients, suggesting that businesses which do not have enough insurance in place are potentially at risk of not being covered for the full cost of repairing the damage caused by unexpected issues.

Future risks 

RSA’s Future Impacts report also investigates the emerging risks for UK businesses, with 73% of SMEs stating that new risks have emerged since they first started their company. However, little is being done; for example, 82% have not altered or increased their insurance coverage as a result of technological change.

The threat of cyber-attacks, for example, is one of the most prominent emerging risks for businesses. While government figures show that two thirds of large businesses and three quarters of SMEs have experienced some form of cyber-attack1, RSA’s research found only 9% of businesses have cyber cover in place, and only 26% said they are concerned about the threat posed by a cyber-attack.

Businesses’ lack of protection against cyber threats is echoed by government data, which found that approximately one third of firms had formal written cyber security policies and only 10% had an incident management plan in place.2

Russell White, Schemes and Deals Director, Regions and SME, Commercial Risk Solutions at RSA, said “The technological landscape is changing at an unprecedented rate bringing businesses both new opportunities and new threats. Despite pushing these technological advancements, SMEs are also being left behind the curve when it comes to securing themselves against the risks presented by cyber development. It is interesting to learn that only 12 percent of businesses in the IT and computing sector have cyber cover, despite them understanding the landscape.”

Russell added “The onus is not only on SMEs themselves to better manage their risks, but also on brokers and insurance providers to proactively raise awareness of the protection gap and help SMEs to better understand the risks they face, and what they can do to protect themselves against them. RSA has devised a number of recommendations demonstrating what insurers, brokers, government and SMEs themselves can do to subvert this trend and help strengthen UK businesses and their contribution to our economy.”

The post 78% of IT and computing businesses do not see Brexit as a threat appeared first on IT SECURITY GURU.

from 78% of IT and computing businesses do not see Brexit as a threat

Time to Bury Dedicated Hardware-based Security Solutions

Virtualisation and software defined networking have transformed the IT infrastructure landscape over the past decade. As organisations look to minimise their hardware footprint, improve network flexibility and decouple applications from the infrastructure to gain agility and flexibility, the era of dedicated hardware-based solutions is over.

Yet when it comes to securing the essential VoIP network, the vast majority of voice technology vendors still insist on deploying a hardware based Session Border Controller (SBC) – despite the cost and complexity of deployment and a clearly flawed security model.  The hardware SBC deployment is not only at odds with today’s virtual environment but the ‘implement once, update never’ approach leaves organisations at risk of toll fraud and corporate espionage. Paul German, CEO, VoipSec, insists vendors should call time on this dated and dangerous approach to voice network security.

Get Functional

Today’s function-first approach to technology is reflected in every element of the infrastructure. The emphasis is on getting the right tool for the job first, from CRM to intrusion detection, and then deploying that tool in a way that is as efficient, agile and scalable as possible.

This shift has been underpinned by a fundamental transformation in IT strategy – networks are agile and quickly deployed; and applications can be delivered quickly, in any location and scaled to meet an organisation’s requirements.   From virtualised hardware – now standard in most data centres – to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application; and the application itself is increasingly located anywhere across the cloud.

This decoupled approach clearly demands a different approach to security. Security can no longer be defined by network controls because those networks are virtual, disparate and remote. When organisations access applications via an Internet address the physical location is increasingly unknown. Security needs to be elastic and flexible, whether it is spanning from one server in one data centre or 100 servers spread across five data centres.

Dated and Dangerous

Where, then, does the hardware based, dedicated Session Border Controller (SBC) fit in to this model? Quite frankly, it doesn’t.  It is an approach to securing the VoIP network firmly rooted in the past that is fundamentally flawed on many levels.

Obviously, the vendors’ failure to reflect the function driven model embraced by the vast majority of organisations today is a problem.  Insisting on a dedicated hardware SBC constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud based voice applications, for example? Where does the SBC fit into a decoupled infrastructure? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.

Even more concerning, however, is that this approach is flawed from a pure security perspective. These hardware SBCs are considered both one off investments and one off deployments. Yet as every security best practice model will attest, with a constantly changing threat landscape failure to undertake routine updates will leave the organisation vulnerable.

To be effective, security solutions need to reflect both the emerging risk and the current deployment trend. And that means a software only model that is continually updated to mitigate the evolving threat landscape. Software based SBCs, either on premise or in the cloud, also explore community led intelligence about threats and risk experiences to rapidly disseminate new threat information and best practice.  This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.

Community Collaboration

This collaborative, community approach increasingly underpins the security market. From AV to monitoring, the way in which vendors interact with customers is changing fast. In addition to specific communities, vendors are offering portals that enable any customers to share experiences, insight and ideas. Security is not static – and it is this desire to share knowledge that is increasingly key in developing an ever expanding range of capabilities and enabling vendors to create solutions that will safeguard businesses globally from every new zero day threat.

Moreover, this collaborative, software based – and increasingly cloud based – approach lends itself to the creation of specific solutions to evolving threats – such as the rise in voicemail hacking. While voicemail systems are, in theory, password protected, the vast majority of users never reset the password from the default – either 1234 or 0000. With the door wide open, it is easy for hackers to gain access to the voicemail, at which point it is a simple step to compromise the system to accept and make international collect calls. The business will only discover the problem when the next bill arrives – a fact that is contributing towards the $4.4 billion lost due to PBX hacking according to the Communications Fraud Control Association (CFCA).

The continuous update and collaborative software model enables vendors to respond to the emerging threats by, for example, providing specific voicemail protection modules that can be provided as part of a cloud based SBC to identify breach attempts, lock down the voice network and alert the organisation. In addition, the solution will log rogue numbers identified across the cloud based network, rapidly creating a database of blacklisted numbers that can be deployed by all organisations to further protect against voicemail hacking attempts.


The failure of the hardware SBC is not only compromising the evolution of the IT infrastructure but adding untenable business risk. According to NEC, 84% of UK businesses are considered to be unsafe from hacking, and attacks on VoIP servers represented 67% of all attacks recorded against UK-based services according to Nettitude.  Risks such as toll fraud are well known. But how many organisations also realise that the voice network can be compromised to eavesdrop sensitive communications with malicious intent such as harassment or extortion? Or to gain access to private company and customer contacts?

While hackers are cashing in on the widespread adoption of VoIP, the vast majority of SBC vendors are simply failing to respond. They still advise an implement once model. They fail to update customers on the evolving threat landscape – such as the rise in voice mail hacking. And, they cannot support the agile, decoupled infrastructures now required. So just what is the value of a hardware based SBC?

About Paul German 

Paul German is founder & CEO of VoipSec, a business founded with the mission to simplify the complicated and costly area of VoIP (Voice Over Internet Protocol) security.

Paul has over 18 years’ experience in the areas of unified communications, voice and network security, having worked with a broad range of organisations including Cisco and most recently leading the EMEA business for Sipera Systems until its acquisition by Avaya in 2011.  He brings a unique combination of business acumen and technical depth to every project with which he engages, and is passionate about making innovative technologies readily available to businesses of all size to improve security and overall performance.

The post Time to Bury Dedicated Hardware-based Security Solutions appeared first on IT SECURITY GURU.

from Time to Bury Dedicated Hardware-based Security Solutions

GET pwned: Web CCTV cams can be hijacked by single HTTP request

An insecure web server embedded in more than 35 models of internet-connected CCTV cameras leaves countless devices wide open to hijacking, it is claimed. The gadgets can be commandeered from the other side of the world with a single HTTP GET request before any password authentication checks take place, we’re told. If your camera is one of the at-risk devices, and it can be reached on the web, then it can be attacked, infected with malware and spied on. Network cameras typically use UPnP to drill through to the public internet automatically via your home router.

View full story


The post GET pwned: Web CCTV cams can be hijacked by single HTTP request appeared first on IT SECURITY GURU.

from GET pwned: Web CCTV cams can be hijacked by single HTTP request

‘Dronejacking’ to become next big security threat as hackers look to the sky

In 2016, drone technology entered the mainstream and can now be used for aerial photography, media filming, law enforcement surveillance and – if the promises from pioneering digital giants like Amazon come to fruition – home deliveries. Yet as more of these small flying devices take to the skies, cybersecurity experts are warning that they will inevitably become an open target for hackers. In what is being dubbed as “dronejacking”, experts say cybercriminals are likely already looking at ways to exploit these devices.

View full story

ORIGINAL SOURCE: International Business Times

The post ‘Dronejacking’ to become next big security threat as hackers look to the sky appeared first on IT SECURITY GURU.

from ‘Dronejacking’ to become next big security threat as hackers look to the sky

Government’s snoopers charter ‘has no place in modern democracy’ says inventor of World Wide Web

The inventor of the World Wide Web has issued a stinging criticism of new surveillance legislation that has just become law in the UK, saying it “undermines our fundamental rights online” and has been rushed through by MPs who do not understand how intrusive it will be. Sir Tim Berners-Lee said parts of The Investigatory Powers Bill are “disproportionate” and that people’s rights to freedom are curtailed if police and security services have increased snooping powers.

View full story

ORIGINAL SOURCE: International Business Times

The post Government’s snoopers charter ‘has no place in modern democracy’ says inventor of World Wide Web appeared first on IT SECURITY GURU.

from Government’s snoopers charter ‘has no place in modern democracy’ says inventor of World Wide Web

Intelligence experts call on President Obama to end Edward Snowden’s exile in Russia that ‘benefits nobody’

Fifteen former staff members of a Watergate-era intelligence watchdog committee have jointly written to President Barack Obama and Attorney General Loretta Lynch urging them to extend leniency to NSA whistleblower Edward Snowden. Signed by a group of members of the Church committee, a special Senate body that investigated illegal governmental operations by the CIA and other intelligence agencies in the 1970s, the letter calls on Obama to resolve the “Snowden matter” and end his “untenable exile in Russia, which benefits nobody”.

View full story

ORIGINAL SOURCE: International Business Times

The post Intelligence experts call on President Obama to end Edward Snowden’s exile in Russia that ‘benefits nobody’ appeared first on IT SECURITY GURU.

from Intelligence experts call on President Obama to end Edward Snowden’s exile in Russia that ‘benefits nobody’

National Lottery accounts feared hacked

About 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot. The firm said it did not believe its own systems had been compromised, but rather that the players’ login details had been stolen from elsewhere. The company said that no money had been taken from or added to the compromised accounts.

View full story


The post National Lottery accounts feared hacked appeared first on IT SECURITY GURU.

from National Lottery accounts feared hacked

Online gaming is exposing us to dangerous security threats

How much is my data worth? Not a question you might ask yourself when you’re in a hurry to complete the final level of a gaming app you’ve been trying to crack for weeks. You reach out to your contacts in the game for tips on how to progress, and Sarah125 sends you a link to a cheat guide. But Sarah125 isn’t a fellow gamer. She’s a cybercriminal. And she’s relying on you getting caught up in the adrenaline rush of the game so that she can trick you into clicking on an infected link. This will enable her to steal the data on your device and infect your home network. If you use the device for work too, it could put your colleagues and employer in danger as well.

A recent survey we conducted found a majority of people who play online games (64 per cent) now identify themselves as a gamer, with two thirds (69 per cent) playing every day and 85 per cent more than three times a week.

The risks arise when gaming thrills result in us losing control and entering a state of mind we’ve dubbed ‘gaming mode’.  Our competitive, thrill seeking nature encourages us to lower our barriers and make poor decisions when it comes to security. Beating an opponent takes precedence over keeping information secure.

In this article, I’ll examine the common security mistakes people make when experiencing the thrills of a game and outline my tips for staying safe online. 

Our interactions online today

Video games have come a long way since they first emerged in the 1970s, and in the last decade, the gaming industry has exploited advances in technology, improvements in broadband connectivity and networking, to create more dynamic and interactive experiences for players. Our study found that while people enjoy playing a wide range of games, the most popular today involve competing and interacting with others online (49 per cent).

With interactive gameplay now so common, a new world of potential security threats has emerged, many of which centre on our trust for fellow gamers.

Interestingly we found that almost half (42 per cent) of people had encountered someone pretending to be another person online, and a quarter (24 per cent) had experienced someone asking suspicious questions about their personal information. Of those surveyed 17 per cent had had someone ask them for financial information and attempt to use their log-ins.

Despite these figures, the relationships forged in gaming environments are more trusted than in dating environments. When asked which platform they trust most when it comes to meeting someone in real life that they had interacted with online, more people were trusting of other gamers (22 per cent) than people on dating websites (17 per cent). With the social element of gaming secondary to the game itself, it’s clear people feel more trusting despite the opportunities it presents to pretend to be someone else.

This assumption can cost gamers dearly.

The risks of gaming blindly

When you’re in ‘gaming mode’ you relax your barriers to external security threats so it’s vital to take the proper precautions to protect your information. However, only 17 per cent of people we surveyed said they had internet security software installed on the smartphone they use for gaming (62 per cent for PC). One in ten respondents even said they had switched this off in order to improve their gaming experience.

While most people are aware of the dangers of sharing sensitive information online, our study found that nearly half (48 per cent) of children aged 11-16 regularly share their real name and age when gaming online.

As online games create social spaces for interactions, the presence of such a large online community of anonymous strangers and the unfiltered, unmoderated discussions, can pose risks to the safety of children and adults alike.

Staying safe

Although online gaming poses many risks, there are a number of simple steps you can take to ensure you are protected. The most obvious starting point is to ensure that you have internet security on the device you are using. Viruses and malware lurk in apps and add-ons so be careful what you click on or download.

Our research also found half (49 per cent) of respondents had spent money getting additional add-ons for gaming apps (such as a skin, mod, weapon, or costumes for characters) through unofficial sources, opening up the possibility for financial information to be stolen and used illegally. You must be careful what information you share. Personal and financial details should not be sent to people you don’t know are genuine.

Fraudsters infiltrate online games and interact with people to get information they can use. Our survey found nearly a fifth (18 per cent) of respondents said they had the experience of discovering a person they had befriended was not who they thought they were.

Password security is vital for protection across platforms and gaming is no exception. Gamers need to regularly change log-ins and avoid using the same password for other online accounts.

Finally, gamers must not game blindly. Be sensible about clicking on links, don’t share personal or financial details and if you suspect your device might have been infected take action to protect your information.

So remember, don’t play the game cybercriminals want you to. Be aware of ‘gaming mode’ when you open your gaming app or log onto your PC to take down an opponent. Protect what matters most by keeping your information secure.

The post Online gaming is exposing us to dangerous security threats appeared first on IT SECURITY GURU.

from Online gaming is exposing us to dangerous security threats

Tuesday, 29 November 2016

Business Continuity Planning and quantum computing

I must admit that this topic is one that really gets me excited. Yes, other aspects of security can benefit from quantum computing, and the job can be eased or made more cost-effective. But in emergency planning, you can actually save lives, and reduce suffering. As with risk analysis and management, so business impact analysis […]

The post Business Continuity Planning and quantum computing appeared first on ITsecurity.

from Business Continuity Planning and quantum computing

Job-hopping trend heralds new era of personal data risk

Graduates are changing jobs more often than previous generations. It is estimated that by the time today’s millennials reach the age of 32, they will have changed jobs four times[1]. With this trend for job hopping comes an increase in the number of employment records that HR departments must retain, store securely and ultimately destroy within a legally determined timeframe. However, recent research from Iron Mountain (NYSE: IRM), the global leader in storage and information management services, suggests that many HR departments may not be equipped to deal with this trend. The research shows that 50% of mid-sized businesses in Europe have out-of-date processes for managing their HR records, which could be putting personal information – including people’s right to be forgotten –at risk.[2]

Many mid-market businesses (31%) store HR documents relating to employees longer than they are legally entitled to and a quarter (25%) don’t know the legal requirements. As the job-hopping trend gathers pace, Iron Mountain is calling on organisations to consider improving their information management practices to protect the increasing volume of personally identifiable information in their care from potential exposure.

Few businesses are ready to manage the increased volume of personal records as new recruits apply for jobs and current employees move on. According to Iron Mountain’s research, 65% of mid-market businesses still rely on email and paper for most HR processes instead of putting automation in place to help them manage the increasing volumes.[3]

Sue Trombley, Managing Director of Thought Leadership at Iron Mountain, said: “The days of a ‘job for life’ are long gone. Today people are changing roles more frequently than ever before. When they switch to a new business, employees leave a trail of personal information behind them – information that employers are legally obliged to get rid of within a defined time limit. Keeping track of what information you have, where it is and when you need to securely dispose of it is difficult.

“Employee documents are just one type of record that depend on a trigger event to determine when they should be disposed of. The event starts the retention clock ticking. Imagine just how many clocks will be ticking in every HR department – all set to go off at different times five, six or more years into the future. It’s notoriously hard to get event-based retention right and many organisations will be uncertain whether or not they have disposed securely of information when they should have. If you keep records for longer than their designated retention period, you can find yourself on the wrong side of the law, putting your organisation’s information and reputation at unnecessary risk.”

Iron Mountain has developed free resources to help businesses manage the complexity of event-based retention. For more information and insight, visit:


[2] Iron Mountain, Mid-market research (2016) see ‘about the research’ note below

[3] Iron Mountain, Mid-market research (2016) see ‘about the research’ note below

The post Job-hopping trend heralds new era of personal data risk appeared first on IT SECURITY GURU.

from Job-hopping trend heralds new era of personal data risk

Chargebacks could ruin online retailers’ biggest shopping days of the year

By Monica Eaton-Cardone, CIO and Co-Founder of Chargebacks911

As online shopping reaches its 2016 peak, merchants are concluding their final preparations, ensuring that they will be able to make the most of this year’s seasonal surge.

In Europe, the biggest shopping days typically fall between 7-11 December, often coinciding with the last date to guarantee on-time delivery of seasonal gifts. An estimated EUR 517 million was spent online in Germany on 7 December last year, with EUR 341 million spent in France on the same day.

In the US, the Black Friday sales spree is the fourth Friday of November, following the Thanksgiving holiday. In 2015, a staggering USD 2.72 billion was spent online, with an additional USD 1.73 billion spent on Thanksgiving Day itself.

The Black Friday trend, like much US culture and influence, has recently spread to the UK; according to a Global Risk Technologies whitepaper, the holiday has grown massively since 2014. In 2015, the UK topped GBP 1 billion in Black Friday sales, and Cyber Monday — which transforms Black Friday into a weekend-long online shopping extravaganza — helped bring total sales to GBP 3.3 billion.

Yet, both Europe and the US are dwarfed by the online spending frenzy of China’s relatively new ‘Singles Day’ phenomenon. Ostensibly held on 11 November, but often extending to a week’s worth of sales, 2015 saw CNY 91.2bn (USD 14.3bn or GBP 9.4bn) worth of sales through Alibaba, China’s largest ecommerce site.

While these record-breaking sales create great headlines, huge amounts of attention from customers, and increased earning potential for merchants, statistics reveal dire consequences–in terms of chargebacks—are likely to follow.

But evidence suggests that merchants are not the only group carrying this burden. MasterCard recently took action to help reduce their own encumbrance by introducing their new Dispute Administration Fee (DAF). The DAF is a fee passed through to merchants who fall foul of customer chargebacks and fail to effectively dispute their legitimacy. Ecommerce merchants can expect to pay an additional EUR 15 fee for chargebacks they accept without filing rebuttal, and up to EUR 30 if a non-compliant response is filed. Issuers are penalized as well with the reverse incentive.

Issuers are getting increasingly serious about enforcing better governance on merchants, and ineffective or poor chargeback management is about to become even more costly. As we move towards the shopping frenzies of 2016, those merchants who lack a disciplined chargeback policy are likely to be more vulnerable than ever before.

The problem most closely associated around peak shopping days is buyer’s remorse. Customers feel pressured into buying something before it disappears, but then find a better deal elsewhere or change their mind. This regret often results in illegitimate chargebacks.

Similarly, if customers are not satisfied with the merchant’s performance, they may also initiate a chargeback. A new report from Radial indicated 71% of shoppers expect their online orders to arrive within five days, while 51% would stop shopping with a retailer if their order arrived later than the promised delivery date.

Merchant liability often surfaces in the weeks following these shopping holidays–approximately 90 days after the purchase — as the costs of online fraud and chargebacks become apparent. Big purchasing events, like Black Friday, disrupt normal customer shopping behaviours, making it challenging to find and stop friendly fraud.

Although ID fraud gets more media attention, approximately 70% of chargebacks are actually attributable to friendly fraud, 20% to merchant error and 10% to criminal fraud.

Merchants need to understand chargebacks and the detrimental affect an ineffective risk mitigation system can have on the business. Beyond losing merchandise and revenue, internet retailers can face additional fees and consequences, particularly if they exceed allotted chargeback thresholds.

Adhering to best practices reduces the risk of chargebacks, however; superior results are obtained through the use of combined methods which leverage both in-house and outside expertise in a multi-layered approach.

Based on recent studies performed by Global Risk Technologies, merchants using a combination fraud management strategy experienced improved performance within every fraud detection tool and reported a gain on average of 22.4% over those who did not utilise a layered approach or combination method.

Chargebacks needn’t be accepted as a cost of doing business. Comprehensive management strategies ensure merchants benefit from huge shopping days without sustaining enormous financial disasters.

The post Chargebacks could ruin online retailers’ biggest shopping days of the year appeared first on IT SECURITY GURU.

from Chargebacks could ruin online retailers’ biggest shopping days of the year

Check Point uncovers new method for distributing malware through images

Check Point announced that its security researchers have identified a new attack vector, called ImageGate, which embeds malware in image and graphic files.  The researchers have discovered the hackers’ method of executing the malicious code within these images through social media applications such as Facebook and LinkedIn.

According to the research, the attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website.  The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.

Over the past three days, the security industry has followed the massive spread of Locky ransomware via social media, particularly in its Facebook-based campaign.  Check Point researchers strongly believe that the new ImageGate technique reveals how this campaign was made possible, a question which has been unanswered until now.

The Check Point researchers were able to uncover the attack vector which affects major websites and social networks worldwide, including Facebook and LinkedIn. Check Point updated Facebook & LinkedIn about this attack vector early in September.

In cases involving Locky ransomware, once users download and open the malicious file that they receive, all the files on their personal device are automatically encrypted and they can only gain access to them after the ransom is paid.

“As more people spend time on social networking sites, hackers have turned their focus to find a way in to these platforms,” said Oded Vanunu, Head of Check Point’s Products Vulnerability Research. “Cyber criminals understand these sites are usually ‘white listed’, and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities. To protect users against the most advanced threats, Check Point researchers strive to identify where attackers will strike next.” 

How to stay protected

Check Point recommends users take the following preventive measures:

  1. If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading it.
  2. Don’t open any image file with an unusual filename extension (such as SVG, JS or HTA).

Researchers developed a video demo of the infection process, available here:

The post Check Point uncovers new method for distributing malware through images appeared first on IT SECURITY GURU.

from Check Point uncovers new method for distributing malware through images

Why Israel produces such young entrepreneurs

Rapid API, led by Andreessen Horowitz, the VC that is widely regarded as number one in the venture space is going places – it’s a start-up that has developed a marketplace through which developers can easily discover, test, and start using publicly available application programming interfaces (APIs)

TechCrunch summarises this story pretty well:

‘The company is interesting for numerous reasons — not least of them its founder, Iddo Gino, is an 18-year-old who was a high school senior in Haifa, Israel last year when he was “discovered,” so to speak.

It happened at a local hackathon, where Gino caught the attention of Dov Moran.

The renowned Israeli angel investor provided Gino with some early mentorship, as well as $250,000 in seed money that Gino — who studied briefly at the public research institute Technion – used to move to the U.S. in January.’

However Gino is representative of a bigger trend in Israel – young entrepreneurship which I would argue comes from innovative high schooling and compulsory army service.

In the early 1990s Avishai Abrahami found himself, as required for most Israelis when they graduate from high school, enlisting in the Israel Defense Forces. But Abrahami had been assigned to a division he wasn’t allowed to speak of, not even to his parents–a crack cybersecurity and intelligence team known as Unit 8200.

He was given an assignment that seemed right out of Mission: Impossible. Break into the computers of a country that remained in a state of hostility with Israel. The task contained several hurdles: First, figure out how to get into those computers; second, how to crack the encryption; and finally, the monumental challenge, how to access the “enormous amount” of computing power necessary to decrypt the data.

So here’s what Abrahami did once he thought he could breach the targeted computers: He broke into the computers of two other hostile countries and hijacked their processing power to suck out the data held by the first target. A masterwork of spycraft–and a primitive precursor to cloud computing–done without leaving his chair in Tel Aviv.

And that’s the Israeli that co founded wix, currently one of the world leading cloud based web development platforms.

Talent, Ambition, Success. Not an easy combination to master but I’d argue that in Israel – this combination is taught early in life and whilst not everyone can learn these skills, if you do – you’re bound to fly.


RapidAPI, a Tel Aviv-based API marketplace, raised $3.5 million in seed funding. Andreessen Horowitz led the round with participation from FundersClub, SV Angel and Green Bay Advisors.

Feelter, a Tel Aviv-based retail review company, has raised $2 million in Series A funding.  Will Graylin, founder of LoopPay, led the round.

Articles to read:

In the past 10 months of ‪2016 144 M&A deals in Israel have equalled to over US$15.8 billion.

The Future of Cyber Insurance and Cyber Technology: An Interview with Munich Re’s Head of Cyber, Daljitt Barn

11 Early-Stage Israeli B2B Software Companies To Watch

Events that took place in Israel this week:

Israel’s largest tech and innovation event, Geektime Techfest, kicked off in Tel Aviv on Sunday, with the advertised aim of “fertilizing the tech ecosystem in the start-up nation.”

Events to book:

TechCrunch London


Written by Julia Bayer our Israel Correspondent

The post Why Israel produces such young entrepreneurs appeared first on IT SECURITY GURU.

from Why Israel produces such young entrepreneurs

Tesco Bank under investigation for possibly ignoring warning of potential cyberattack

A probe has been reportedly launched into Tesco Bank, in efforts to determine whether the bank failed to heed warnings of a security flaw in its payment systems, which may have allowed hackers to make away with millions of pounds. Authorities believe that the bank may have failed to act on a warning from Visa, issued out a year ago, according to reports. Investigators at the National Crime Agency (NCA) and the Financial Conduct Authority (FCA) believe that the hackers used customised computers to leverage an alleged Code 91 glitch, which allowed them access to customers’ card data.

View full story

ORIGINAL SOURCE: International Business Times

The post Tesco Bank under investigation for possibly ignoring warning of potential cyberattack appeared first on IT SECURITY GURU.

from Tesco Bank under investigation for possibly ignoring warning of potential cyberattack

Serious Cyber Attack Allegedly hits the Japanese Ministry of Defense: Government now Denies

Japanese government ministries according to Kyodo News confirmed that a serious cyber attack happened in September aimed at the Japanese Ministry of Defense. Apparently, the leakage of sensitive information may have been breached by the alleged attack. However, it remains unclear – despite hints – if the cyber attack was implemented by a foreign nation-state agency, or by expert hackers outside state institutions. Yet, once news emerged about the alleged cyber attack from Kyodo news, and other sources, then another official from the Public Affairs refutes the initial report. This baffling chain of events – after all, Kyodo news cited ministry sources and the news was covered by The Japan Times – is leading to further suspicions.

View full story

ORIGINAL SOURCE: Modern Tokyo Times

The post Serious Cyber Attack Allegedly hits the Japanese Ministry of Defense: Government now Denies appeared first on IT SECURITY GURU.

from Serious Cyber Attack Allegedly hits the Japanese Ministry of Defense: Government now Denies

San Francisco’s Muni transit system reportedly hit by ransomware

San Francisco’s Muni transit system was reportedly hit by ransomware since Friday, leading to the message “You Hacked, ALL Data Encrypted” being displayed on the computer screens at stations, according to newspaper reports. The message asked that cryptom27 at should be contacted for the key to unlock the data. Fare payment machines at stations also displayed that they were “out of service,”and San Francisco’s Municipal Railway, widely known as Muni, was allowing free rides on its light-rail vehicles as it was unable to charge customers, according to the Examiner.

View full story


The post San Francisco’s Muni transit system reportedly hit by ransomware appeared first on IT SECURITY GURU.

from San Francisco’s Muni transit system reportedly hit by ransomware

Passengers ride free on SF Muni subway after ransomware hits 2,100 systems, demands $73k

Hard-drive-scrambling ransomware menaced more than 2,000 systems at San Francisco’s public transit agency on Friday and demanded 100 bitcoins to unlock data, The Register has learned. Ticket machines were shut down and passengers were allowed to ride the Muni light-rail system for free on Saturday – a busy post-Thanksgiving shopping day for the city – while IT workers scrambled to clean up the mess. A variant of the HDDCryptor malware infected 2,112 computers within the San Francisco Municipal Transportation Agency, the ransomware’s masters claimed in email correspondence seen by El Reg.

View full story


The post Passengers ride free on SF Muni subway after ransomware hits 2,100 systems, demands $73k appeared first on IT SECURITY GURU.

from Passengers ride free on SF Muni subway after ransomware hits 2,100 systems, demands $73k

Malware uses Facebook and LinkedIn images to hijack your PC

Malware doesn’t always have to attack your computer through browser- or OS-based exploits. Sometimes, it’s the social networks themselves that can be the problem. Researchers at Check Point have discovered that a variant of known ransomware, Locky, is taking advantage of flaws in the way Facebook and LinkedIn (among others) handle images in its bid to infect your PC. The trick forces your browser to download a maliciously coded image file that hijacks your system the moment you open it. If you do, your files are encrypted until you pay up.

View full story


The post Malware uses Facebook and LinkedIn images to hijack your PC appeared first on IT SECURITY GURU.

from Malware uses Facebook and LinkedIn images to hijack your PC

Friday, 25 November 2016

Support Scams and Diagnostic Services

Sometimes the borderline between out-and-out support scams and sub-optimal diagnostic services is too blurry for comfort.

The post Support Scams and Diagnostic Services appeared first on ITsecurity.

from Support Scams and Diagnostic Services

New research reveals digital security gap among UK organisations

New research from RiskIQ on the state of digital risk management in large, UK organisations reveals that while 82 percent of C-Suite and senior managers admit they are concerned about the vulnerability of their web sites, mobile applications and social media accounts to cyber attack and impersonation, over half (57 percent) do not have a digital brand protection programme or team in place and over a third (34 percent) are missing a dedicated cyber threat management programme  to protect them. As a result, organisations are missing the opportunity to detect cyber threats in the early stages where mitigation would greatly reduce the negative impact to the business and its customers.

Organisations continue to invest in web, mobile and social to engage with customers. This introduces new security risks that sit outside the corporate firewall, including threat actors compromising vulnerable web assets and duping users by impersonating business brands. Aligned with the heightened cyber threat,  82 percent of those surveyed cited that the security of digital channels is a boardroom concern and 90 percent agree that their organisation is equally or more at risk from cyber security attacks and digital brand impersonation compared to just five years ago.

The survey results indicate high confidence among the C-Suite and senior managers in protecting a business’ digital presence despite lack of controls being applied to do so, and with minimal organisational responsibility evident. Although 88 percent would rate themselves as having good to excellent knowledge of cyber security, one quarter either don’t know or don’t currently monitor their digital channels. This is with the understanding that 68 percent feel that their organisation is more at risk from cyber security attacks today compared to five years ago.

Such concerns are having a direct impact on business progress, with 85 percent of those surveyed stating that cyber security and brand protection concerns are affecting the rollout of new digital initiatives.

Ben Harknett, VP EMEA, RiskIQ comments, “Our research shows that while organisations are advancing their use of digital channels, security is once again playing catch up. This lag results in increased digital risk which could impact the success of those channels. Digital Risk Monitoring and External Threat Management needs to be considered by all organisations in the defence of their digital channels.”

The post New research reveals digital security gap among UK organisations appeared first on IT SECURITY GURU.

from New research reveals digital security gap among UK organisations

How to build the foundation of a successful counter insider threat programme

The information security risks posed by insiders are a threat to organisations across all industry sectors and disciplines. Through access to information systems afforded by their status, insiders can cause a loss of intellectual property with damaging effects even greater than those of a large external cybersecurity breach of personally identifiable information. With studies showing that 55 per cent of all attacks come from insiders, countering insider threats is an issue that can no longer be ignored or minimalised. Organisations must adapt their security models to properly counter those threats; otherwise, they risk suffering irreparable damage to their finances and reputations.

The following are the key considerations you should bear in mind when laying the foundation for a solid counter insider threat programme. From there, you can begin framing out defensive capabilities through a number of activities designed to allow any technical solutions to target the right data and areas within your organisation.

1.    Acquire an in-depth knowledge of your data:

According to a survey of senior corporate security executives sponsored by Nuix, 96% of organisations recognise the importance of protecting their information ‘crown jewels’, including personally identifiable information, payment card information and intellectual property. However, nearly one-third (31%) of respondents could not say where this critical value data lay across the enterprise, who had access to it or what people did with it after they accessed it.

This is one of the main reasons organisations take so long to detect and remediate breaches; they don’t know where their high-value or high-risk data is stored, so they cannot target those systems for investigation.

Before doing anything else, it’s vitally important for your organisation to catalogue the information your systems contain by completing a data map and full access audit. Your organisation must know what server data is on, where it is physically stored, and who has access to it. Once you have a plan in place, you should regularly review and update this information to make sure it is always up to date.

  1. Identify your crown jewels:

When organisations try to protect too much information too soon in the process, they run the risk of spreading precious resources too thin. Instead, focusing on their “crown jewels” – high-value and high-risk information – enables you to create priorities by considering which applications or data would cripple the organisation if it was compromised and place those specific items at the top. While massive databases of customer data are very important, sometimes specific documents like strategic plans or company financials would prove more damaging if they fell into the wrong hands. This “critical value data” is easier to identify and protect than huge sets of data, which can come later on in the process. 

  1. Technology should support a strategy and not be the strategy:

How can an organisation ever begin to determine which tool will be right for it if it doesn’t know what it needs the tool to do? Most organisations know that they need tools to protect their critical value data. The problem is, they don’t know exactly what they need beyond vague ideas such as ‘a tool to counter cyber threats’ or ‘to identify and counter the potential of an insider threat.’

Those who begin the quest for better security by asking “What tool should we purchase?” have a long, uphill and difficult road ahead of them. You and your organisation are better-served to start by defining, planning, organising and prioritising clearly written policies that define the ground rules the counter insider threat program should follow, expectations from employees and escalation paths when a potential insider is discovered. Once this is done, you can then move on to acquiring the relevant tools, safe in the knowledge that they will support your policies and needs.

  1. Invest in training and education in order to avoid distrust and avoidance:

Employee referrals and support are just as important as monitoring tools, and a successful employee education programme helps to strengthen all other counter insider threat measures. However, precisely because counter insider threat programmes are about people, senior leaders, mid-level managers and even employees react to them innately, sometimes inordinately, with distrust and avoidance. Many of their concerns are valid, which is why we must design and implement insider threat programmes with care and understanding in order to prevent employee distrust and avoidance. The key is to design a programme that contemplates privacy and civil liberties while at the same time protecting the organisation’s critical value data. It’s imperative to highlight that the programme is not “Big Brother” watching, but rather a well-meaning and thoughtful practice that protects and even empowers employees across the organisation.

Most organisations that create programmes tend to put them beneath a technical or security department, thus diluting their significance and distancing them from the C-suite. This also has the unintended consequence of forcing upon the programme a technology focus, which usually further hampers its ability to succeed. Building and implementing an effective counter insider threat programme is about technology, and also about people. Getting buy-in from all departments ahead of time, answering operational questions, gaining approvals and setting authorities in place all make for a smooth operation.

Creating an effective programme takes careful planning, intelligent processes, the right technology implemented for the right reasons, and dedicated staff and management. Attacks are going to happen – the only way to counter them is by ensuring everyone works together with no ulterior motives, without being held back by bureaucracy or bottlenecks. Just because this is difficult, it does not mean that it’s impossible.

The post How to build the foundation of a successful counter insider threat programme appeared first on IT SECURITY GURU.

from How to build the foundation of a successful counter insider threat programme

NuData Security Threat Intelligence Highlights Risk Around Cyber Monday

Threat intelligence from NuData Security, released today, provides insight into the ominous cyber fraud threats coming over this holiday period.

Fraudsters are using increasingly sophisticated cyber fraud techniques and leveraging spikes in activity over Cyber Monday and holiday shopping periods to circumvent detection. As merchants and financial institutions implement additional security layers for automation, account takeover and fraud detection, hackers are evolving to find more complex and pervasive ways to commit fraudulent activities online. Much like a virus mutates in response to a vaccine, hackers are finding new ways of infiltration.

NuData Security analyses over 80 billion behavioural events annually over its customer base, and this month alone, have performed real-time analysis on 40 billion data points. NuData findings are such:

  • High risk events have more than doubled since this period last year representing a higher percentage of total traffic over all placements.
  • At the login, fraudulent activity increased from 4% to 15%
  • According to NuData’s intelligence, 60% of new account creations are fraudulent compared to 39% last With the underground awash in compromised consumer data from breach-after-breach, fraudulent account creation will continue to climb. Fraudsters will create fraudulent accounts, and let them sit dormant or make the accounts look legitimate during the time leading up to holiday seasons, then strike. Typically, cybercriminals target these times of year because they know security teams are stretched and policies are loosened up to accommodate volume. They can generally hide attacks within the volume of transactions.
  • Account takeover continues to be a dire problem for retailers. We saw a staggering 600% increase in login anomalies over this time last year. Both volume and sophistication has spiked, as stolen personal data is so easy to obtain, and consumers continuing to use the same user names and passwords from site to site, login processes have never been so easy to subvert.
  • This month has already seen a 128 percent increase in sophisticated scripted attacks from hackers gearing up for this holiday weekend.
  • We identified 50 million fraudulent attempts last November across our consortium, and as we are upon holiday shopping season – which will be a banner year for fraudsters – we are predicting an increase in high risk attacks targeting key retailers. We are predicting around 82 million of these attacks over the same holiday period across our consortium.

Mobile transactions represent a concern for merchants this holiday season, as consumers are moving more and more to mobile shopping, retailers are trying to balance security and experience. We’ve observed a 258% increase in unique devices (across our customer base), firmly supporting industry statistics of over 50% of all e-commerce traffic now coming from mobile devices.

  • Last holiday season mobile devices represented only 11% of total purchases; this year we are trending to reach 25% of all purchases coming from a mobile device.
  • As predicted, with increased usage, will come increased threats. We are seeing a spike in fraudulent activity from the mobile. With a spike from 11% of mobile transactions being high risk in 2015 to 32% this year, equating to a 190% increase over 2015. Fraud increases of this kind could have significant dollar value.

The typical value of a fraudulent transaction on Black Friday is $190 on a smartphone and $210 for tablets.

Fraudsters are using increasingly sophisticated techniques to steal data and circumvent detection:

  • Device and location spoofing has grown, to evade traditional security tools. Organisations relying heavily on device ID and geolocation based solutions to find risk, may be in trouble, as geographical and IP spoofing represented 10% of all risky login activity last fall leading up to Black Friday.
  • Account takeover and new account creation attacks are more challenging to detect as compared to conventional fraud tactics.

Robert Capps, VP, business development, NuData Security, said: “Analysing the information discovered from our Trust Consortium of data, it is clear that attackers are rapidly evolving their methods to more complex and evolved schemes. Organisations must be ever vigilant as fraudsters leverage the mass of freely available data on the dark web for cyber crime. Expecting consumers to maintain strong, non-reused passwords isn’t realistic, meaning retailers need to shoulder an even larger responsibility to protect their brand and users. This is why it is more important than ever for online merchants to employ technology that can help them effectively differentiate good customers from bad.”

The post NuData Security Threat Intelligence Highlights Risk Around Cyber Monday appeared first on IT SECURITY GURU.

from NuData Security Threat Intelligence Highlights Risk Around Cyber Monday

Security consultants earn an average of over £60,000 a year

Security practitioners are required to maintain a safe and secure environment for an organisation’s clients and/or employees. Whether that’s by patrolling and monitoring premises, guarding staff, tracing missing people, dealing with witness statements, analysing crime scenes, or examining cyber threats, security employees are the first line of defence for most organisations.

View full story


The post Security consultants earn an average of over £60,000 a year appeared first on IT SECURITY GURU.

from Security consultants earn an average of over £60,000 a year

Wipe Your Entire Existence Off The Internet In Few Clicks With This Website

Do you like to wipe your entire existence off the internet in a few clicks? Now there is a tool to do that task. There are millions of websites in internet which requires an account to access contents in them. Like we have to create an account in Facebook, Twitter, Google Plus and so on to get full access to their services.

View full story


The post Wipe Your Entire Existence Off The Internet In Few Clicks With This Website appeared first on IT SECURITY GURU.

from Wipe Your Entire Existence Off The Internet In Few Clicks With This Website

Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft

Tesla cars can be tracked, located, unlocked and driven away by compromising the company’s smartphone app. Researchers at Norwegian app security firm Promon demonstrated how easy it appears to be to steal a Tesla. Benjamin Adolphi, mobile software developer at Promon, said he used “simple, known vulnerabilities” that have been around for a long time. He created a fake free Wi-Fi hotspot that featured an ad targeted at Tesla owners, offering them a free burger at a local restaurant.

View full story

ORIGINAL SOURCE: Infosecurity Magazine

The post Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft appeared first on IT SECURITY GURU.

from Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft

Cybercriminals Spreading Malware Using Microsoft’s OneDrive

Cybercriminals are always seeking new ways to convince their victims to load websites or download malicious files, and this time they have turned to Microsoft services to make links look legitimate.

View full story


The post Cybercriminals Spreading Malware Using Microsoft’s OneDrive appeared first on IT SECURITY GURU.

from Cybercriminals Spreading Malware Using Microsoft’s OneDrive

FBI hacked into 8,000 computers in 120 countries using a single warrant

The FBI hacked into more than 8,000 computers in 120 different countries with just a single warrant during an investigation into a dark web child pornography website, according to a newly published court filings. This FBI’s mass hacking campaign is related to the high-profile child pornography Playpen case and represents the largest law enforcement hacking campaign known to date.

View full story


The post FBI hacked into 8,000 computers in 120 countries using a single warrant appeared first on IT SECURITY GURU.

from FBI hacked into 8,000 computers in 120 countries using a single warrant

Consumers and Retailers, Here is How You Should Prepare for Black Friday and Cyber Monday

Shoppers across the country are preparing for what was originally a U.S. phenomenon, Black Friday and Cyber Monday. According to research from Adobe, Black Friday has become the UK’s biggest online shopping day of the holiday season, with online revenues predicted to reach £901 million tomorrow.

A few years ago holiday shopping mainly involved rushing around Oxford Street and elbowing people out of the way to grab the last shirt in your size for half price. However, nowadays bargain hunters have found a way around the chaotic experience that is real-life shopping, doing it online. Unfortunately, cyber criminals have caught on to this and will take advantage of the fact that “legitimate cardholders are sometimes turned away by tough, rule-based security measures, reducing customer satisfaction and sometimes driving the customer away. But during spike shopping events like Black Friday and Cyber Monday, retailers will lower their threshold for declines. Fraud costs retailers $9 billion every year but false positives cause over $180 billion in losses” explains Robert Capps, VP of business development at NuData Security.

Of course, there are all sorts of other different attack methods used by criminals, from phishing emails and fake websites to DDoS attacks aimed to financially hurt a company by knocking it offline and sending shoppers elsewhere.These attacks affect both consumers and retailers so we have compiled a list of top tips on how both groups can prepare for the event.

How Retailers Can Prepare for Black Friday and Cyber Monday

  1. Be Prepared for Extra Traffic – Lots of it       

“Take advantage of cloud strategies where possible. This allows you to burst and grow to meet demand and sustain possible cyber attacks without having to do much planning ahead of time. When the demand decreases, you can step out of the cloud and go back to normal footprints.” – Paul Calatayud, CTO at FireMon.

  1. Prepare an incident response and crisis management plan

“To avoid any unpleasant surprises, planning for key events like Black Monday should form part of a comprehensive risk strategy.  By reviewing fundamental cyber security controls recommend as part of schemes like PCI DSS and Cyber Essentials, plus conducting regular network and penetration testing, retailers can help to ensure that critical business periods do not end in financial and reputational disaster.” – Leon Pinkney, SOC services director at Redscan.

  1. Stop Bots and Shoplifters

“You’ll most likely experience a huge traffic spike on Cyber Monday, but some of that traffic can potentially spell trouble for your website. Nearly 50 percent of all web traffic comes from bots, including bad bots. Competitors and aggregators could be flooding your site with malicious bots to steal sensitive information and undercut your prices. But it’s not that simple. Scraper bots, for example, can be good for an e-commerce site because they help aggregate information for consumers. An intelligent website protection service is able to detect beneficial bots and block malicious bots.” – Joy Ma, security blogger for Imperva.

How Consumers Can Prepare for Black Friday and Cyber Monday

  1. Don’t Rush to Get That Amazing Deal, Use Common Sense

“Take a breath and ask yourself ‘does this seem too good to be true’ or even does this actually apply to me? Do some research, make an enquiry of your own, if it is legit it will definitely still be available in an hour or two.” – Mark James, Security Specialist at ESET.

  1. Don’t Re-Use Passwords Across Different Sites

“We should be protecting the log in process. Neither the user nor the retailers can overcome zero day attacks that may steal data in a big breach – that’s down to technology suppliers. But, like in the recent Deliveroo attack, when an attacker shows up with a password from a totally separate breach that works on your site, then you’re defenceless because they’re coming in with what appears to be a legitimate path. The user can prevent this by using unique passwords for different services – or at least doing so for any service that may financially impact them. Where possible, use multi-factor or two-step authentication, which would render this sort of stolen password attack meaningless.” – Jonathan Sander, VP of Product Strategy at Lieberman Software.

  1. Watch Out For Phishing Emails

“Ask you have ever received an email from that particular store before. If you’ve never signed up for an email list or shopped there, be wary of how it got into their inbox. A common email campaign this time of year involves “shipping confirmations” from Hermes, DHL, Parcelforce, DPD, UPS, FedEx, and TNT that must be opened via a .zip attachment. DO NOT OPEN THIS ATTACHMENT. Big postal and package delivery services will never send you a postal confirmation in a .zip attachment. They will send it in the body of an email, or ask you to login to your account to view it.

You should also toggle over all of the URL links within the email. If Amazon sends you a Black Friday sale alert and there’s a link to a gadget, take two seconds to hold your mouse over the link before clicking. If it shows or, feel free to click on it. If it shows, Amazon didn’t send you that email. Don’t click on it.” – Jonathan French, a security analyst at AppRiver.

To conclude, Javvad Malik, Security Advocate at AlienVault explains that “the responsibility for protection is a combined effort with steps that both retailers and consumers should take.”

The post Consumers and Retailers, Here is How You Should Prepare for Black Friday and Cyber Monday appeared first on IT SECURITY GURU.

from Consumers and Retailers, Here is How You Should Prepare for Black Friday and Cyber Monday

Bletchley Park Reactivated

Historic WWII codebreaking siteBletchley Park will once again play an active role in national security efforts under plans for it to house some of the UK’s most important new cyber security learning and innovation projects.

The plans were announced today by QUFARO – a new not-for-profit body created by leading experts working in cyber security including senior figures from Cyber Security Challenge UK; The National Museum of Computing; the Institute of Information Security Professionals; BT Security, and Raytheon. QUFARO is designed to help deliver the cyber workforce necessary to protect British citizens and organisations against the increasing threat of cyber-attack.

The UK already boasts many successful programmes designed to identify and nurture upcoming cyber talent but they are often disconnected. The gaps make it hard for rising cyber stars to chart an unbroken learning pathway from early-stage interest to qualification, employment and professional development. QUFARO is designed to plug these gaps and act as a gateway both to existing options and new education and innovation opportunities, providing budding cyber defenders with a single point of access.

At the heart of QUFARO’s strategy is the creation of the UK’s first National College of Cyber Security.  Based at the historic Bletchley Park site, students will be able to study in the very place where codebreakers famously cracked Nazi codes to aid British war efforts. Operational by 2018, the College will be a free-to-attend boarding school that will teach cyber skills to the UK’s most gifted 16-19-year-old prodigies, challenging and developing them into the top flight cyber security professionals of tomorrow. As part of its remit, the College will select only the most talented and skilled students to attend. It will draw its syllabus from the individuals working at the forefront of the cyber security industry in the UK, and integrate this with modules in complementary subjects such as maths, computer science, and physics.

G-Block, one of the largest buildings on the Bletchley Park site, will house the National College. A £5m restoration project is already underway to sympathetically convert it into a pioneering security technology centre boasting some of the most advanced cyber test and demonstration facilities in the world. By doing so, QUFARO will create a centrepiece of national cyber learning and a technical showcase in an iconic setting where organisations from across the country will be able to host events; train staff; and engage the wider public in the cyber agenda.

In addition to the National College, QUFARO will develop a series of new cyber security courses covering a range of learning opportunities that do not exist in the UK today. These include teacher awareness and training programmes, and new virtual courses in the fundamentals of cyber security for those seeking a career change. The first of these new courses is already live. The Extended Project Qualification (EPQ) in cyber security is the UK’s first cyber qualification available for school pupils and independent learners wishing to study cyber between GCSE and university degree/vocational level. It has been funded and developed by QUFARO in collaboration with the Cyber Security Challenge UK, is backed by City and Guilds and opened for enrolment in September. This first foray into plugging gaps in our cyber education landscape is already oversubscribed and is expected to be expanded in 2017 to accommodate more schools and independent learners.

At the same time as delivering its education programme, QUFARO will nurture new British cyber businesses with the launch of a £50m cyber innovation investment fund next year. The fund will support entrepreneurs and seek to stimulate the growth of innovative new information security businesses, growing technological excellence, sovereign capabilities and the contribution the cyber security industry makes to our national GDP.

Those keen to register their interest in any of the QUFARO programmes can visit the organisation’s website to receive regular progress updates and information about opportunities to engage with the QUFARO team. To access the site please click here.

Alastair MacWilson, Chair of QUFARO and the Institute of Information Security Professionals, said “Our cyber education and innovation landscape is complex, disconnected and incomplete putting us at risk of losing a whole generation of critical talent. For those interested in forging a career in cyber, the current pathway is filled with excellent but disparate initiatives – each playing a vital role without offering a truly unified ecosystem of learning and support. By connecting what already exists and filling the gaps, QUFARO will make it easier for budding professionals to grow their cyber security skills at every stage of their journey, and contribute more to the sector as a result.”

Lord Reid, Former Home Secretary and Chair of the Institute for Security and Resilience Studies at UCL, added “The Cyber environment now reaches into every aspect of our lives, as individuals and as a nation. It provides great opportunities and great challenges. One of the great challenges is in developing a sustainable flow of skilled professionals for security, growth and cyber innovation. Existing initiatives cannot close the skills gap alone so it is vital that we keep looking for new ways to build our talent pool. The launch of QUFARO’s programme today, and its plans for the first National College of Cyber Security, shows that the UK is continuing to take significant steps to address this challenge. QUFARO’s programme is bold and relevant. And by housing this new national gateway for cyber education and innovation at the home of British codebreaking and cryptography, I believe it will be able to harness the legacy of this historic location to inspire the next generation. It is a fitting tribute to the incredible impact of all those who have worked at Bletchley Park over the years and I look forward to witnessing the impact I believe it can have on UK society.”

Mark Hughes, QUFARO non-executive director and CEO of BT Security commented “As a major cyber security employer and a pioneer of cyber skills development in the UK we understand only too well how important this initiative is for the UK to achieve its potential in this industry. QUFARO is a natural fit for BT Security and our historic links with Bletchley Park makes this an incredible opportunity to ensure the site’s critical legacy continues to play a pivotal role in the future of our national security.”

Stephanie Daman, QUFARO executive director and CEO of Cyber Security Challenge UK said “There is a critical skills gap in the cyber security industry, which will become ever more pressing as the world around us moves further into an online-first environment. With so much at stake, from personal data to the country’s critical national infrastructure, now is the time to act. Initiatives such as the Challenge are successful in identifying those who have great cyber skills to find jobs in the industry; but there is a clear need for a programme to compliment this which looks at cyber education specifically and helps individuals to carve different pathways into the sector – be that through apprenticeships, entrepreneurship or traditional education. It is only once a full cyber education ecosystem is developed that the skills issue can begin to be resolved.

Margaret Sale, QUFARO non-executive director and founding member of both the Bletchley Park Trust and The National Museum of Computing concluded “Having been involved with the Bletchley Park site for more than 25 years I believe that QUFARO represents a truly unique opportunity to reactivate this environment as a major active contributor to our national security. Through initiatives such as the National College and the Cyber Investment Fund we can effectively combine the principles of heritage, education and innovation for which everything on this site stands. Previous generations are deeply proud of their contributions at Bletchley Park. I am keen to see what the next cadre will achieve.”

The post Bletchley Park Reactivated appeared first on IT SECURITY GURU.

from Bletchley Park Reactivated