Tuesday, 23 May 2017

Europol cracks down on ATM black box attack scheme

Europol has made 27 arrests in relation to an ATM jackpotting scheme, with more suspects being tracked across Europe. This week, Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) said that 20 European member states alongside Norway have come together to make a series of arrests and shut down ATM “black box” attacks across the region. According to Europol, 27 arrests have already been made and more are on the horizon as a result of a two-year investigation into the cybercriminal scheme, which involves compromising ATM machines to dispense cash fraudulently.

View Full Story

ORIGINAL SOURCE: zdnet.com

The post Europol cracks down on ATM black box attack scheme appeared first on IT SECURITY GURU.



from Europol cracks down on ATM black box attack scheme

Beware the coffee shop: Mobile security threats lurk around every corner

40 percent of organizations believe that C-level executives, including the CEO, are most at risk of being hacked when working outside of the office, according to a new report from iPass. Cafés and coffee shops were ranked the number one high-risk venue by 42 percent of respondents, from a list also including airports (30 percent), hotels (16 percent), exhibition centers (7 percent) and airplanes (4 percent). The vast majority (93 percent) of respondents said they were concerned about the security challenges posed by a growing mobile workforce. Almost half (47 percent) said they were ‘very’ concerned, up from 36 percent in 2016.

View Full Story 

ORIGINAL SOURCE: Help Net Security

The post Beware the coffee shop: Mobile security threats lurk around every corner appeared first on IT SECURITY GURU.



from Beware the coffee shop: Mobile security threats lurk around every corner

Are Britain’s nuclear weapons systems ‘vulnerable’ to mass cyberattacks?

In the wake of the “WannaCry” cyberattack which resulted in widespread disruption of the UK’s National Health Service (NHS), attention has now turned to other forms of infrastructure. One security expert has warned Britain’s nuclear weapons are at risk of being targeted. The UK nuclear deterrent, known as Trident, consists of four Vanguard-class submarines which can carry up to 16 ballistic missiles, each armed with up to eight warheads. Most of its computers, however, reportedly run on a legacy variant of the under-supported Windows XP operating system.

View Full Story

ORIGINAL SOURCE: International Business Times

The post Are Britain’s nuclear weapons systems ‘vulnerable’ to mass cyberattacks? appeared first on IT SECURITY GURU.



from Are Britain’s nuclear weapons systems ‘vulnerable’ to mass cyberattacks?

WannaCry connection to North Korea hacking group ‘compelling’

WannaCry, the ransomware that spread through the UK’s National Health Service and companies around the world, shows “compelling evidence” of a link to North Korean hacking group Lazarus, according to a new report by Symantec.  The cyber security company believes there is a “close connection” to Lazarus, the group behind the cyber attacks on Sony Pictures and the Bangladesh central bank, because of similarities in the tools, code and infrastructure used by the hackers.

View Full Story 

ORIGINAL SOURCE: Financial Times

 

The post WannaCry connection to North Korea hacking group ‘compelling’ appeared first on IT SECURITY GURU.



from WannaCry connection to North Korea hacking group ‘compelling’

Russian Cron Malware Operators Arrested Before Banking Malware Taken Abroad

Russian security firm Group IB writes that the raids also thwarted plans to take the malware campaign to other countries, including the UK, Germany, France, Turkey, Singapore, Australia, and the United States. According to the Russian Interior Ministry, the hackers managed to steal about 50 million roubles, which equals close to $900,000. Compared to other similar campaigns, this is not the largest amount hackers have managed to steal, but it is a testament to the fact that the campaign was just getting started.

View Full Story 

ORIGINAL SOURCE: Softpedia

The post Russian Cron Malware Operators Arrested Before Banking Malware Taken Abroad appeared first on IT SECURITY GURU.



from Russian Cron Malware Operators Arrested Before Banking Malware Taken Abroad

The Infosecurity Europe IT Security Guru Awards 2017

This year IT Security Guru, ranked among one of the leading information security websites you should be reading, will be conducting its Infosecurity Awards at the Infosecurity Europe exhibition in London between 06-08 June 2017.

IT Security Guru has four categories in which all those attending Infosecurity Europe can vote for:

  • Best Stand
  • Best Newcomer
  • Best Giveaway
  • Best Speaker

If someone stands out to you, we want to hear about it and give the winners bragging rights! We would love vendors, CISOs, journalists, exhibitors, attendees and everyone in-between to participate in choosing the winners.

There will be two ways you can vote:

  1. Those that are more socially active can vote by using the hashtag #infosecGuru followed by the relevant category and the company’s or speaker’s name e.g #infosecGuru Best Stand FireMon.
  2. Printed answer sheets will be available on every stand where people can write down their winners.

Voting will stop on Thursday, 8th June at 4pm and any votes put forward after this date will not be counted.

The winners will be announced shortly after voting closes.

We look forward to seeing you there!

The post The Infosecurity Europe IT Security Guru Awards 2017 appeared first on IT SECURITY GURU.



from The Infosecurity Europe IT Security Guru Awards 2017

Three Quarters of CEOs Admit to Using Unapproved Programs and Applications, Putting Critical Data At Risk

Today, IT decision makers (ITDMs) say that half (50 percent) of all corporate data in the enterprise is held on laptops and desktops, instead of in the data centre or centralised servers. In the U.S., this rises to as much as 60 percent. Simultaneously, the significance of this data to the productivity and security of the business is well understood at the top of the organisation — with 63 percent of CEOs stating that losing this data would destroy their business. But, awareness of the risk is doing little to change adherence to proper security practices.

CEOs are playing a game of chance with critical corporate data

Despite the known risks facing organisations today, such as data breaches, business decision makers (BDMs) and CEOs are putting critical data at jeopardy. Three quarters (75 percent) of CEOs and more than half (52 percent) of BDMs admit that they use applications/programs that are not approved by their IT department. This is despite 91 percent of CEOs and 83 percent of BDMs acknowledging that their behaviours could be considered a security risk to their organisation. These findings are revealed in Code42’s CTRL-Z Study. It explores, in detail, the pressures faced by CIOs, Chief Information Security Officers (CISOs) and ITDMs, and compares their responses to the views of CEOs and BDMs who control the majority of the data outside the four walls of the enterprise. The Study, which takes into account the views of 800 IT decision makers — including CIOs, CISOs and CSOs — and 400 BDMs — including CEOs — within the U.S., U.K. and Germany, highlights that security and productivity are intrinsically linked in a data-driven economy.

Brand reputation is at risk due to a heightened focus on productivity over data security

There’s an ever-persistent balancing act between productivity and data protection in the modern enterprise. Now there is added pressure on ITDMs to help the enterprise rapidly recover from a breach, if it hopes to minimise a hit to reputation and ensure customer loyalty. The vast majority (80 percent) of CEOs and 65 percent of BDMs say they use unauthorised applications/programs to ensure productivity. However, half of ITDMs (50 percent) say that their ability to protect corporate and customer data is vital to their company’s brand and reputation — a sentiment that is shared by 50 percent of CEOs and 61 percent of CIOs. The majority of ITDMs do have laptop (86 percent) and server backup (95 percent) in place. However, at least 13 percent and 8 percent, respectively, have not tested their laptop or server backup programs. This tells us their approach is more of a “checkbox for compliance” and not a solution that adds practical value to the employees. If an enterprise-wide failure, such as a widespread and devastating ransomware attack, took place today the questions would be: “Is your IT team prepared to get you back up and running?” and, “How long would you take to be productive again, considering the amount of data held laptops and desktops?”

“Modern enterprises are fighting an internal battle between the need for productivity and the need for security—both of which are being scrutinised all the way to the CEO. By using unauthorised programs and applications, business leadership is challenging the very security strategies they demanded be put in place. This makes it clear that a prevention-based approach to security is not sufficient; recovery must be at the core of your strategy,” said Rick Orloff, VP and CSO at Code42.

An ever-evolving threatscape requires focus on both prevention and recovery

Now is definitely the time for change, and the enterprises that want to remain competitive are starting to act. It is a time for IT security visionaries and leaders to step forward. While 66 percent of BDMs and 66 percent of ITDMs agree that it will be up to CIO/CISOs to help their businesses adapt to the realities of the new threatscape in 2017, these figures also suggest there’s an opportunity for change. The question remains that, if it’s not the CIO or CISO, then who should take leadership on this front? One thing is certain: Globally 88 percent of enterprise ITDMs and 83 percent of BDMs believe that their companies will have to improve their breach remediation in the next 12 months. After all, as the saying goes, “It is not if, but when you will be attacked” — with as much as 48 percent of enterprises revealing that they have been breached in the last twelve months.

“The CTRL-Z Study brings a new perspective to my own experience in advising enterprises globally. When it comes business success it is all down to productivity and agility. Security in the modern enterprise is no different. Your strategy has to be built on three key pillars. First, you have to be able to spot risk sooner. Gaining visibility over where your data is, how it moves and who accesses it could act as an early warning system to alert you to both inside and external threats. Second, the enterprise as a whole always needs to be able to bounce back quickly and efficiently. Should a breach occur, your internal teams and the backup solutions you have in place need to be tested and ready to face the activity without it looking like a fire drill. Finally, if your business is to remain competitive, it needs to be able to recover quickly. Time is money, and in in the modern enterprise, so is data,” concludes Orloff.

The post Three Quarters of CEOs Admit to Using Unapproved Programs and Applications, Putting Critical Data At Risk appeared first on IT SECURITY GURU.



from Three Quarters of CEOs Admit to Using Unapproved Programs and Applications, Putting Critical Data At Risk

Mobile Ransomware More Than Trebled in Q1, 2017

The global nightmare of ransomware shows no sign of slowing down, with the volume of mobile ransomware rising over three-fold (3.5 times) during the first few months of the year, according to Kaspersky Lab’s Malware Report for Q1, 2017. The number of mobile ransomware files detected reached 218,625 during the quarter, compared to 61,832 in the previous quarter, with the Congur family accounting for more than 86 per cent. Ransomware targeting all devices, systems and networks also continued to grow, with 11 new cryptor families and 55,679 new modifications making their appearance in Q1.

Congur ransomware is primarily a blocker – setting or resetting the device PIN (passcode) so the requires the attackers to have administrator rights on the device, and some variants of the malware take further advantage of these rights to install their module into the system folder from where it is almost impossible to remove.

Despite the popularity of Congur, Trojan-Ransom.AndroidOS.Fusob.h remained the most widely used mobile ransomware, accounting for nearly 45 per cent of all users attacked by this threat during the quester. Once run, the Trojan requests administrator privileges, collects information about the device, including GPS coordinates and call history, and uploads the data to a malicious server. Based on what it receives, the server may send back a command to block the device.

The USA became the country hardest hit by mobile ransomware in Q1, with Svpeng ransomware the most widespread threat.

Geography of mobile Trojan-Ransomware in Q1 2017 (percentage of all users attacked)

In all, 55,679 new Windows ransomware modifications were detected during the quarter representing a near two-fold increase on Q4, 2016 (29,450). Most of these new modifications belonged to the Cerber family.

“The mobile threat landscape for ransomware was far from calm in Q1. Ransomware targeting mobile devices soared, with new ransomware families and modifications continuing to proliferate. People need to bear in mind that attackers can – and increasingly will – try to block access to their data not only on a PC but also on their mobile device,” notes Roman Unuchek, Senior Malware Analyst at Kaspersky Lab.

Other online threat statistics from the Q1, 2017 report include:

  • Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world.
  • 79,209,775 unique URLs were recognised as malicious by web antivirus components.
  • Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 288,000 user computers.
  • Crypto-ransomware attacks were blocked on 240,799 computers of unique users.
  • Kaspersky Lab’s file antivirus detected a total of 174,989,956 unique malicious and potentially unwanted objects.
  • Kaspersky Lab mobile security products also detected:
    • 1,333,605 malicious installation packages;
    • 32,038 mobile banking Trojans (installation packages).

To reduce the risk of infection, users are advised to:

  • Use robust security solutions and make sure they keep all software up to date.
  • Regularly run a system scan to check for possible infection.
  • Stay wise while online. Do not enter personal information into a website if you are at all unsure or suspicious.
  • Back up valuable information.

 

For help and advice on dealing with ransomware visit No More Ransom

Read the full version of the Kaspersky Lab’s Malware Report on Securelist.com.

 

The post Mobile Ransomware More Than Trebled in Q1, 2017 appeared first on IT SECURITY GURU.



from Mobile Ransomware More Than Trebled in Q1, 2017

WannaCry? Not really. A report from the 11th Eskenzi PR IT Analyst and CISO Forum

May 16th and 17th 2017 saw Eskenzi PR stage its 11th 2-day IT Security Analyst Forum, as usual, in London. The morning of the second day (which was a Wednesday) was the customary CISO (chief information security officer) roundtable. A coming together of 20 or so IT security leaders from blue chip UK enterprises and public sector organisations to share their views with the analysts and IT security vendors that sponsor the event.

The timing was interesting, as although no one knew it in the run-up, the event took place just after the WannaCry weekend (the global release of a worm carrying ransomware that infected certain unpatched and unprotected devices running Microsoft Windows). Speculation was rife on the Tuesday night that there would be gaps in the CISO line-up as some absented themselves to deal with the aftermath. Not so, they all turned up.

It was already becoming apparent that the WannaCry attack was not as bad as many had speculated. True, many of the CISOs’ weekends had been interrupted to assess any impact, but by Monday most felt their update and protection regimes has done the job. There was little sympathy for the more lackadaisical organisations that had been hit. It may be true that some organisations still have to run now unsupported Windows XP devices, but this does not mean they should be unprotected from intrusions.

The CISOs had plenty of other things to talk about. The impending GDPR (the EU General Data Protection Regulation) inevitably came up a few times. However, as Quocirca speculated in its recent Computer Weekly GDPR buyer’s guide, most CISOs felt their organisations were well on their way with their GDPR compliance plans. Generally it was considered that personal data has already been secured to deal with existing requirements, so the main new challenges were around data processing rules. There was a generally positive view of the regulation’s enhanced privacy aims and, for the record, the CISOs did not think Brexit would make much difference to UK data privacy laws.

Other issues arising included the need for CISOs to engage with their boards, to demonstrate the value of investing IT security and especially measured against the value of data. To this end, some saw WannaCry as a wakeup call, others as a distraction (this is an attack from yesteryear, which should have been repelled unnoticed). There was strong message to the vendors to focus more on integration within and between their products. DDoS (distributed-denial-of-service) attacks are still a problem but one that can be overcome.

A gripe that more could be done to keep crime at bay on the internet (if criminals were running down the high street on a smash and grab raid, law enforcers would not standby). That said, there was generally acceptance that public cloud providers were building platforms that could meet enterprise security needs and that most issues arose from the users of such platforms poorly managing access rights.

The event would not happen without the security vendors who sponsor it. The first day is a kind of speed-dating where the analysts get to meet each vendor and hear its latest news and value proposition.

Corero’s SmartWall, blocks DDoS attacks at scale, especially for service providers, cleaning up internet traffic for us all. Barracuda firewalls could have protected networks from WannaCry, if well managed. To that end, FireMon, has broadened its multi-vendor firewall management capability to other network devices and cloud-based deployments. If you are going to store sensitive data in the cloud, then perhaps you should consider bringing your own encryption keys, perhaps as enabled by Eperi.

Even if WannaCry had managed to get past network defences, then Darktrace’s threat detection with its machine learning should recognise the abnormal behaviour on your network and block it; Cylance would do the same on individual end-points. One of your security products may have safely tested WannaCry in a Lastline sandbox (although the WannaCry kill switch aimed to prevent this).

When it comes to controlling access, a new offering from MIRACL’s Trust ZFA uses software tokens on devices to authenticate users and devices, including Internet of Things (IoT) devices with direct end users. Although when it comes to the heavy weight stuff, it could be worth turning to Belden-owned specialist Tripwire which has a number of existing and new offerings for securing the industrial Internet of Things (IIoT).

And if your organisation does not want to do any of this itself, then NTT Security  has pulled together the resources of its sister companies Dimension, NTT Comms and NTT Data to provide robust security across its portfolio and on to its customers.

Thanks to Eskenzi PR for another great event, the CISOs for their time and the vendors for their sponsorship. The WannaCry criminals should also be acknowledged for providing a talking point, which despite the ill-intent, did not have the impact that at first seemed possible; perhaps in-part due to some of the innovation on show last week.

By Bob Tarzey, Analyst and Director, Quocirca Ltd.

 

ORIGINAL SOURCE : computerweekly.com

The post WannaCry? Not really. A report from the 11th Eskenzi PR IT Analyst and CISO Forum appeared first on IT SECURITY GURU.



from WannaCry? Not really. A report from the 11th Eskenzi PR IT Analyst and CISO Forum

Monday, 22 May 2017

May must be out in June: our last chance

Let’s not beat about the bush — Britain was tricked into voting for Brexit by an establishment determined to break Brussels’ interference in its increasingly hard-line and authoritarian policies. Theresa May is implementing that determination. There could be no IP Act nor Digital Economy Act if the ECJ has any say over UK laws. The […]

The post May must be out in June: our last chance appeared first on ITsecurity.



from May must be out in June: our last chance

WannaCry ransomware attack: How UK businesses can stay protected online

Earlier this month, businesses and organisations of all sizes from around the world were hit by a large-scale cyber attack, known as WannaCry, leaving them unable to access systems and data. The attack continued to affect companies over the days that have followed.

WannaCry is a form of ransomware, meaning it is a computer virus which encrypts files and keeps them encrypted until the hacker receives payment. WannaCry takes advantage of vulnerabilities in old Microsoft Windows systems, leaving anyone without the latest version in jeopardy.

So far, WannaCry has infected over 230,000 computers in 150 different countries. High-profile victims include the UK’s National Health Service (NHS), which was forced to turn away patients at several trusts, as well as Spanish telecoms company Telefónica and courier service FedEx.

With this in mind, Ebuyer has developed some top tips for businesses to follow to keep safe from online ransomware:

  1. IT managers and directors should be taking regular steps to ensure their network is secure and all security software is up to date.

 

  1. Gateway security (a machine through which data packets flow) should be employed and next-generation firewalls installed to allow for deep-packet inspection – a form of computer network packet filtering that examines data as it passes an inspection point. This will help identify hidden threats passing into your network.

 

  1. Implement internal monitoring and endpoint protection; a methodology of protecting corporate networks when accessed via remote devices such as laptops or other wireless and mobile devices. This will prevent malicious files from gaining access to the network by human error.

 

  1. It is essential that a reliable and thoroughly tested backup solution be put in place. This should be segregated from the rest of the network to prevent malware from spreading to it once infected.

 

  1. Ensure systems are up to date and supported for exploit patches.

New data protection laws are coming into play in May 2018 which will replace the current Data Protection Act (DPA) with the General Data Protection Regulation (GDPR).

Businesses need to ensure that their systems are fully protected in order to minimise the risk of breaches. Protecting malware from gaining access is also essential for any company which relies on its network or software to run its service.

Paul Lyon IT Director at Ebuyer said: “The cyber attacks on the NHS and the resulting fallout have once again brought into focus the importance of security both at home and in the office. Ransomware has been around for some time but this is by far the most high-profile attack.

“Cybercrime is a growing industry and criminals are becoming significantly more sophisticated and their attacks more destructive. New threats are constantly being developed. Businesses of all sizes, as well as the ordinary home user, are vulnerable to attacks and should always be on their guard.”

To find out more about ransomware and how you can protect yourself, please visit: http://www.ebuyer.com/blog/2017/05/ransomware-and-how-you-can-protect-yourself/

The post WannaCry ransomware attack: How UK businesses can stay protected online appeared first on IT SECURITY GURU.



from WannaCry ransomware attack: How UK businesses can stay protected online

One third of executives have blockchain on their mind

In a study among C-Suite executives seeking their perspective on blockchain, one third of almost 3,000 executives surveyed are using or considering blockchain in their business. According to the new IBM study, eight in ten of those exploring blockchain are investing either in response to financial shifts in their industry or for the opportunity to develop entirely new business models.

View full story

ORIGINAL SOURCE: Help Net Security

The post One third of executives have blockchain on their mind appeared first on IT SECURITY GURU.



from One third of executives have blockchain on their mind

HSBC voice recognition security system duped by customer’s twin brother

HSBC’s much-touted voice recognition software, used by half a million customers to verify their identity and secure their bank accounts, has successfully been duped by the brother of one of its customers. In an investigation carried out by BBC Click reporter Dan Simmons and his non-identical twin, Joe, the brothers revealed that it was possible to breach an HSBC customer’s account by mimicking their voice.

View full story

ORIGINAL SOURCE: IB Times

The post HSBC voice recognition security system duped by customer’s twin brother appeared first on IT SECURITY GURU.



from HSBC voice recognition security system duped by customer’s twin brother

Passenger processing system outage hits Australian airports

The passenger processing system used at Australia’s international airports is back up and running after causing lengthy delays in terminals including Brisbane, Melbourne, Sydney, and Auckland. International passengers were being checked-in manually as a result of the outage, causing long queues and delayed flights.

View full story

ORIGINAL SOURCE: ZDNet

The post Passenger processing system outage hits Australian airports appeared first on IT SECURITY GURU.



from Passenger processing system outage hits Australian airports

SSD Drives Vulnerable to Attacks That Corrupt User Data

NAND flash memory chips, the building blocks of solid-state drives (SSDs), include what could be called “programming vulnerabilities” that can be exploited to alter stored data or shorten the SSD’s lifespan. During the past few years, SSDs have slowly replaced classic disk-based HDDs as the prime storage medium for the world’s data, taking over not only in data centers, but our phones, tablets, laptops, and desktop PCs.

View full story

ORIGINAL SOURCE: The Bleeping Computer

The post SSD Drives Vulnerable to Attacks That Corrupt User Data appeared first on IT SECURITY GURU.



from SSD Drives Vulnerable to Attacks That Corrupt User Data

What is North Korea’s Unit 180? Cyber warfare cell could be behind most successful ransomware attacks

North Korea’s intelligence agency Reconnaissance General Bureau has a special cell called Unit 180 and it could be behind some of the most successful cyberattacks, security experts have claimed. Kim Heung-kwang, a former computer science professor in North Korea told Reuters the cyberattacks by North Korea were said to be organised by Unit 180. The attacks were aimed at raising money.

View full story

ORIGINAL SOURCE: IB Times

The post What is North Korea’s Unit 180? Cyber warfare cell could be behind most successful ransomware attacks appeared first on IT SECURITY GURU.



from What is North Korea’s Unit 180? Cyber warfare cell could be behind most successful ransomware attacks

Organisations must be prepared to quantify the ‘hidden’ costs of a breach to strengthen the case for continued security investment and help minimise IT downtime, warns Databarracks

As the financial implications of IT downtime continue to swell, organisations must be prepared to assign real costs to the intangible or ‘hidden’ damages, which are regularly experienced during a cyber security breach. This is according to Peter Groucutt, managing director of Databarracks:

“Increasingly, we are seeing organisations struggling to recover from a cyber incident when compared to more traditional types of downtime. If a disk fails or a database corrupts for example, the recovery process is relatively simple. You can fail-over to a replica system or restore data from a backup. Cyber-attacks however, add an increased layer of complexity.

Firstly, the root cause must be remediated which might include malware removal and access being revoked from any adversaries. Only then can you begin the recovery process, adding significant downtime for your business and customers. Because of this, IT Security teams need to have a stronger alliance with Continuity teams.

“Cyber threats are rapidly becoming some of the most significant continuity threats to a business. As new threats emerge, it’s imperative that security and business continuity (BC) teams work together to raise awareness and understand the risks of an attack, making them the focal point for the BC team’s future planning and testing.

“This collaboration will ultimately allow you to better respond to incidents and aid your

recovery, reducing downtime and data loss. To gain the budget and resource investment to adequately prepare for these threats, the business must acknowledge the actual costs it will absorb from an attack. Not just the direct costs, but the ‘hidden’ ones too.

Groucutt continues: “Typically, most businesses will include the obvious or tangible costs, like accounting for the immediate loss of income during a breach or any fines from a regulator. But often what is not considered are the intangible or ‘hidden costs’ such as impact to reputation. Critically, these costs are more significant, but often aren’t considered, leading to underinvestment in IT continuity and security.    

“Recently, we’ve seen the example of retailer Debenhams admitting that it had customer data stolen through a third-party. While this will rightly require a review of security practices of its supply chain, Debenhams will also face absorbing the ‘hidden’ costs associated with this breach. The immediate loss of income related to downtime of the website, which is still ongoing, is easy to calculate but the cost related to reputational damage, which will be suffered later, must also be included.

“To have a complete picture of the cost of downtime it’s imperative an organisation adds a monetary value to those ‘hidden’ costs, especially, as industry data suggests that over 90 per cent of cyber-attack costs are likely to be accrued in categories that are either intangible or less visible. In practice, this can be as simple as providing a reasoned estimate for that loss – for example, a five per cent reduction in sales for a six month period following a breach, which will equal a loss of £X thousand. Importantly, this will not only help you to understand the true cost of IT downtime, it can be also used as an exercise to leverage continued board-level investment into protection and mitigation strategies.”

 Groucutt concluded: “BC plans must now be tailored to address the growing cyber threat. Understanding the cost of IT downtime is integral to this process and while most plans will adequately account for those tangible cost, it’s imperative that they also recognise the intangible damages too. Doing so will not only help you to budget more effectively, but will also help provide the evidence needed to improve security practices and minimise downtime.”

The post Organisations must be prepared to quantify the ‘hidden’ costs of a breach to strengthen the case for continued security investment and help minimise IT downtime, warns Databarracks appeared first on IT SECURITY GURU.



from Organisations must be prepared to quantify the ‘hidden’ costs of a breach to strengthen the case for continued security investment and help minimise IT downtime, warns Databarracks

With a year to GDPR coming into force, what do businesses need to do?

With 25th May 2017 marking a year until General Data Protection Regulation (GDPR) comes into force, Mark Thompson, global privacy advisory lead at KPMG, highlights that business need to get their act together to make sure they don’t fall foul of the new legal framework. He said:

“On 25 May 2018, GDPR will affect organisations in the UK and worldwide that have any dealings with consumers and businesses in EU member states. It will fundamentally alter the scale, scope and complexity of the way personal information is processed. The regulation is going to require most organisations to make significant enhancements to their privacy control environment and rethink the way they collect, store, use and disclose personal information. These changes are going to be complex and take time, as such, most organisations cannot afford to wait.

“It’s worrying that with only a year to go, many organisations still have a lot to do. The truth is that many just don’t understand what they have to do and how to deal with it. The unknowns around Brexit have also posed some uncertainty on what GDPR will mean to the UK post-Brexit.

“When it comes to Brexit, it is critical to understand that if the UK is going to continue to trade with the EU, the free flow of personal information must be maintained. As such, we have to have an adequate privacy ecosystem in operation in the UK which is aligned to the requirements of the GDPR. What remains to be seen is whether the GDPR is subsequently repealed and replaced with something else post-Brexit.

“So that organisations don’t have issues and face subsequent enforcement, including fines of 4% of global turnover, businesses should:

  1. Raise awareness at the board level – the board needs to understand the implications of the GDPR and be bought into the need to make enhancements. This should result in the funding being made available to undertake a privacy improvement programme.
  2. Understand current state and set desired state – conduct a gap analysis against the GDPR to understand where your organisation is exposed to risk and determine what the risk appetite is.
  3. Plan and implement – create a detailed plan to enable the desired risk appetite to be reached and undertake a privacy improvement programme to deliver against this plan.”

The post With a year to GDPR coming into force, what do businesses need to do? appeared first on IT SECURITY GURU.



from With a year to GDPR coming into force, what do businesses need to do?

Friday, 19 May 2017

Proposed PATCH Act forces US snoops to quit hoarding code exploits

Two US senators have proposed a law limiting American intelligence agencies’ secret stockpiles of vulnerabilities found in products. The Protecting our Ability To Counter Hacking (PATCH) Act [PDF] would set up a board chaired by an Department of Homeland Security (DHS) official to assess security flaws spies have found in code and hardware, and decide if manufacturers should be alerted to the bugs so they can be fixed for everyone. Right now, as you probably know, the NSA et al discover exploitable programming and design blunders in computers and networking gear, and keep a bunch of the bugs to themselves so they can be used to infect and spy on intelligence targets. This means they’re not patched, leaving the flaws for miscreants and rival snoops to find and attack.

View full story

ORIGINAL SOURCE: The Register

The post Proposed PATCH Act forces US snoops to quit hoarding code exploits appeared first on IT SECURITY GURU.



from Proposed PATCH Act forces US snoops to quit hoarding code exploits

Banking association calls for end of ‘screen-scraping’

The European Banking Federation (EBF) has asked the EU Commission to support a ban on “screen scraping”. Screen-scraping services, seen as a first-generation direct access technology, allow third parties to access bank accounts on a client’s behalf using the client’s access credentials. The Revised Directive on Payment Services (PSD2) introduces a general security upgrade for third-party access to a client’s data.

View full story

ORIGINAL SOURCE: The Register

The post Banking association calls for end of ‘screen-scraping’ appeared first on IT SECURITY GURU.



from Banking association calls for end of ‘screen-scraping’

DDoS activity falls 30 per cent but Mirai-style attacks are on the rise

AKAMAI HAS WARNED that, while the volume of DDoS attacks has so far declined in 2017, a proliferation of Mirai-style hack on IoT devices means that bigger attacks could be just around the corner. The content distribution company, which accounts for as much as 30 per cent of all online traffic, made the claims in its latest State of the Internet (PDF) report. Like any product, DDoS attack tools follow a ‘hype cycle’, it suggested, but it is typically much faster than consumer technologies as the relatively small community working with botnets is very open to change.

View full story

ORIGINAL SOURCE: The Inquirer

The post DDoS activity falls 30 per cent but Mirai-style attacks are on the rise appeared first on IT SECURITY GURU.



from DDoS activity falls 30 per cent but Mirai-style attacks are on the rise

London City Airport’s new digital air traffic control tower ‘safe from cyber attack’

London City Airport is to become the first UK airport to install a digital air traffic control tower.
Air traffic controllers who have until now looked out from the tower to direct planes for take off and landing will be moved to a virtual control tower more than 80 miles away. The airport will decommission its traditional tower in 2019, meaning aircraft will be directed from Hampshire by controllers watching live footage from high-definition video cameras. Declan Collier, London City Airport chief executive, said he was “absolutely confident” the system is safe from cyber attack.

View full story

ORIGINAL SOURCE: The Telegraph

The post London City Airport’s new digital air traffic control tower ‘safe from cyber attack’ appeared first on IT SECURITY GURU.



from London City Airport’s new digital air traffic control tower ‘safe from cyber attack’

Font sharing site DaFont has been hacked, exposing thousands of accounts

A popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts. Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his name.The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site’s main database also contains the site’s forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site’s forums.

View full story

ORIGINAL SOURCE: ZDNet

The post Font sharing site DaFont has been hacked, exposing thousands of accounts appeared first on IT SECURITY GURU.



from Font sharing site DaFont has been hacked, exposing thousands of accounts

ValueLicensing reduces the cost of the war on cybercrime

Worried about the WannaCry virus? Don’t let the cost of upgrading your online security reduce you to tears, says ValueLicensing

Cyberattacks and data breaches are two of the greatest concerns for modern businesses – but making sure your business has access to greater security needn’t cost the earth, according to one expert.

The WannaCry ransomware cyberattacks that affected the NHS and other organisations across the world shows that it’s not just SMEs which are under threat. What’s more, the very nature of cybercrime means safeguarding against attack is incredibly hard to plan for.

However, says David Hubbard, deputy managing director of ValueLicensing, which specialises in the identification and resale of Pre-owned Microsoft Volume Licences, upgrading security doesn’t have to be as costly as the media has portrayed it this weekend.He said: “The recent WannaCry ransomware attack on businesses follows reports that online incidents now report for half of all reported crime.

“While cybercrime can be devastating for a business, it’s understandable given the media attention that some company owners delay their investment in securing their systems as they simply think it too expensive. This is the costly mistake the NHS – and so many organisations – have made.

“However, it doesn’t have to be that way. Windows 7/8.1/10 Enterprise Operating Systems and Windows server 2008/2012R2/2016 have additional security features and can keep your PCs and data safe by making them more resistant to all forms of malware, including those that use phishing attacks and rootkits.

Cybercrime cost UK businesses £29bn in 2016, with 2.9 million British businesses being affected in some way. ValueLicensing is urging companies of all sizes who don’t want to become part of this statistic to get in touch.

David added: “ValueLicensing can offer low-cost solutions for Systems still running Windows XP/Vista to Windows 7/8.1/10 and Windows Server 2003 to 2008/2012R2/2016. It is essential that companies have Operating Systems installed that continue to receive support from Microsoft, therefore reducing the risk of further attacks.

“What’s more, installing this software means that businesses won’t have to make costly investments in complementary hardware, which is what puts so many business owners off upgrading their security.Pre-owned licenses offer 35% to 70% savings as compared to buying new licences through traditional vendors.

“I’d urge any business owner who is worried about this weekend’s cyberattack to consider pre-owned licenses as a cost-efficient and secure solution.

ValueLicensing is a registered Microsoft Partner and Reseller.

The post ValueLicensing reduces the cost of the war on cybercrime appeared first on IT SECURITY GURU.



from ValueLicensing reduces the cost of the war on cybercrime

Samsung Pay Now Available to UK Visa Cardholders

With today’s launch of Samsung Pay, UK Visa account holders can now use their compatible Samsung smartphones for purchases worldwide. Visa’s tokenisation service enables cardholders to add their Visa credit and debit cards quickly and easily to the Samsung Pay wallet and pay in a secure and convenient way at contactless point-of-sale terminals. Samsung Pay is now available to Visa cardholders who bank with MBNA, Nationwide and Santander.

When a consumer loads their card into Samsung Pay, the app uses Visa tokenisation to replace the consumer’s sensitive account information with a different series of numbers – a “token” – that is specific to that card and device. Payments are made using the token so that the card information is never exposed, adding another layer of safety to digital payments. If the phone is compromised or stolen, the token cannot be used in any other environment and can easily be deactivated without requiring the Visa account to be cancelled.

Kevin Jenkins, Regional Managing Director, UK and Ireland, Visa, commented: “Today’s launch of Samsung Pay gives Visa account holders a mobile payment solution that enables safe and easy contactless in-store payments with their Samsung mobile. The phone is the one item people always have with them and Visa supports payment solutions that fit people’s changing lifestyles.”

Mobile Payment gets more popular

Visa’s 2016 Digital Payment study shows that there is high consumer demand for mobile payment solutions in the UK, with over 94% of the UK’s 18-24 years olds already using their mobile device to monitor their money or make payments. In fact, Visa predicts that payments from mobile devices will comprise 50% of all worldwide transactions by 2020. According to the study, more than four in ten people in the UK use their phones to pay bills (42 percent), buy takeaway food (45 percent), and pay for bus or train tickets (41 percent).

Visa in Samsung Pay

To pay, simply swipe up on the phone’s screen to select your Visa card of choice and confirm the payment via fingerprint, iris scan or passcode. With the Smartwatch Gear S3 the payment can be started with a touch of a button. The authorisation is conducted via passcode when putting on the Smartwatch. To complete the payment, simply tap the device on any contactless enabled POS terminals to pay contactless with as you would with your Visa card. Payments are confirmed immediately with a message sent to the Samsung device. Merchants that already accept contactless payment do not need to update their terminals to accept payments with Samsung Pay nor will there be any additional cost for the merchant or the Visa cardholder since the transaction is a Visa card transaction.

With the Near Field Communication (NFC) technology, Samsung Pay* can be used to touch and pay wherever Visa contactless debit cards or credit cards are accepted.

The post Samsung Pay Now Available to UK Visa Cardholders appeared first on IT SECURITY GURU.



from Samsung Pay Now Available to UK Visa Cardholders

Global survey reveals that most people are ill equipped to deal with ransomware

Friday’s ransomware attack, which affected 200,000 computer systems in 150 countries and crippled hospitals across the United Kingdom, is a frightening reminder of how much damage can be done by this type of malicious cyberattack. A new global survey of Internet users in 23 countries and Hong Kong (China) reveals that most people are ill equipped to deal with ransomware.

“It is simply unacceptable that people do not get the care they need because of cybercriminals attacking hospitals. We have a shared responsibility to collaboratively get this under control,” says Kathy Brown, President and Chief Executive Officer of the Internet Society (ISOC) which helped to fund the survey. “Law enforcement, IT professionals, consumers, business, and the public sector all have responsibility to act to keep enabling the good that the Internet brings.”

According to the joint CIGI, ISOC and UNCTAD Global Survey on Internet Security and Trust, conducted by global research company Ipsos, before the latest attack, 6 per cent of Internet users globally had already been personally affected by ransomware, with Internet users in India, Indonesia, China and the United States the most likely to be affected. An additional 11 per cent knew someone who has been hit by these malicious programs.

“Cyber thieves now operate on a global scale, as the most recent attack illustrates, and just about anybody can launch a ransomware attack,” says Fen Osler Hampson, Distinguished Fellow and Director of Global Security at CIGI. “Ransomware attackers have discovered that they don’t have to steal or destroy your data to enrich themselves, they just have to hold it hostage. Our survey data shows that many people are willing to pay to get their data back, which makes such attacks highly profitable.”

People remain largely unprepared for this new form of cyberattack, which encrypts their data and renders it inaccessible until they pay a ransom. Twenty-four percent of people admit they would have no idea what to do if their computer were to be hit with ransomware.

Many would turn to the authorities: 22 per cent would contact law enforcement, 15 per cent would contact their Internet Service Provider and 9 per cent would contact a private firm to try to retrieve their data. Unfortunately, the authorities are often unable to help. Once the data is locked, it is extraordinarily difficult to retrieve without either paying the ransom or restoring the files from a backup.

Here again, Internet users are woefully unprepared. Only 16 per cent of people globally indicate that they would retrieve their data from a backup.

Among those who had been affected by ransomware, 41 per cent said they had paid to have their device unlocked. Among those affected who did not pay the ransom, 45 per cent refused to pay, claiming that it is not right to pay criminals.

In any event, there remains some honour among thieves, as 91 per cent of Internet users who paid the ransom indicated that their device had subsequently been unlocked. Internet users in North America (10%) and Europe (15%) were the least likely to have their devices unlocked after they paid the ransom.

“The evolution of cybercrime has a negative impact on the willingness among people and enterprises to use the Internet for e-commerce and other productive activities,” says Torbjörn Fredriksson, Chief of ICT Analysis Section at the UN Conference on Trade and Development (UNCTAD) which helped to fund the survey. “This underlines the importance of legal and regulatory responses that include criminalizing conduct, enhancing law enforcement powers and putting in place cybersecurity frameworks that include prevention and permit active defense.”

About the Global Survey on Internet Security and Trust
The survey of 24,225 Internet users was conducted by global research company Ipsos, on behalf of the Centre for International Governance Innovation (CIGI) in collaboration with the Internet Society (ISOC) and the United Nations Conference on Trade and Development (UNCTAD) between December 23, 2016, and March 21, 2017. The survey was conducted in 24 countries—Australia, Brazil, Canada, China, Egypt, France, Germany, Hong Kong (China), India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, Republic of Korea, South Africa, Sweden, Tunisia, Turkey, United Kingdom and the United States.

The post Global survey reveals that most people are ill equipped to deal with ransomware appeared first on IT SECURITY GURU.



from Global survey reveals that most people are ill equipped to deal with ransomware

Thursday, 18 May 2017

100% of European Political Parties with upcoming elections have left themselves and voters open to email-based cyberattacks

New research, released today by Agari, reveals that despite the recent high-profile nation-state sponsored email attacks on political parties during elections, none of political parties in the UK, Germany and Norway, all of whom have upcoming elections, have email authentication or protection against spear phishing in place. 8% have published an email authentication policy but left the door wide open by setting their policy to “none”, which will not stop malicious emails from reaching intended victims. This lack of security is leaving voters, supporters and the parties themselves wide open to targeted email attacks using identity deception and social engineering methods.

As demonstrated in the past 12 months with the attacks on the En Marche! party in the French Presidential elections and on the Democratic National Committee (DNC) during the U.S. presidential elections, an email attack that results in leaks of sensitive data can deter from a free and fair election and, ultimately, impact the results.

To negate this risk, organisations should implement email authentication with a “reject” policy using the open standard DMARC. This prevents impostors from using the domains of the political parties to deceive internal campaign staffers, volunteers and the public. The combination of these two security defences would have prevented both the U.S. DNC compromise and the French En Marche! attack.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an open security standard that is designed to detect and prevent identity deception by enabling ISPs (Internet Service Providers) and any organisations receiving emails to check that incoming mail is authenticated. T However, in order for it to work, the political parties in Europe need to publish a DMARC “reject” policy, which none of them has done to date.

When examining the main political parties of UK, Germany and Norway, only the UK Liberal Democrats and the UK Green Party have put a DMARC “none” policy record in place. While this is a good start and shows they have the intent to protect themselves and the public, it is not yet sufficient to provide any protection. To block spoofing, these organisations need to take the steps to move to DMARC “quarantine” or preferably “reject”, to put unauthenticated messages in the SPAM folder or block them outright. DMARC policies are publicly available through DNS records and you can look up any political party’s policy here.

Dr Markus Jakobsson, Chief Scientist at Agari, comments: “This is a disaster waiting to happen. It appears that in spite of the now infamous email attacks that have blighted two elections in recent months, political parties are still showing no signs of even acknowledging that they need email protection. DMARC allows organisations to make it impossible to spoof their email domains. In the absence of a DMARC policy and protection against identity deception, anybody can write an email that appears to come from an unprotected organisation and have it delivered to the unwitting victim-to-be.”

“Take the Macron attack last month, where there were several email accounts associated with Macron’s campaign that were compromised in a spear phishing attack – none had a DMARC policy that would have defended against spoofing. As we head into the next election campaigns, only two UK political parties have a DMARC policy, but neither has it configured to block malicious traffic.”

“Moreover, most organisations, including political parties, use antiquated inbound email filters, with no protection against identity deception. If an organisation simply uses a spam filter, all they avoid is getting unwanted Viagra advertisements — they have no protection against phishing emails. Similarly, and sadly, even those that do have phishing filters only have partial protection, since traditional phishing filters rely on the blacklist paradigm, which is not applicable to spear phishing attacks. It is vital for political organisations to recognise the risks they are taking by not addressing this problem.”

In order to prevent these cyberattacks and preserve free and fair elections, Agari is offering the Agari Email Trust Platform and its email security expertise free of charge to political parties in the run-up to the UK, German and Norwegian elections in 2017. Agari has visibility into 70% of global inboxes, including the John Podesta and Macron campaign staff gmail accounts that were targeted in the U.S. and French elections.

Jakobsson concludes: “Enterprises have, increasingly, woken up to the threat they are facing and are starting to deploy the appropriate security countermeasures. It is time for political parties to recognise what is at stake and do the same.”

The Agari Email Trust Platform verifies trusted email identities based on insight into 10 Billion emails per day to stop advanced email threats that use identity deception. Agari protects the inboxes of the world’s largest organisations from the number one cyber security threat of advanced email attacks including phishing, spear phishing and business email compromise.

 

The post 100% of European Political Parties with upcoming elections have left themselves and voters open to email-based cyberattacks appeared first on IT SECURITY GURU.



from 100% of European Political Parties with upcoming elections have left themselves and voters open to email-based cyberattacks

HP Inc wireless mouse can be spoofed

If you’re using an HP Inc wireless keyboard/mouse combo and the cursor starts behaving badly, someone might be pranking you. That’s because the wireless mouse in the ERK-321A bundle is unencrypted: anyone can sniff its signals, learn its protocol and commands, and inject their own signal in a spoofing attack. German pentesters Syss reported the bug to HP Inc in March, got no response, and went public yesterday.

View full story

ORIGINAL SOURCE: The Register

The post HP Inc wireless mouse can be spoofed appeared first on IT SECURITY GURU.



from HP Inc wireless mouse can be spoofed

Gotcha, Tatcha! Thieves hide in servers to hoover up victims’ bank card numbers mid-order

Cosmetics peddler Tatcha is warning customers after hackers were able to compromise its website and harvest payment card details as orders poured in. The US branch of the Japanese biz has been sending notices this month to customers whose card details were apparently stolen on January 8 of this year and discovered in April. “During the early part of 2017, an unauthorized person may have gained access to information keyed into the Tatcha checkout process,” Tatcha’s notice reads.

View full story

ORIGINAL SOURCE: The Register

The post Gotcha, Tatcha! Thieves hide in servers to hoover up victims’ bank card numbers mid-order appeared first on IT SECURITY GURU.



from Gotcha, Tatcha! Thieves hide in servers to hoover up victims’ bank card numbers mid-order

Romania foreign ministry target of “surgical” cyberattack

Ukrainian accusations that Moscow was behind cyber attacks on President Petro Poroshenko’s official website are baseless, Kremlin spokesman Dmitry Peskov said on Wednesday. “The lack of any details confirms the groundlessness of the accusations,” Peskov told reporters during a regular conference call. Ukraine accused Russia on Tuesday of carrying out an organised cyber attack on Poroshenko’s website in response to Kiev’s decision to impose sanctions against a number of major Russian internet businesses.

View full story

ORIGINAL SOURCE: Business Insider

The post Romania foreign ministry target of “surgical” cyberattack appeared first on IT SECURITY GURU.



from Romania foreign ministry target of “surgical” cyberattack

Researchers discover another ongoing cyberattack using NSA hacking tools

Cybersecurity researchers have identified a second ongoing global cyberattack that has quietly hijacked hundreds of thousands of computers around the world, including many in the United States, for a massive cryptocurrency mining operation.While investigating the WannaCry ransomware attacks, researchers at the cybersecurity firm Proofpoint stumbled upon another “less noisy” form of malware called Adylkuzz that, the firm says, has likely generated millions of dollars in cryptocurrency for the unknown attackers.

View full story 

ORIGINAL SOURCE: ABC News

The post Researchers discover another ongoing cyberattack using NSA hacking tools appeared first on IT SECURITY GURU.



from Researchers discover another ongoing cyberattack using NSA hacking tools

British MPs targeted by hackers in co-ordinated attack

British MPs were targeted in a co-ordinated hacking attempt this year, according to intelligence officials, an attack that has raised concern over foreign meddling in the forthcoming election.The attack was politically motivated, a senior security official told the Financial Times, and was likely to have been the work of a state. Officials said they could not discuss further details because of operational sensitivity and because the threat was still present.

View full story

ORIGINAL SOURCE: Financial Times

The post British MPs targeted by hackers in co-ordinated attack appeared first on IT SECURITY GURU.



from British MPs targeted by hackers in co-ordinated attack

Ransomware Attack a Wake-Up Call

The WannaCry ransomware attack that has impacted an estimated 300,000 users in 150 countries is a wake-up call for both government and business, said the global body for ICT professionals.

Mike Hinchey, President of IFIP (International Federation for Information Processing), today warned that WannaCry was only the latest in a series of online attacks that are likely to escalate in coming weeks and months.

“While we don’t yet know who is responsible for the WannaCry attacks, we do know that the ransomware was developed out of exploits leaked or stolen earlier this year from America’s National Security Agency (NSA), which had been stockpiling them for use in spying,” said Mr Hinchey.

“This is the first widespread application of those exploits, but it’s only a matter of time before other attempts are made using adapted versions of the spyware tools taken from the NSA.”

ICT Professionals Must Maintain Standards

Mr Hinchey said ICT professionals must take responsibility for ensuring that systems within their domain are up to date and protected from external threats like ransomware or spyware.

“People responsible for procuring, implementing and maintaining ICT systems have a duty of care to ensure that critical infrastructure and data are protected.  In our increasingly connected world, where computers run everything from utilities and transport platform to banking systems and even life support facilities in hospitals,” he said.

“Government agencies and companies seeking to save money by delaying software upgrades need to consider the potential cost of leaving key systems undefended against cyber attacks is much higher than simply losing access to some information.”

The WannaCry attacks were focused on older versions of the Windows operating system (OS) which are no longer automatically supported by Microsoft. However, in environments such as Britain’s National Health Service (NHS), which still uses Windows XP to maintain compatibility with internal business systems, the ICT professionals managing these systems should purchase security updates from Microsoft to ensure that their critical infrastructure is protected.

Mr Hinchey said the biggest impacts are being felt in organisations with outdated software like NHS and in countries like China and Russia, where many people use pirated software that doesn’t receive regular vendor updates.

“Cybercrime is not new. The ICT profession has processes and standards in place to protect users from external attacks, but if these processes have not been followed then users and systems are left vulnerable.”

IFIP Duty of Care for Everything Digital

Last November, IFIP’s professionalism arm, IP3, launched iDOCED, the IFIP Duty of Care for Everything Digital Initiative. iDOCED is designed to remind and support both providers and consumers of digital products and services that they have a duty of care in ensuring that they act responsibly in relation to the digital world.

At the time, IP3 Chair, Brenda Aynsley said, “The iDOCED seeks to raise awareness of what users can and should do to protect themselves in today’s digitally-connected world, and to highlight the need for companies to act responsibly and ethically in the development and implementation of commercial products and services.”

IFIP wants companies to ensure their products and services HIT the mark for their clients, customers and the broader community, where HIT stands for Honour, Integrity and Trust, all of which are part of the Duty of Care for ICT professionals in the execution of their work.

In relation to ransomware attacks, IFIP recommends that users implement regular backups of all important files and ensure that they are using up to date software with automated updates installed.

“Microsoft released a patch back in March for the vulnerability being exploited by the WannaCry ransomware, but the update must be applied in order for it to be effective,” Mr Hinchey said.

The post Ransomware Attack a Wake-Up Call appeared first on IT SECURITY GURU.



from Ransomware Attack a Wake-Up Call

Password inertia leaving UK consumers at risk of fraud, research reveals

Less than half (49%) of consumers regularly change their passwords as a way to prevent fraud, according to research from Callcredit Information Group. Yet, the majority (66%) perceive the risk of identity theft and online fraud as one of their biggest concerns around sharing personal information online.

The research*, commissioned by Callcredit Information Group as part of the Unlocking the potential of personal data report, also found that only two-thirds of consumers (65%) have a highly-secure password. That is, a mixture of upper and lower case letters, numbers and symbols.

However, the findings suggest that consumers are not widely employing other simple fraud prevention techniques. Of the 3,000 UK-based consumers surveyed, only just over half (51%) have downloaded anti-malware security software and just over a third (38%) set browser privacy settings. When shopping online, well under half, just 41%, check the authenticity of an organisation before purchase.

John Cannon, Fraud & ID Director, Callcredit Information Group, commented: “Despite a significant rise in online fraud, and concern around sharing personal information, consumers don’t appear to be adequately protecting themselves against cyber-crime. Simple techniques, such as regularly changing passwords, aren’t being implemented by a significant proportion of consumers.

“Our research suggests that there is a real need for consumer education about anti-fraud techniques. It is crucial that businesses not only monitor for fraud, but educate consumers about existing risks and fraud prevention tactics. Organisations could, for example, encourage customers to regularly check their credit report to help spot unusual activity. This is especially important given that customers’ digital identities increasingly form part of the checks that organisations perform.”

The research does show there are some steps that consumers are taking to protect themselves against fraud, with the most popular tactics being:

  • Changing social media privacy settings (34%)
  • Downloading an ad blocker (33%)
  • Deliberately sharing fake details with organisations (18%)

In addition to the above, other simple steps consumers can take to keep themselves and their identity and personal information safe online are:

  • Never use a password more than once. If a cyber-criminal were to get hold of the password for one account they may try to access others
  • Check to see if the website you’re using is genuine. Does it make a small padlock in the address bar, for example?
  • Check your credit report, with services such as Noddle, regularly to make sure there are no new searches or lines of credit you don’t recognise
  • If a website uses two-factor authentication, make use of it. It strengthens your login security and requires two stages to confirm your identity

The post Password inertia leaving UK consumers at risk of fraud, research reveals appeared first on IT SECURITY GURU.



from Password inertia leaving UK consumers at risk of fraud, research reveals

SailPoint report benchmarks enterprises’ reactions to the surge of breaches, reveals 3 in 5 companies expect to be breached in 2017

SailPoint, the leader in enterprise identity management, today announced the results of its 9th annual Market Pulse Survey which explores how enterprises are changing their approach to security, amid an evolving threat landscape that sees almost daily announcements of data breaches, including some of the largest ever recorded. This years’ Market Pulse Survey found that of the 50 per cent who reported being breached in 2016, the average material impact to the business was £3.1million ($4m). The survey also found that 35 per cent of companies suffered two or more breaches in the last twelve months. Unfortunately, 3 in 5 expect to be breached in 2017, with 29 per cent believing they won’t even know they were breached when it happens. As a result, survey respondents are focused on mitigating their exposure points as an organisation – with 65 per cent seeing identity management as a foundation of their security strategy.

The SailPoint Market Pulse Survey provides a global benchmark into how IT decision-makers are navigating today’s compliance and security challenges. The company commissioned independent research firm Vanson Bourne to interview 600 senior IT decision-makers at organisations with at least 1,000 employees across Australia, France, Germany, Italy, the United Kingdom and the United States.

The report did find some common areas of risk that organisations need to address:

  • Documents and files may be an enterprise’s biggest downfall in 2017: Unstructured data that lives outside of structured corporate systems and applications is a huge red flag for enterprises today – even though that data runs rampant through a typical enterprise, 41 per cent aren’t sure how to manage and protect that data from theft.
  • Employees need to understand – and follow – corporate security policies: Over one-third of respondents (42 per cent) cite trends like Bring-Your-Own-Device (BYOD) and Shadow IT as great areas of risk for their organisation, yet less than half have formalised corporate security policies in place. Coupled with the risks posed by continued poor password hygiene cited by 25 per cent of respondents, it’s clear that enterprises need to better outline and enforce corporate security policies, company-wide.
  • The contractor workforce is an enterprise blind spot: The surge in freelancers, contract workers and other third parties that make up today’s diverse workforce presents a significant challenge for organisations as it relates to managing identities and their access. 46 per cent of respondents are concerned with the threat that contractors may pose to their organisation, with 70 per cent admitting they don’t have full visibility into the access contractors have to corporate systems and the sensitive data that lies within.

“This year’s Market Pulse Survey highlights that the conversation is clearly changing as organisations consider how to mitigate their risk – or minimise their exposure when a breach happens,” said Juliette Rizkallah, chief marketing officer for SailPoint. “This is a positive change, as fostering open conversations and best practices will only benefit these organisations when they find themselves in the unfortunate position of being breached. The common areas of exposure can be addressed, but many organisations are struggling with how or even where to start. This report provides a clear roadmap for them to get their house in order.”

At the same time, the Market Pulse Survey reveals that IT decision-makers now view identity as the center of their security program. In fact:

  • 46 per cent of respondents are concerned about proper visibility into who has access to what across their corporate network, with a majority (86 per cent) admitting that if their CEO’s email was hacked, they wouldn’t immediately know what their exposure points were.
  • 77 per cent of respondents now understand the importance of having strong identity governance controls in place across their organisation’s entire IT infrastructure, especially when it comes to showcasing that those controls are in place to their board of directors.
  • The benefits of an identity governance programme are clear, with respondents citing enhanced security (65 per cent), a more automated and efficient organisation (64 per cent), and business enablement (58 per cent), as key business benefits.
  • Specific to European respondents, as the GDPR compliance deadline looms, compliance bubbled to the top as a key goal and driver behind identity governance programmes for nearly three-quarters (73 per cent) of UK respondents

“There is a silver lining to our report. It’s clear that now more than ever before, organisations better understand what – and where – their risks are, and that identity management can help address those risks. Identity provides that ability to put the detective and preventive controls in place to address all of these exposure points, while automating many identity-related processes to ensure that only the right people have the right access to applications and data at the right time,” continued Juliette Rizkallah. “By putting identity at the center of security and IT operations, these organisations can move their IT teams out of full-time firefighting mode, freeing them up to focus on enabling the business to move forward, confidently and securely.”

The post SailPoint report benchmarks enterprises’ reactions to the surge of breaches, reveals 3 in 5 companies expect to be breached in 2017 appeared first on IT SECURITY GURU.



from SailPoint report benchmarks enterprises’ reactions to the surge of breaches, reveals 3 in 5 companies expect to be breached in 2017

Wednesday, 17 May 2017

May Sketch: Reactions to Macron’s Victory

World Leaders’ Reactions to Macron’s Presidential Victory As reported by Yahoo Share This:

The post May Sketch: Reactions to Macron’s Victory appeared first on ITsecurity.



from May Sketch: Reactions to Macron’s Victory

WannaCryptor ‘Afterthoughts’…

…Not that we’re exactly in the post-WannaCryptor era yet. But forgive me if you’ve heard enough of the saga of the ransomware ESET calls Win32/Filecoder.WannaCryptor.D (after just a few days, I certainly have). Craig Williams, of the company Gigabyte IT Solutions on St. Helena, mailed me wondering about my take on the issue.* Here are a […]

The post WannaCryptor ‘Afterthoughts’… appeared first on ITsecurity.



from WannaCryptor ‘Afterthoughts’…

Tuesday, 16 May 2017

What is the best investment you can make in cybersecurity today?

How to invest in cybersecurity with immediate results

The scale and complexity of cyber crimes are rising at an alarming rate but unfortunately, on the other side, the general lack of cyber security awareness is dropping in organizations even for those who are spending thousands on high-end technology. What investors fail to realize is that there is no such high-end technology that can help them defend against rising threats from cyber criminals.

So what is the best investment you can make in cyber security as a business?

Spending millions on technology will make you feel like you are doing the right thing and it will make you safe. But in reality, major cyber security threats aren’t prevented using high-end technology, they are prevented by leveraging the human brain, after all, these attacks are being constructed by humans.

Every organization has a number of employees who have no idea what cyber security is and which results in human error. Cyber criminals are targeting these people by scamming them into opening malicious software. So the best investment you can make today is indeed on cyber security awareness amongst your company’s employees.

For all kinds of cyber attacks, the first line of defense is none other than the leaders and employees themselves who are a part of an interconnected chain of a network. These are the people who if knew how to prevent an attack would never let one sneak by.

Yet organizations are failing to realize that this is indeed the biggest loophole in their cyber security defense strategy.

So as a company, you have to realize that spreading awareness is of number one priority. Before you set yourself to buy complex technology thinking that it will effectively and automatically defend against cyber attacks, look at your workforce and see if they even know how to best use that technology.

The post What is the best investment you can make in cybersecurity today? appeared first on Cyber Security Portal.



from Annadiane Annadiane – Cyber Security Portal https://cybersecurityportal.com/best-investment-can-make-cybersecurity-today/

Cyber attack: Latest evidence indicates ‘phishing’ emails not to blame for global hack

Latest evidence suggests “phishing” emails are unlikely to have caused the global cyber attack that wreaked havoc at dozens of NHS trusts and hit hundreds of thousands of computers in 150 countries. Security experts have disputed claims that the virus was spread through suspicious emails, saying that computers were vulnerable to the bug regardless of how vigilant users were. Experts said that unless IT departments patched the virus and backed up their files they could be hit by the attacks.

View full story

ORIGINAL SOURCE: The Telegraph

The post Cyber attack: Latest evidence indicates ‘phishing’ emails not to blame for global hack appeared first on IT SECURITY GURU.



from Cyber attack: Latest evidence indicates ‘phishing’ emails not to blame for global hack

“Noticeable decline” in distributed denial of service attacks in Q1 2017: Kaspersky

Russian cybersecurity company Kaspersky Lab has found a “noticeable decline” in the number of overall distributed denial of service (DDoS) attacks and a change to how they were dispersed by country. Kaspersky released late last week its Q1 2017 DDoS Intelligence Report, which confirms forecasts about the evolution of DDoS attacks made by the company’s experts following the company’s 2016 results. Despite the growing popularity of complex DDoS attacks continuing into the first quarter of the year, there were some major changes, Kaspersky noted in a statement.

View full story

ORIGINAL SOURCE: Canadian Underwriter

The post “Noticeable decline” in distributed denial of service attacks in Q1 2017: Kaspersky appeared first on IT SECURITY GURU.



from “Noticeable decline” in distributed denial of service attacks in Q1 2017: Kaspersky

All Orthopaedic Outpatient Clinics Cancelled by Northumbria NHS

Planned orthopaedic outpatient clinics on all sites will not take place today and will be rescheduled as soon as possible, Northumbria NHS has said. It follows the healthcare services’ ongoing recovery from the global cyber attack which took place on Friday 12th May. Northumbria NHS has said it continues to experience disruption to some planned services, and that people with minor ailments should avoid using emergency services.

View full story

ORIGINAL SOURCE: ITV

The post All Orthopaedic Outpatient Clinics Cancelled by Northumbria NHS appeared first on IT SECURITY GURU.



from All Orthopaedic Outpatient Clinics Cancelled by Northumbria NHS

DocuSign Forged – Crooks Crack Email System And Send Nasties

Electronic signatures outfit DocuSign has warned world+dog that one of its email systems was cracked by phisherpholk. The company has of late reported an extensive phishing campaign that sees messages with the subject line “Completed *company name* – Accounting Invoice *number* Document Ready for Signature” land in plenty of inboxes. As is the way with such things the mail carried a link to a Microsoft Word document bearing “macro-enabled-malware.”

View full story

ORIGINAL SOURCE: The Register

The post DocuSign Forged – Crooks Crack Email System And Send Nasties appeared first on IT SECURITY GURU.



from DocuSign Forged – Crooks Crack Email System And Send Nasties

WannaCry ransomware cyber-attack ‘may have N Korea link’

You may not have heard of the Lazarus Group, but you may be aware of its work. The devastating hack on Sony Pictures in 2014, and another on a Bangladeshi bank in 2016, have both been attributed to the highly sophisticated group. It is widely believed that the Lazarus Group worked out of China, but on behalf of the North Koreans. Security experts are now cautiously linking the Lazarus Group to this latest attack after a discovery by Google security researcher Neel Mehta. He found similarities between code found within WannaCry – the software used in the hack – and other tools believed to have been created by the Lazarus Group in the past.

View full story

ORIGINAL SOURCE: BBC

The post WannaCry ransomware cyber-attack ‘may have N Korea link’ appeared first on IT SECURITY GURU.



from WannaCry ransomware cyber-attack ‘may have N Korea link’

Cloud Encryption: Bring Your Own Key Is No Longer Enough

‘Trust’ can be both a terrific enabler and a severe inhibitor in cloud services adoption. Keen to benefit from the cloud’s promise of flexible and scalable on-demand computing, businesses everywhere continue to migrate increasing volumes of critical data off-site and into the hands of third party cloud service providers. Each time this happens, however, they must answer the same question: what guarantees do I need before I can trust this provider to protect my data?

Who holds the power to access a firm’s private data in the cloud is a big and thorny issue. Hosting services operate, by definition, across borders whereas the regulations that grant nation states and other third parties power-of-access, do not. Governing authorities around the world therefore vary in their ability to compel cloud service providers to sacrifice customer privacy and comply with their access demands.

As a result, encryption now has a major role to play in the security process. Companies that trade in confidentiality, banks for example, commonly use encryption as a defense against third party intervention from nation states and cybercriminals alike. When rolled into their cloud provider’s managed service contract, however, encryption actually does relatively little to reassure: if the provider can already be strong-armed into granting access, surely they can also be compelled to relinquish their encryption keys, making life pretty awkward for everyone involved. Nonetheless, a study from Ponemon Institute & Thales[1], revealed that 37% companies worldwide still rely on their cloud providers to generate and manage both the keys and the encryption process.

‘Bring Your Own Key’ (BYOK), where the end-user independently generates, backs up and submits its own encryption keys, neatly addresses this concern. If the service provider doesn’t have access to the key in the first place, it can’t be compelled to hand it over, meaning that the user’s data will remain encrypted no matter who tries to access it. Sadly, BYOK creates another set of problems. Assuming sole control over an encryption key, however, is a hefty responsibility. Loss or error could prevent a business from decrypting its own data, resulting in paralysis. Theft of the encryption key puts the entire security operation in jeopardy, meaning that the user’s back up process must itself be subject to high-security measures. What’s more, if the key is lost or stolen, help is very hard to come by. The service provider, having already been relieved of their key liability, is powerless to assist. In many ways BYOK replicates the problems associated with more traditional usernames and passwords. Key ubiquity, like password ubiquity, replaces one security headache with another:  should there be a key to all the keys? How is that key secured? And so on.

BYOK poses operational challenges, too. Once the user’s key has been created and submitted to the service provider it can’t be retrieved, or at least not easily. Security best practice also dictates that each individual cloud service should have its own unique key. Where vast stores of data are concerned, risk mitigation policies encourage firms use a variety of keys and to spread their data between several providers, each of which will have its own unique blend of encryption engines, protocols and messaging formats. This situation is worsening too: Forrester predicts that the practice of blending multiple cloud models will increase in 2017 and calls on companies to take specific steps to secure their whole environment.[2]

When combined, these factors add up to a complex and multi-faceted BYOK challenge, of which nothing less than bullet-proof management is acceptable.

Fortunately, demand for what could now be called ‘Manage Your Own Keys’ (MYOK™) can be well supported by specialist software, purpose-designed to put users back in the driving seat. These platforms enabling users to control and manage the entire lifecycle of their own, unique portfolio of keys; generating, storing, deploying, retrieving, backing-up, restoring, revoking and updating as they go.

Such systems also arm users with the capability to expand their use of encryption. Today’s large enterprises invariably use a host of different cloud models – public, private and hybrid amalgamations of the two. MYOK™ systems enable users to address them all with cryptography, creating and managing keys regardless of their required shape, form and destination. This is democratizing what has, until now, been regarded as a complex and highly technical security process.

This is just the beginning. The number and variety of uses for encryption keys is exploding. Having begun life in network management and financial services, encryption and other cryptographic functions are fanning out rapidly, to secure data created by smart devices, connected cars, intelligent building systems and all manner of other connected consumables that together comprise the Internet of Things.

There is little doubting the level of enthusiasm for cloud-based data storage and transmission services. The big problem has been that major stakeholders have had a hard time balancing their need to guarantee security, control and confidentiality with the huge gains that the cloud can deliver in terms of flexibility, scalability and operational agility. Key management platforms enable this balance to be struck, reducing time to market for those delivering cloud-dependent products and services while, at the same time, ensuring they remain the sole proprietors of their data, regardless of where it is kept or how it is transmitted.

If the encryption industry is to avoid replicating the mistakes of the username and password model, it must promote an approach that has secure key management at the center. Only then can the full promise of the cloud be realized, finally unburdened by issues of trust.

[1] 2017 Global Encryptions Trends Study (April 2017)

[2] Predictions 2017: Customer-Obsessed Enterprises Launch Cloud’s Second Decade (November 2016)

NB: MYOK™ is a registered trademark of Cryptomathic Inc.

 

The post Cloud Encryption: Bring Your Own Key Is No Longer Enough appeared first on IT SECURITY GURU.



from Cloud Encryption: Bring Your Own Key Is No Longer Enough