Friday, 22 December 2017

The path for SMEs and GDPR

The end of 2017 is fast approaching. 2018 is set to be a fresh start for many, bringing with it new ideas and opportunities to make this world a more secure and safe place. It also marks the implementation of GDPR, which is set to revolutionise the way our data is stored and protected. Failure to do so means that severe fines will be imposed. While many large organisations might just survive the financial costs if they were caught with their security pants down, the same can’t be said for small enterprises.

According to the latest survey by the Close Brothers, only one in four SMEs have prepared for the General Data Protection Regulation (GDPR), with just only one in three being aware of GDPR’s implications.

For those that are not ‘aware’ and not ‘prepared’, then perhaps the potential of being fined up to €20m or 4% of their annual global turnover will get their attention. This amount could potentially bankrupt many SME’s, so with the GDPR implementation date around the corner, the time to act is now.

The Issues

Gerald Beuchelt, chief information security officer at LogMeIn, believes small businesses have as much at stake as any organisation when it comes to GDPR. “Smaller businesses with lower turnovers are likely to feel the negative effects of non-compliance hard than larger organisations. Non-compliance can also result in court orders which will forcibly change how a company does business, and can also impact where it really hurts – in consumer confidence.”

Many organisations would be conscious of reputational damage caused should a company be found non-compliant. However, there is a common challenge that many SME’s face as Helen Daveport, director at Gowling WLG alludes to, and that is that they “do not have the access to advice and resources to dedicate to compliance compared to larger organisations.”

To some however, the term ‘size doesn’t matter’ comes to mind when discussing GDPR preparedness. David Fathers, regional general manager at Crown Records Management states “size is not the sole defining factor” and instead “it is the volume and sensitivity of the data being processed that matters.” Many organisations still hold data in paper format instead of digital form, which can prove to be a complication for some companies. Fathers continues, “for those thousands of boxes in storage it really is time to decide what is in them and what needs to be kept. In some cases, it may be better to destroy boxes which hold out-of-date data – data which no longer must be kept by law – than to keep them ‘just in case’ they are useful in future. In reality, it may prove costlier to keep data which is hard to locate and edit – and open up businesses to the possibility of future fines.”

Steps forward

For organisations scrambling and searching for which steps need to be taken first, there are a few specific things that can be done right away. A starting point would be to carry out a comprehensive data audit to locate exactly what data is being held and where it is being stored. David Fathers says “not all smaller companies will need to appoint a data protection officer but it is also vital that someone in the business takes responsibility for keeping up to date with the regulation. We’ve seen many companies start with an assumption that it’s an issue for the IT department. But, in reality, it’s a company-wide issue which requires board-level leadership, and buy-in from every employee in every department.”

Jonathon Wood, director at C2 Cyber, believes “human error can represent the biggest threat to information security, so an audit of staff and the way they are behaving, such as awareness of storage and security good practice, remote and mobile working policy and two step encryption, are all key.”

He continues, “most organisations have all the technology in place to ensure they are as secure as possible but many aren’t using it properly, so training the team coherently to ensure they are ahead of GDPR is a must.

For Alastair Paterson, CEO and co-founder of Digital Shadows, it’s imperative that enterprises “establish GDPR compliance processes now. All firms need to establish and test processes in advance to ensure they know how and who to notify in the event of a breach. With only 72 hours to spare, SMEs can’t afford to wait and figure it out ‘on the fly.’ It is also advised that organisations seek legal counsel before carrying out any drastic changes. All of these changes require considerable thought, time and effort. Before firms go too far down the path of implementing processes and any supporting technologies required, they should seek professional legal advice to ensure that their chosen approaches suitably address the legislation.”

Eric Berdeaux, CEO at OXIAL, claims “GDPR is the most significant change to data protection law in the EU for a generation” and he is not wrong. With time slipping away, organisations need to refrain from burying their heads in the sand otherwise they will suffer from the ramifications of not being compliant at their own peril.

A number of helpful resources and guidelines are available via The Information Commissioner’s Office (ICO)

The post The path for SMEs and GDPR appeared first on IT SECURITY GURU.

from The path for SMEs and GDPR

Sophisticated cyber threats are biggest technology fear for financial and public sector in 2018

The financial services industry and public sector are aligned in their concerns about data and system security, with both citing a fear of harmful cyber threats emerging in 2018, according to a new study from digital workplace provider Invotra.

The research, conducted among 504 senior IT managers working across public sector and financial organisations, found that 79% of those in the public sector, and 85% of respondents in the financial services sector, consider data and systems security to be their biggest priority. Both groups also said that the most notable impact of high profile cyber attacks hitting the headlines was greater scrutiny on existing systems. When asked how well equipped their organisation is to defend itself against cyber attacks, the financial sector showed greater confidence, with 94% saying they had a strong line of defence, compared to 88% in the public sector.

Fintan Galvin, chief executive officer at Invotra said, “We commissioned this research to understand digital challenges facing the financial and public sectors. Both sectors are under pressure to modernise systems, make them accessible, and to keep pace with emerging technologies; all the while tackling sophisticated security threats. These are real hurdles for IT professionals today so it’s no wonder they have concerns for the year ahead.”

Exploring respondents attitudes to digital transformation, public sector IT managers were asked how well they felt the sector was progressing. 44% described digital transformation as ‘an important focus’, but said the public sector is way behind the private sector.  There was greater confidence and belief among financial services professionals, with a smaller proportion (19%) feeling financial services lags behind other sectors, and just a small proportion (8%) of respondents in the financial sector describing digitisation as ‘an aspiration’ and ‘not an achievable goal’.  In the public sector, a larger proportion (18%) said digital transformation was ‘a buzzword’ and described it as ‘meaningless’, and a fifth said digital transformation was too costly compared to 13% in the finance sector.

With the emphasis on improving digital services, Invotra also wanted to understand how technology professionals rate current investment levels. Almost half (49%) of public sector respondents said about the right amount had been invested to support broader digital transformation initiatives, but almost a third (32%) said investment to date had been inadequate. In the financial sector, 64% of respondents believe the right amount has been invested in improving digital services, and a much smaller proportion (18%) believe not enough spend has been dedicated to modernisation.

Respondents were also asked to rate their organisation’s investment in emerging technologies, including blockchain, artificial intelligence, predictive analytics and biometrics. 46% of public sector IT professionals believe about the right amount has been invested but over a third (37%) would like to see greater investment. In the financial sector, over half (54%) believe current investment levels are appropriate, but a fifth believe their organisation is spending too much on emerging technologies. A far smaller proportion (23%) thinks too little is being spent.

Fintan Galvin concluded, “It’s clear from our study that finance technology professionals understand the need to drive change. But, they are charged with providing an accessible digital workplace with meaningful results in terms of improving people’s work lives, whilst facing sophisticated security threats. And, there is, of course, pressure to do more with less.

“Organisations need to wake up and realise that enhancing digital capabilities is about enabling people and not the sole responsibility of IT departments. This research highlights a need for widespread buy in, and understanding of digital workplace technologies across organisations, and for proper user training. Without this, transforming the internal and external customer experience, is going to prove impossible.”

The post Sophisticated cyber threats are biggest technology fear for financial and public sector in 2018 appeared first on IT SECURITY GURU.

from Sophisticated cyber threats are biggest technology fear for financial and public sector in 2018

The University of Plymouth helps lead the way for Cyber Security Degree Apprenticeships

University of Plymouth students who have successfully completed the Cyber Security Analyst Degree Apprenticeship pathway will now gain automatic Associate Membership of the Institute of Information Security Professionals (IISP), the not-for-profit body dedicated to raising the standard of professionalism in information security. Plymouth is the first university to be accredited under this new scheme.

The IISP has been working closely with the UK Tech Partnership and other industry and academic bodies for several years to define the criteria for Cyber Security Degree Apprenticeships, which are based on the IISP Skills Framework. The Skills Framework is widely accepted as the de-facto standard for measuring the knowledge, experience and competency of information security and assurance professionals. It is also used by the UK Government to underpin its Certified Professional Scheme and by organisations to develop and benchmark their own in-house information security capabilities.

Prof. Steven Furnell, IISP Fellow and Head of School of Computing, Electronics and Mathematics at Plymouth said, “I am delighted that students from our Cyber Security Analyst Degree Apprenticeship pathway will be able to graduate with such a clear endorsement of how their qualifications and experience are aligned to the needs of the profession.”

Dr Ismini Vasileiou, Programme Lead of DTS Cyber Security Analyst pathway and Equality and Diversity Faculty Chair, added, “It is exciting to be offering apprenticeships at the Higher Education level and working alongside the IISP will ensure that our graduates meet the future qualification and skills requirements to serve the profession. We are also committed to addressing the gender diversity challenges in the industry by attracting more females onto our courses.”

“There are two significant challenges currently facing the cyber security profession: a recognised skills shortage and the fact that almost all current practitioners have come into the profession from other disciplines. We are not building the profession from strong foundations,” said Peter Fischer, a Fellow of the IISP. “Cyber Security Degree Apprenticeships represent a major step towards addressing both challenges. The IISP is keen to support this career path into the industry and the University of Plymouth’s accreditation recognises that on graduation, individuals exceed the rigorous requirements for IISP Associate Membership.”

For more information on the University of Plymouth Degree Apprenticeships, go to:

The post The University of Plymouth helps lead the way for Cyber Security Degree Apprenticeships appeared first on IT SECURITY GURU.

from The University of Plymouth helps lead the way for Cyber Security Degree Apprenticeships

A digital currency for a digital age

Bitcoin is a volatile digital currency that gained a lot of news coverage in the past couple of weeks as it topped $11,000 in value. It has since increased further.

Many outside the digital world would have ignored this, but those of us inside the tech bubble were tuned in to see the rise of the biggest cryptocurrency. However, there is still a large proportion of the population that does not understand bitcoin.

Simply put “Bitcoin is essentially a digital currency for a digital age,” as said by Jake Fox, CEO of Casinopedia. Bitcoin is a digital currency, which is created and stored electronically. There is no physical form for Bitcoin – they are not printed. It is decentralised, meaning it has no central authority or administrator. The details of any transaction, which are conducted peer-to-peer, are made using the currency and is recorded within an online ledger called the blockchain which is continually audited.

To generate Bitcoin, people use computer software to solve mathematical problems and in return can produce Bitcoin. This is referred to as ‘mining’. Even though it is said that only 21 million Bitcoin in total can be mined, in theory, anyone can join the online community and ‘mine’. As the software is open source, the mining activity and overall network can be monitored and regulated to ensure the network remains stable and secure.

To store Bitcoin securely, it is advised that the user acquires a security wallet, with the most common wallets installed either on the user’s desktop or on their mobile device. Each wallet is secured with encryption and accessed with a password.

This, to the everyday person on the street, is completely meaningless and Dr Kevin Curran, professor of cybersecurity at Ulster University believes the problem is “many people simply are unsure how to negotiate bitcoin and believe that for now the risks outweigh the benefits. Buying, selling, storing of bitcoins is still beyond what we can reasonably expect the public to understand.”

However, the attention Bitcoin has attracted of late is helping the currency to rise with those involved viewing it as the latest hot investment to have. Fortunes have been made and more is expected. They will obviously be looking at Bitcoin through rose tinted glasses. Despite this though, many have demanded a degree of caution due to the criminal interest that has surrounded the currency.

The cyber security uncertainty that surrounds Bitcoin is another reason many are sceptical when it comes to investing.

“Naturally, as the value and popularity of the currency rises, we expect more ransomware and ransom denial of service (RDoS) campaigns,” claimed Andrew Foxcroft, regional director for UK, Ireland and Nordics at Radware. “Bitcoin is the preferred currency for cyber criminals on the Darknet and it’s also the currency of choice for extortionists. As bitcoin continues to rise in value, cyber criminals will continue to rely on cryptocurrencies as a means for payment. The wallets and exchanges that house the currency will also be targeted at a persistent rate. In the past, hacktivists groups such as Anonymous launched denial-of-service attacks against PayPal after refusing to process payment for Wikileaks”

No one can truly say whether it is going to surpass currency that is currently being used. The rise of Bitcoin has been labelled as a ‘bubble’ – and a toxic bubble at that – and this has left many scratching their heads as to what the overall outcome will be when the Bitcoin bubble inevitably pops.


The post A digital currency for a digital age appeared first on IT SECURITY GURU.

from A digital currency for a digital age

Nissan Canada Data Breach Affects 1.1Million

1.1 Million people have been notified following an alleged data breach.

View Full Story

ORIGINAL SOURCE: InfoSecurity Magazine

The post Nissan Canada Data Breach Affects 1.1Million appeared first on IT SECURITY GURU.

from Nissan Canada Data Breach Affects 1.1Million

Apple DOES Slow Older iPhones

Following years of rumours, Apple has confirmed it DOES slow older iPhones!

View Full Story


The post Apple DOES Slow Older iPhones appeared first on IT SECURITY GURU.

from Apple DOES Slow Older iPhones

Bitcoin Crashes

Bitcoin value has crashed by 30% just days after reaching an all time high.

View Full Story


The post Bitcoin Crashes appeared first on IT SECURITY GURU.

from Bitcoin Crashes

UK “Ready” for Russian Cyberattacks

Boris Johnson is ready to warn Russia to stop conducting cyberattacks against the UK or face retaliation.

View Full Story


The post UK “Ready” for Russian Cyberattacks appeared first on IT SECURITY GURU.

from UK “Ready” for Russian Cyberattacks

Amateur Hacker behind Satori Botnet

An amateur hacker is likely to be behind the Satori Botnet which scared researchers due to its size.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Amateur Hacker behind Satori Botnet appeared first on IT SECURITY GURU.

from Amateur Hacker behind Satori Botnet

Thursday, 21 December 2017

Five Arrested in Romania for Spreading CTB Locker and Cerber Ransomware

Five suspected hackers have been arrested in Romania, for allegedly distributing CTB Locker and Cerber Ransomware in the US and Europe.

View Full Story 


The post Five Arrested in Romania for Spreading CTB Locker and Cerber Ransomware appeared first on IT SECURITY GURU.

from Five Arrested in Romania for Spreading CTB Locker and Cerber Ransomware

EtherDelta Suspends Service following Suspected Breach

EtherDelta, a popular cryptocurrency exchange, has suspended service after being hit by an attacker, earlier this week.

View Full Story 


The post EtherDelta Suspends Service following Suspected Breach appeared first on IT SECURITY GURU.

from EtherDelta Suspends Service following Suspected Breach

North Korea Suspected of Hacking South Korean Cryptocurrency Exchange

North Korea is being investigated for being involved in hacking a South Korean currency exchange, earlier this week.

View Full Story 

ORIGINAL SOURCE: The Independent

The post North Korea Suspected of Hacking South Korean Cryptocurrency Exchange appeared first on IT SECURITY GURU.

from North Korea Suspected of Hacking South Korean Cryptocurrency Exchange

Wednesday, 20 December 2017

Alert Logic announces results of cybersecurity professionals survey as they celebrate their 3-year anniversary in Cardiff

Alert Logic, a leading voice in the cybersecurity industry providing security-as-a-service solutions for the cloud has found that security professionals are most concerned about the development of advanced threats, in a survey conducted to understand where the industry sees cyber threats moving in 2018.

According to the results, conducted with 400 cybersecurity professionals, 62% cited the detection advanced threats as the most pressing issue facing them as we look towards 2018. Advanced threats are threats which are made up of complex and varied attack vectors, making them some of the most persistent, yet difficult to detect cyber-incidents that security professionals face, because of the combination of methods used by threat actors.

“Advanced cyber threats present the most arduous task for cybersecurity professionals, and the survey results bear this out,” said Oliver Pinson-Roxburgh, EMEA director at Alert Logic. “Cyber attacks are increasingly difficult to detect, as the security threats presented by malicious actors become increasingly bold and sophisticated, particularly when attacking web applications.”

In addition to this, lack of budget, skilled personnel and lack of security awareness amongst employees weighed in as the most significant obstacles facing cybersecurity teams, inhibiting their organisations from adequately defending against cyber threats.

The issue of skilled personnel holding back security protocol is something that Alert Logic have been working as a company to remedy. They recently celebrated the 3rd anniversary of their Security Operations Centre opening in Cardiff. Alert Logic have worked tirelessly to turn Cardiff into a cybersecurity hub, growing its team from 0 to approximately 130 people, providing highly skilled and well-paid IT jobs for both graduates and seasoned IT staff, and increasing the total UK staff to 180.

This has been possible, in part, as a result of the support provided by the Welsh government and close partnerships with the University of South Wales and Cardiff University as part of their efforts to help combat the cyber security skills gap in the UK.

“Alert Logic is a great success story for South Wales,” said Welsh Economy Secretary Ken Skates. “In just three years the company has firmly settled into the region, becoming a significant employer offering high paid specialist jobs. The company is an active member and contributor to the growing Welsh Cyber Security community.”

In addition, when asked about the business impact of security incidents, system downtime was highlighted as having the biggest impact. Interestingly, revenue impact was only cited as a relatively minor factor (16 percent), suggesting that either security teams have evolved their maturity to effectively manage risk or lack full visibility into the downstream business impact of security incidents.

So, whether it’s in establishing new cybersecurity hotspots in the UK, or polling the community for their most pressing issues, Alert Logic is a cyber company with its finger firmly on the pulse, who remain dedicated to improving cybersecurity as an industry, not just in their own business interests.

The post Alert Logic announces results of cybersecurity professionals survey as they celebrate their 3-year anniversary in Cardiff appeared first on IT SECURITY GURU.

from Alert Logic announces results of cybersecurity professionals survey as they celebrate their 3-year anniversary in Cardiff

Tuesday, 19 December 2017

Cyber Attacks have Netted North Korea Millions in Virtual Currency

Researchers say that various recent cyber attacks have successfully made North Korea millions of dollars in virtual currencies, like bitcoin.

View Full Story 


The post Cyber Attacks have Netted North Korea Millions in Virtual Currency appeared first on IT SECURITY GURU.

from Cyber Attacks have Netted North Korea Millions in Virtual Currency

Kaspersky Sues US Government over Ban

Kaspersky has filed an appeal in federal court, to overturn the the Governments ban which blocks its software from being used on civilian government agencies computers.

Read Full Story 


The post Kaspersky Sues US Government over Ban appeared first on IT SECURITY GURU.

from Kaspersky Sues US Government over Ban

US Blames North Korea for this years WannaCry Attack

The US administration believes North Korea is “directly responsible” for this years WannaCry attack, which crippled systems worldwide earlier this year.

Read Full Story 


The post US Blames North Korea for this years WannaCry Attack appeared first on IT SECURITY GURU.

from US Blames North Korea for this years WannaCry Attack

Australia’s Dept of Health Leaks 2.9 Million Patients’ Sensitive Data

Australia’s Dept of Health has accidentally exposed 2.9 million patients’ sensitive data (which includes what medication they are on, pregnancy terminations, surgeries and medical health treatment).

View Full Story 


The post Australia’s Dept of Health Leaks 2.9 Million Patients’ Sensitive Data appeared first on IT SECURITY GURU.

from Australia’s Dept of Health Leaks 2.9 Million Patients’ Sensitive Data

Lastline now integrated with Phantom Security Automation & Orchestration Platform

Lastline, one of the leading voices in the world of advanced network-based malware protection, have announced a partnership and technology integration with Phantom, the leader in security automation & orchestration. Lastline and Phantom customers can now benefit from the visibility and context that only Lastline provides for malware behaviours and suspicious network activity.

“Effective security demands knowledge of every behavior that malware is designed to execute,” noted Rich Hlavka, VP Business Development, Phantom. “Lastline adds value for our customers by delivering the analysis necessary to detect malware, either as it arrives or while it’s operating on a network, before it has a chance to cause a damaging data breach.”

Phantom Playbooks dictate specific activities to be taken under threatening circumstances, such as a user accessing a malicious IP address or the detection of a “bad” file. Lastline technology now can be engaged by playbooks to provide added detail and context. Lastline detects all behaviours engineered into a malicious file or website, detects suspicious network activity and correlates it with known malware behaviours, and provides added context from the Lastline Global Threat Intelligence Network, all of which is available via Phantom Playbooks.

Lastline technology integrated with Phantom’s platform provides critically important details demonstrating Lastline’s best-in-class reputation, demonstrably better detection, ease of integration, and cost effectiveness, ultimately providing the highest possible added value to customers.

“We’re honored that Phantom chose to work with Lastline to support their automated file, URL, and network analysis,” said Brian Laing, Lastline CRO. “As is the case with our many other partners who are leaders in their respective fields, our joint customers with Phantom see Lastline’s technology as a powerful option to detect malware and suspicious network activity, and protect against damaging data breaches.”

Independent third parties have validated the performance of Lastline for detecting advanced malware. NSS Labs’ 2017 Breach Detection Systems Group Test recognized Lastline as the only breach detection offering they have ever tested to achieve 100 percent Malware Detection and 100 percent Security Effectiveness, and the company achieved this two years in a row.

The post Lastline now integrated with Phantom Security Automation & Orchestration Platform appeared first on IT SECURITY GURU.

from Lastline now integrated with Phantom Security Automation & Orchestration Platform

Monday, 18 December 2017

Kaspersky Lab detects 360,000 new malicious files daily – up 11.5% from 2016

The number of new malicious files processed by Kaspersky Lab’s in-lab detection technologies reached 360,000 a day in 2017, which is 11.5% more than the previous year. After a slight decrease in 2015, the number of malicious files detected every day is growing for the second year in the row.

The number of daily detected malicious files reflects the average activity of cybercriminals involved in the creation and distribution of malware. This figure was calculated for the first time in 2011 and totaled 70,000 at that time. Since then it has grown five-fold, and as the 2017 data shows, it is still increasing.

Most of the files identified as dangerous fall into the malware category (92%) and the rest are advertising software which is not considered malicious by default, but in many instances can cause private information exposure and other risks.


Near 10% of all dangerous files detected daily, are identified by Astraea – Kaspersky Lab’s machine-learning malware analysis system, which identifies and blocks malware automatically.

“In 2015, we witnessed a visible drop in daily detections and even started thinking that new malware could be less important for criminals, who have instead shifted their attention towards reusing old malware. However, over the last two years the number of new malware we discovered has been growing, which is a sign that interest in creating new malicious code has been revived. The explosive increase in ransomware attacks over the last couple of years is only set to continue, as there is a huge criminal ecosystem behind this type of threat, producing hundreds of new samples every day. This year, we have also seen a spike in miners – a class of malware that cybercriminals have started to use actively, in light of the ongoing rise in cryptocurrencies. The reason for the increase in detections could also be attributed to the constant improvements we are making in our protection technologies. With every new upgrade, we can identify more malware than before and this could account for a rise in numbers,” says Vyacheslav Zakorzhevsky, Head of Anti-Malware Team at Kaspersky Lab.

Other annual threat statistic highlights of 2017 include the following:

  • Kaspersky Lab solutions repelled 1,188,728,338 attacks launched from online resources located all over the world.
  • Kaspersky Lab’s web antivirus solution detected 15,714,700 unique malicious objects.
  • 29.4% of user computers encountered an online malware attack at least once over the year.
  • 22% of user computers were subjected to advertising programs and their components.

In order to stay protected, Kaspersky Lab recommends the following:

  • Pay close attention to, and don’t open any suspicious files or attachments received from unknown sources.
  • Do not download and install applications from untrusted sources.
  • Do not click on any links received from unknown sources and suspicious online advertisements.
  • Create strong passwords and don’t forget to change them regularly.
  • Always install updates. Big ransomware outbreaks, such as WannaCry and ExPetr have shown that delays in installation of patches can take months.
  • Ignore messages asking to enable security systems for Office software or antivirus software.
  • Use a proper security solution appropriate to your system type and devices.

The post Kaspersky Lab detects 360,000 new malicious files daily – up 11.5% from 2016 appeared first on IT SECURITY GURU.

from Kaspersky Lab detects 360,000 new malicious files daily – up 11.5% from 2016

Cyber security experts warn companies of dangers caused by employees working while on holiday this Christmas

T-Systems (, the corporate IT and cyber-security arm of Deutsche Telekom (Europe’s largest telecoms company), is warning organisations of the security risks associated with allowing employees to work while on their Christmas holiday.

Where employees absolutely must interrupt their festivities to email and work remotely, T-Systems says it is essential those employees have had recent cyber-security training, or they risk compromising business security and confidentiality.

Scott Cairns, the UK head of cyber security at T-Systems, said:

“Time away from our hectic work life should be treasured, not spoilt by an expectation we will respond to work emails and requests. Putting aside the impact on our families, this practice also creates a real cyber-security threat for organisations.

“Our research shows a third of employees use free Wi-Fi at locations such as those at airports, hotels, coffee shops and bars, despite these being insecure and open to communication interception by cyber criminals. Couple this with the widespread practice of employees emailing documents to their private email on their own devices, where security is invariably lower, and you open your organisation to potential attacks.

“Our message to businesses for the holiday season is ‘let your employees enjoy an uninterrupted break’. Strongly discourage them from taking work on holiday, and make sure employees do not feel pressured to work when they should be taking time out.

Our research found that despite the pace at which cyber-attacks are evolving, 66% of respondents had received no up-to-date education within the past twelve months. Nearly 30% of respondents say they have never had cyber security education at any employer.

“Where it is unavoidable, businesses should ensure there is training, and clear guidelines to be followed. Our research shows many employees are not knowledgeable on the multitude of ways their devices can be infected with viruses and malware… and those who thought they were ‘very knowledgeable’ frequently gave the wrong answer when questioned!”


“Training your employees regularly on effective cyber-security practice is probably the single-most effective step organisations can undertake to dramatically reduce their risks of viruses, malware and other common forms of cyber-crime.”

T-Systems’ research was conducted by respected market research agency Censuswide into over 2,000 UK employees.  Its findings include:

  • Nearly a third of employees (31%) use free Wi-Fi hotspots, and nearly a quarter (24%) use them for work-related emails and documents.  These are a big danger area as they are insecure and easy for hackers to clone (getting access to all email and web traffic, including any work documents and passwords)
  • 28% of employees email work documents to and from their personal email, despite this creating numerous security problems.
  • 10% use free USB charging points at airports and stations.  These ports can be used to transfer viruses and malware to unsuspecting users
  • Remarkably 28% of employees have never in their working career had any cyber security training to protect themselves and their employer, as you can see the threats are avoidable


Cyber-security training for all employees is particularly important as the dangers continue when employees come home from their Christmas holiday.  T-Systems’ research found that:


  • 18% of employees admit to connecting their digital camera to their work computer to download photos.  And don’t think that Wi-Fi and Bluetooth connections are safer, viruses and malware can just as easily transfer through wireless connections and then quickly spread through the organisation.
  • 15% admit to connecting USB sticks and memory cards that they share with their family members to their work computer.  A sure way for viruses to quickly spread from home to business.

The post Cyber security experts warn companies of dangers caused by employees working while on holiday this Christmas appeared first on IT SECURITY GURU.

from Cyber security experts warn companies of dangers caused by employees working while on holiday this Christmas

Don’t Let the Naughty Elf Run Off With Your Company Data

Ultima, a leading provider of on-premise and cloud IT infrastructure and managed service solutions, is warning companies today to stop the ‘Naughty Elf’ pinching company data left lying around on obsolete technology over Christmas.


Ultima estimates 85% of companies have a pile of old laptops, hard-drives and even old servers lying around waiting for the Elves to attack; often stashed away in their ‘Room of Doom’ that no one knows what to do with. Under the new GDPR guidelines penalties for data loss are increasing from £500,000 to €20m, or 4% of annual worldwide turnover.


Gordon Esslemont, Commercial Director, Ultima says, ‘Companies that aren’t dealing with their old technology are risking data loss and damage to their brand reputation as well as large fines. We call the rooms that companies store all their old equipment in their ‘Room of Doom’ because potentially if they are breached by unscrupulous people they risk losing critical data, which in extreme cases can end in the company’s demise.


“All companies are potential targets and to ignore old technology piles is not good practice. The 2016 Government Security Breaches Survey found that nearly three-quarters (74%) of small organisations reported a security breach and we know this is only getting worse. A simple way to protect your company from exposure of data loss from old technology is to engage someone to erase and recycle it correctly,” says Esslemont.


Ultima offers, in partnership with N2S, a fully bespoke range of services for data erasure and destruction. The end of life equipment is recycled to comply with the new GDPR data regulations and the EU WEEE Directive. The service extends to not only hard drives, but media devices, tapes and any other device which can hold or store critical data. The service can be tailored to meet the needs of small companies who want to sort out their ‘Room of Doom’ to large data centres that need ‘decommissioning’. Together the firms will have recycled over 1600 tonnes of legacy IT in 2017.

The post Don’t Let the Naughty Elf Run Off With Your Company Data appeared first on IT SECURITY GURU.

from Don’t Let the Naughty Elf Run Off With Your Company Data

Friday, 15 December 2017

Airbus CyberSecurity Predictions for 2018

Researchers at Airbus’ external Cyber Security business have compiled their top technology predictions for 2018, based on trends identified at its Security Operations Centres in France, UK and Germany during 2017.

Prediction 1: A lack of social media security policies will create serious risks for enterprises
As observed during 2017, social media platforms are regularly being used for the spread of fake news or the manipulation of public opinion. But social media can also be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise. Criminals and hackers are known to use these platforms to distribute malware, push rogue antivirus scams and phishing campaigns to lure their victims.
Markus Braendle, Head of the Airbus CyberSecurity business: “Social media provide the medium for connecting people globally, in the rapid exchange of ideas, discussions and debates in our digital world. However, from an attacker’s perspective, social media have become an easy target because of the number of non-cyber security savvy users, and the fact that these platforms are easy and cost effective to use. To protect themselves against social media attacks, organisations need to implement enterprise-wide social media security policies. This includes designing training programs for employees about social media usage, and creating incident response plans that coordinate the activities of the legal, HR, marketing and IT departments in the event of a security breach.”

Prediction 2: Attacks on Wireless networks will escalate
Attacks on Wireless networks will increase as attackers seek to exploit the Key Reinstallation Attack (KRACK) vulnerability, first made public in October 2017.
The vulnerability can allow an attacker to intercept and read Wi-Fi traffic between devices and a WiFi router, and in some cases even modify the traffic to inject malicious data into websites. It could also allow attackers to obtain sensitive information from those devices, such as credit card details, passwords, chat messages and emails.
Braendle continues: “We can expect to see an escalation of attacks over public or open WiFi connections, and in turn, an increased security provision by organisations that offer such services to their customers. Such attacks may be particularly damaging for people using old devices that are no longer supported by vendors, making them an attractive target for cyber criminals. These threats may also trigger an increased use of Virtual Private Networks (VPN) by the most security conscious users.”

The post Airbus CyberSecurity Predictions for 2018 appeared first on IT SECURITY GURU.

from Airbus CyberSecurity Predictions for 2018

Skills shortage or skills wastage? Is your business squandering IT talent?

Businesses are under constant pressure to improve operational efficiency. Overheads are continuously scrutinised, with departments tasked with reducing margins year-on-year, and it is the IT department that is under the most pressure to deliver these efficiencies. Digital transformation is hyped as the answer to deliver increased efficiencies, gain competitive advantage and change, for the better, how businesses interact and communicate with customers and employees. But taking a business on a digital transformation journey is a huge undertaking; an undertaking that requires a skilled IT department to be the chief architects, with lofty expectations placed on them by business leaders.


It has been widely reported in the media that Britain is facing a skill shortage in most science, technology, engineering and maths (STEM) job roles. The UK Commission for Employment & Skills research showed that 43 per cent of STEM vacancies are hard to fill due to a shortage of applicants with the required skills and experience.  But perhaps the issue is not only about the lack of a digitally-skilled workforce. A massive challenge for businesses is to not waste the skills of already-stretched IT teams on simple tasks.


The reality is that while IT talent is hard to come by, many IT departments are burdened with handling avoidable IT issues. At present, IT pros spend too much time handling unplanned activities which inhibits their ability to innovate. According to research from 1E, on average, IT workers spend 29 per cent of every day reacting to unplanned incidents. Based on a full-time work schedule of 1,700 hours per year, this equates to more than 14 weeks a year.


While IT staff may spend an unjustifiably long time reacting to unplanned activities, they are also stretched unnecessarily dealing with IT issues that can, in most cases, be foreseen. Issues such as provisioning and deprovisioning employees are becoming one of the most time-consuming tasks for IT professionals, despite the fact the process can be almost entirely automated.


Recent research from OneLogin, which surveyed more than 605 IT decision-makers with influence over their business’s IT security, revealed that this is certainly the case. OneLogin found half (50 per cent) admitted to not using automated provisioning technology to auto-enrol new employees to the plethora of corporate applications relevant to their position. Of course, businesses are using more apps than ever to enable employees to do their job efficiently and collaboratively. This means that enrolling each new member of staff manually can take valuable time away from an already overworked department.


Businesses are relying on the IT department to revoke access from employees who are leaving an organisation. Once again, this is often a manual practice that takes time and effort for IT teams to manually revoke employee access. Nearly all (92 per cent) of respondents to OneLogin’s study admitted to spending up to an hour on manually deprovisioning former employees from every corporate application. This deprovisioning difficulty may explain why more than a quarter (28 per cent) of ex-employee’s corporate accounts remain active for a month or more.


Allowing former employees’ access to the network opens organisations to the threat of these workers being able to access sensitive corporate data. Half (50 per cent) of respondents are not using automated deprovisioning technology to ensure an employee’s access to corporate applications stops the moment they leave. The reality is that the lack of automated tools utilised across businesses to automate simple admin tasks has impacted IT departments, and continues to have a significant impact on corporate security, and indeed the bottom line.


With the average wage of an IT professional in the UK being in excess of £50,000 a year, businesses must look into ways of avoiding skill wastage in the IT department. Investment into the use of automated tools can benefit corporate security, but can also free up IT teams to unlock organisational efficiencies that have the potential to make a company more profitable and more competitive. For instance, automated deprovisioning of employees from applications that have an application programming interface (API) for user management can improve IT efficiency. Most “birthright” applications that are widely used in companies, such as Office365 and G Suite, have these APIs and can make the deprovisioning process simple.


There is a skills gap in the UK which must be addressed by businesses and government alike. But while top IT talent is a rare commodity, retaining and allowing them to do the job they are trained for must be a priority. In order to do this, businesses must give opportunities to IT professionals to learn and innovate, rather than allocating their time to important, yet time-intensive tasks which could be automated. By utilising the full range of talents IT professionals possess, businesses will reap the rewards of improved efficiency, profitability and staff retention.

The post Skills shortage or skills wastage? Is your business squandering IT talent? appeared first on IT SECURITY GURU.

from Skills shortage or skills wastage? Is your business squandering IT talent?

Druva Reveals 2017 AWS Cloud Data Protection Survey

Druva, the global leader in cloud data protection and management, today announced the results of its Druva 2017 AWS Cloud Data Protection Survey, which reveals a disconnect between the perceptions of cloud data protection and its reality. The survey solicited insights from IT professionals across 20 industries, including technology, energy, financial and healthcare, regarding the state of Amazon Web Services (AWS) cloud adoption, enterprise secondary storage, data protection and archiving needs.


According to results, one of the biggest benefits seen from those who have already moved their data to the cloud is cost savings (59 per cent); yet 49 per cent of respondents who are considering a move cite cost as the number one barrier. This paradox is indicative of a larger misconception about the capabilities of cloud technology. Despite rising confidence in durability and availability of company data in AWS, concerns remain around storage and usage costs.


“Although cloud migration has increased significantly in recent years, we still see a disconnect between perceptions of the cloud and its reality,” said Dave Packer, vice president of product and alliance marketing at Druva. “The misconception persists that the cloud is too expensive for storing data, and IT professionals fear rising costs as data grows and duplicates across the enterprise. However, organisations that have already leaned into transitioning to the cloud have realised that by fully embracing vendors providing truly cloud-native technology, both costs and scale can be optimised – and they have greater security and control over their data, regardless of where it resides.”


Key findings of the Druva 2017 AWS Cloud Data Protection Survey include:


  • Heightened adoption of cloud-based data protection. A strong trend is emerging with the majority of respondents (54 per cent) indicating that their organisations are leveraging the cloud for data protection.
  • IT professionals bothered by egress costs. The majority of respondents have a negative stance on egress costs, with 43 per cent calling them a “necessary evil” and 29 per cent deeming them “annoying, unnecessary additional charges.”
  • Strong concern for compounding costs as data grows and expands across multiple sites. Results showed that 59 per cent of respondents were concerned about the growing cost attributed to duplicate and growing data. Additionally, about 62 per cent of respondents expressed concern about the compounding data protection costs that they may incur as a result of having multiple sites.
  • Cost savings as the primary expectation for moving to the cloud. Conversely, about 59 per cent of respondents listed cost savings as the most anticipated benefit of moving to AWS, with simplicity and improved security as the second and third primary drivers.
  • Confidence in ability of the cloud to recover data. Seventy-two per cent of respondents indicated a very strong level of cloud adoption interest based on their higher confidence levels in the ability to recover data from the cloud.


Druva conducted its Druva 2017 AWS Cloud Data Protection Survey in November 2017 to better understand how organisations are utilising the AWS service for secondary storage, data protection and archiving. This year’s survey was completed by over 140 IT professionals from multiple industries around the globe.


Download the Druva 2017 AWS Cloud Data Protection Survey Business Brief and accompanying infographic for the full results.


About Druva

Druva is the global leader in Cloud Data Protection and Management, delivering the industry’s first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence–dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it.


Druva’s award-winning solutions intelligently collect data, and unify backup, disaster recovery, archival and governance capabilities onto a single, optimised data set. As the industry’s fastest growing data protection provider, Druva is trusted by over 4,000 global organisations, and protects over 40 PB of data. Learn more at and join the conversation at


The post Druva Reveals 2017 AWS Cloud Data Protection Survey appeared first on IT SECURITY GURU.

from Druva Reveals 2017 AWS Cloud Data Protection Survey

Protecting data against attacks – cyber and otherwise.

Passwords are continuously being stolen and sold on the Internet for profit. This is leading to larger and more dangerous attacks, with a range of high-profile companies suffering from data breaches.

Experts have estimated that over 300 billion username and password combinations will be at risk of being hacked, stolen and sold on the dark web by 2020. LinkedIn, for example, have reported that over 117 million email and password combinations were stolen and sold on the dark web between 2012 and 2016. Similarly, Yahoo reported that over 1 billion passwords had been stolen since 2013. These companies are not alone, as data breaches have also been reported by other Internet giants, including Dailymotion, Tumblr and Dropbox.

The widespread recognition of the value and growth of Big Data has led to corporate data becoming more valuable to hackers as well as companies that hold it. IT administrators must continue to look for methods to protect their organisations from an increased threat to their data, particularly with a spotlight on how companies plan to secure their customers’ data long-term and increasing pressure from the fast-approaching GDPR set to come in next year.

The ‘CIA’ approach – Confidentiality, Integrity, Availability – is regarded as paramount in data security. Of these, perhaps the most important component is ‘Availability’. The key to ensuring data protection is the ability for the right people to have access to the right data at all times. Availability also means all hardware must be constantly maintained and updated as and when needed. Denial-of-service or Distributed-Denial-of-Service (DDoS) attacks are becoming more frequent, requiring a sufficient level of availability to counter them.

Unfortunately, these sorts of measures are becoming increasingly necessary because the sources of intrusions have multiplied. Antivirus software is created to detect and defend from older viruses, but is ineffective against new virus software. As a result, it is becoming more difficult to protect software from newer intrusions.

Because we can no longer rely solely on computers, businesses and individuals must become more proactive in defending from viruses to protect themselves from cyber-attacks. Faults and configuration errors in terminals or applications could result in a loss of confidential data, and a network administrator must be able to intervene before the firewall breaks down.

Individuals and businesses must become increasingly aware of the cyber-risks and security data in the growing trend of BYOD (Bring Your Own Device). 71% of employees use personal devices for professional purposes, according to the Observatory of HR and e-transformation. An increase in demand for employee and consumer mobility and availability has led to companies allowing access to personal devices in or for work.  Potential cyber security risks that have been allowed access to a larger IT network include laptops, smartphones, USBs and external hard drives. Users are often unaware of the dangers their personal devices could inflict on the network, and it is therefore essential to have solutions capable of automatically detecting the connection of any new device to the company network.

Nevertheless, there are also ‘physical’ risks to data. Data centres are at risk from fire, flooding and overheating, which an antivirus would not be able to detect or prevent. Therefore, to protect data there must also be sensors to detect movement, humidity and heat to alert people of potential dangers. Human surveillance must also be part of a company’s policy to protect data, as the effects could be just as devastating.

There are ways to continue to guard against these constant physical and cyber-threats, but we must remain vigilant. Administrators must have access to an overview of the network to effectively supervise it. An effective IT monitoring solution will require an amalgamation of multiple key indicators and security tools in one, simple, customised dashboard. The administrator will then have an overview of existing and newly connected devices on the network, which will help to detect abnormal activity or intrusion from outside influences, both cyber and physical.

Detection will include from peak of affluence, sudden loss of the entire memory and suspicious activity in email traffic. An administrator will be able to anticipate any other possible malicious intrusions, ensuring optimal data activity is upheld at all times. A network monitoring tool effectively provides a panoramic view of the IT infrastructure. An administrator will ultimately be prepared for an attack on the system, rather than trying to defend against a data breach.

The post Protecting data against attacks – cyber and otherwise. appeared first on IT SECURITY GURU.

from Protecting data against attacks – cyber and otherwise.

Thursday, 14 December 2017

Attackers turn sights on healthcare websites

Healthcare IT specialists take note: Websites in this critical market became the most highly attacked of all sectors in third-quarter 2017, registering 1,526 incidents per day on average. That’s nearly a third higher than the next favorite target, finance, which averaged 1,014 incidents per day, while technology takes the third spot with 660. Those are among the topline findings in the Q3 2017 web application attack report from Positive Technologies, a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.


Interestingly, Local File Inclusion accounted for a high percentage of attacks in this sector: 33.3%, far above the average seen across all sectors (10%). This technique is often used by hackers to hijack web applications and host malicious files on trusted websites with the specific goal of spreading malware. A similar attack was used in October to distribute Bad Rabbit ransomware through a fake Flash Player download from media sites.


Positive Technologies’ research analysts believe the attackers are determined to abuse the trusted status of healthcare websites, which has a domino effect—the types of vulnerabilities exploited often lead to malicious files being placed on visitors’ machines, which can then lead to data theft or worse. Analysts also found that it took three days on average to begin exploiting a vulnerability after publication, but there are certainly exceptions.  For example, after the details of the Optionsbleed vulnerability in Apache web servers were revealed, it took only three hours for first exploit attempts to begin.


The most widespread attack in Q3 was SQL Injection (25.5 percent), which allows a successful intruder to obtain unauthorized access to sensitive information or execute OS commands. Cross-Site Scripting came in second (22.7 percent) and these two methods accounted for almost half of all attacks against web applications monitored in this period. In addition to the focus on healthcare, the percentage of Local File Inclusion attempts increased across the board to 10 percent. Compared to the previous quarter, the number of high-severity attacks – such as Remote Code Execution and OS Commanding (8.2 percent) – also doubled. These tactics give an intruder the chance to obtain full control over a server with a web application.


The report also shows that web applications, on average, were hit by 500-700 attacks per day, and only rarely dipped below 200. The data also shows that hackers did their best to leverage opportunities that offered greater benefits. For example, they launched attacks not only on workdays but also on weekends. The maximum number of attacks per day reached a high of 4,321, with attack intensity rising in both daytime and evening hours.

The post Attackers turn sights on healthcare websites appeared first on IT SECURITY GURU.

from Attackers turn sights on healthcare websites

Increased cyber security investment will be needed to address a number of critical challenges in 2018, warns BOHH Labs

According to the latest research from Gartner, spending on information security services will reach $93 billion in 2018, an increase of eight per cent from 2017. Cybersecurity expert Simon Bain from BOHH Labs suggests that this increased investment will be required to address a number of critical challenges in the year ahead. This includes rising website attacks, chatbot technology threats and the need for greater cyber security awareness at board-level.


Bain discusses: “Addressing ongoing cyber security threats represents a challenge for any organization both practically and financially, and 2018 will unfortunately be no different. Looking ahead, there will be several notable issues that firms will need to strongly prepare for:


Company website attacks

“One of the type of attacks that we will see gain more traction in 2018 is the website attack. With the growing use of online services (checking accounts, merchant accounts and Point-of-Sale (POS) systems, etc. now going through the web) the risk of attacks is large and has the potential to affect any institution using these services, as it opens access to institutions’ backend databases, document stores and applications all within easy reach.


“This type of attack is very hard to find, but it is incredibly easy for attackers to undertake. Because an attacker can gain access to the website via high jacking a user’s request, and then by simply making a small change to the code to redirect payment information their way while not stopping the  correct path of the request, it makes it easy for attackers to get access to critical data without alerting any red flags.


“Critically, the website is no longer just a marketing tool. It has become a business tool, and as such, it now needs to be properly protected from attacks and placed inside a firewall, and preferably completely encrypted, so that attackers are unable to change, manipulate and delete code to their advantage.


Growth and adoption of chatbot technology

“The growth in the business use of chatbots will continue to increase based on their interactive nature and their capabilities to complement existing call centre activities by taking away mundane tasks. However, with their interactive capabilities and the ability to use location services to reserve a table in your proximity and even order an item such as a coffee, it is becomingly increasingly important that all chatbot transports are secure. Similar to website data breaches, should intrusion attacks penetrate the chatbots, user trust will be lost as well as the possible loss of confidential data.


Cyber security awareness at a senior level

“We all know security breaches are a big deal, so why aren’t more board of directors versed in the area? As the oversight of an organisation’s value and growth, it’s critical for security to become a business priority and an integral part of their organisations’ daily operations. This means a companies’ cybersecurity activities must hold as much weight in decision-making in the same way as they do in the financial ones. As such, in 2018, we will see NASDAQ advise more security experts to join companies’ boards, so they can help companies navigate to better long-term performance and success.”


Bain concludes: “In addition to those noted above, other points of interest to impact the security landscape in 2018 will be the continued rise of blockchain technology, particularly its influence amongst financial services, the proliferation of IoT attacks, as well as the impending arrival of GDPR. Much like 2017, the year ahead will be challenging and it’s imperative that organisations make the right preparations by investing their security budgets wisely, to protect their businesses.”

The post Increased cyber security investment will be needed to address a number of critical challenges in 2018, warns BOHH Labs appeared first on IT SECURITY GURU.

from Increased cyber security investment will be needed to address a number of critical challenges in 2018, warns BOHH Labs

Half of IT professionals question the safety of their personal data, Kaspersky Lab research finds

IT decision makers across Europe are worried about how many organisations can access their personal data and have low levels of trust in the IT security capabilities of their industry peers.. These are key findings from Kaspersky Lab’s study, “From overwhelmed to empowered, the IT department’s journey towards good data health”, which reveals that only half (55 per cent) of IT professionals have faith that other organisations are looking after their personal data properly. This shows an alarmingly low level of trust from a security savvy audience, at a time when personal data protection is coming under increased scrutiny.

With the General Data Protection Regulation (GDPR) becoming enforceable in around six months (in May 2018), Kaspersky Lab undertook the study to find out more about the pressures IT decision makers are under to get data protection right, and their abilities to do so.

The Europe-wide survey of technology professionals uncovered strong personal feelings about data protection that raise question marks over how organisations commonly deal with the personal data in their care. Despite a large majority of respondents (73 per cent) saying that the security of their private data is important, two-thirds (64 per cent) are worried about how many organisations have access to their personal information. Even more (67 per cent) are concerned about their personal information being hacked into.

IT decision makers are more likely to be aware of the dangers to personal data, because they see how it is being treated on a day-to-day basis – giving significant weight to any concerns they might have. The research found that one-in-three (32 per cent) are not confident that their own organisation can successfully demonstrate how, and from where, the personal data it holds is sourced – which could have severe consequences under the terms of the GDPR. This lack of faith in good data governance also makes IT decision makers worried about the fate of their own data, in the hands of other organisations, and harbours fears around loss or hacking.

Despite this, some parts of Europe show higher levels of trust and confidence among IT professionals than others. For example, three-quarters (76 per cent) of IT decision makers in France trust organisations to protect their data. This is compared to 56 per cent in the UK and just 48 per cent in Germany.

“Given they deal with the challenges of data security as part of their daily role, it is perhaps no surprise that IT professionals feel strongly about personal data protection. They see threats from all directions and are acutely aware of the repercussions of a security breach,” commented Adam Maskatiya, general manager at Kaspersky Lab UK.

“However, it is concerning to see that their experiences have led to them losing faith in organisations and their peers. This clearly indicates that there is a long way to go before businesses are actually treating the data in their care with the respect it deserves – and before the GDPR deadline hits.”

The study questioned over 2,000 IT decision makers in organisations with more than 50 employees. The research was conducted in the UK, France, Germany, Italy, Spain, Belgium, Netherlands, Portugal, Sweden, Denmark and Norway.

The post Half of IT professionals question the safety of their personal data, Kaspersky Lab research finds appeared first on IT SECURITY GURU.

from Half of IT professionals question the safety of their personal data, Kaspersky Lab research finds

Wednesday, 13 December 2017

Lastline Announces Threat Intelligence Team

Malware protection company Lastline has announced the creation of the Lastline Threat Intelligence Team, comprised of cybersecurity experts who will be focused on analyzing and reporting on cyberattacks. The team will deliver unprecedented and timely analysis of new malware-based attacks, and trend reports and insights based on the company’s expansive data on prior attacks and detailed malware behaviors.

“Cybercriminals continually reinvent their attacks, making timely detection and analysis essential to effective protection against network breaches,” commented Lastline CEO and Co-founder, Chris Kruegel. “By creating this new team, we will unlock the patterns, trends and insights in our compilation of every attack and piece of malware detected and analyzed by our customers and partners, and speed the dissemination of specific behaviors engineered into a new piece of malware so enterprises can quickly bolster defenses and protect their networks, intellectual property, employees, and customers.”

The team will consist of seasoned professionals with deep expertise in security and malware-based threats. While the team will grow over time, the initial members are:

Dr. Stefano Ortolani – Dr. Ortolani joined Lastline in January 2015 as a security researcher in the Data Analytics team, and is now director of threat intelligence. Prior to Lastline, he was at Kaspersky Lab, where he fostered operational engagements with CERTs, governments, universities, and law enforcement agencies, as well as conducted research of the global threat landscape and led the development of incident response for key enterprise accounts. Dr. Ortolani earned his Ph.D. in Computer Science from the VU University Amsterdam.

Andy Norton – For over 20 years prior to recently joining Lastline’s Threat Intelligence team, Mr. Norton helped to create emerging security technologies at Symantec, Cisco and FireEye. As part of his role, he researched cyberthreats and presented intelligence briefings for the Bush and Obama administrations, the UK Cabinet Office, the UK Foreign and Commonwealth Office, SWIFT, the Bank of England, The Hong Kong Monetary Authority, and NASA. He also has guided FTSE 250 companies’ strategies for measuring, managing and responding to cyber incidents.

Lastline Breach Defender™, the company’s flagship product, provides a dynamic blueprint of a breach as it unfolds across a network, informed by unprecedented understanding of malware behaviors captured in the Lastline Threat Intelligence Network. The new Threat Intelligence Team’s research and investigations will further inform the context of a breach, and their mining of the Threat Intelligence Network will yield previously unrecognized malware trends and threat insights.

The post Lastline Announces Threat Intelligence Team appeared first on IT SECURITY GURU.

from Lastline Announces Threat Intelligence Team

WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume

WatchGuard’s latest quarterly Internet Security Report, which explores the  computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises, has revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017.

Scripting threats, includimg JavaScript and Visual Basic Script attacks, accounted for 68 percent of all malware during Q3, while total malware instances spiked by 81 percent this quarter over last, with more than 19 million variants blocked in Q3. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasising the importance of layered security and advanced threat prevention.

“Threat actors are constantly adjusting their techniques, always looking for new ways of exploiting vulnerabilities to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “This quarter, we found that script-based attacks – like the fake Python library packages discovered in September – appeared 20 times more than in Q2, while overall malware attacks shot through the roof. Staying vigilant regarding these developments is half the battle. Every business can better protect themselves and their stakeholders by employing multiple layers of protection, enabling advanced security services and monitoring network logs for traffic related to the top threats mentioned in this report.”


WatchGuard’s Internet Security Report examines the modern threat landscape and delivers key data, educational guidance and in-depth research to help readers understand the latest attack trends and update their defences. Other findings from the Q3 2017 report include:


  • Cross-site Scripting (XSS) attacks plague web browsers, spreading internationally. XSS attacks, which allow cyber criminals to inject malicious script into victims’ sites, continue to grow at a measured pace. Previous reports detailed XSS attacks against Spain alone, but in Q3, XSS attacks broadly affected every country.


  • Legacy antivirus (AV) only missed 24 percent of new malware. Over the past three quarters, signature-based AV has missed malware at increasing rates, peaking at almost 47 percent in Q2. But this quarter was a marked improvement with only 23.77 percent of new or zero day malware able to circumvent AV. While this data is encouraging, behavioral detection solutions are still the most effective way to block advance persistent threats.


  • Suspicious HTML iframes surface everywhere. Attackers are continuing to evolve how they leverage the HTML iframe tag to force unsuspecting victims to suspicious and often malicious sites. While potentially malicious iframes showed up everywhere, including the U.S. and Canada, their numbers jumped significantly in both the UK and Germany.


  • Authentication is still a big target. Though not as prevalent as in Q2, attacks targeting authentication and credentials such as Mimikatz, returned in a big way this quarter. Aside from Mimikatz, brute force web login attempts were also highly visible, proving that attackers are continuing to target the weakest link – credentials.


WatchGuard’s Internet Security Report is based on anonymised Firebox Feed data from nearly 30,000 active WatchGuard UTM appliances worldwide, which blocked more than 19 million malware variants and 1.6 million network attacks in Q3. The complete report includes defensive strategies for responding to the latest attack trends, based on analysis of the quarter’s top malware and network threats. The report also examines the growing trend of supply chain attacks by evaluating the most notable instances from Q3 – NetSarang, Ccleaner and fake Python packages.


WatchGuard Threat Lab’s latest research project – a detailed analysis on Q3 phishing trends – is highlighted in the report as well. This project features email spam and malware data captured by the team’s “Artemis” honeynet, which is now publicly available on GitHub for download and use.

The post WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume appeared first on IT SECURITY GURU.

from WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume

CyberArk Survey: 50 Percent of Organisations Did Not Disclose Data Breaches to Customers

According to a new CyberArk survey, half of organisations (50 percent) did not fully inform customers when their personal data was compromised in a cyber attack. With enforcement of the General Data Protection Regulation (GDPR) anticipated for May 2018, organisations that do not take action to improve transparency associated with breaches will face substantial consequences.


The findings are included in the second installment of the CyberArk Global Advanced Threat Landscape Report 2018.  This report, “The Business View of Security: Examining the Alignment Gap and Dangerous Disconnects,” reviews business leaders’ views of IT security and misalignment with IT security leaders that can put organisations, and their customers, at risk.

Additional key findings include:

  • Security concern does not translate into accountability 
    • 46 percent of security respondents say their organisation can’t stop every attempt to break into their internal network
    • 63 percent of business respondents are concerned that their organisation is susceptible to attacks, like phishing, targeting the executive team
    • Despite this high level of concern, 49 percent of business respondents report not having sufficient knowledge about security policies, and 52 percent do not understand their specific role in response to a cyber attack
    • Worryingly, 33 percent of security professionals surveyed also claimed not to have adequate knowledge of – presumably their own – security policies


  • Gaps in security best practices persist
    • 42 percent of line of business respondents say they store passwords in a document on a company PC or laptop
    • 21 percent of line of business respondents still record credentials in paper notebooks or store them in filing cabinets
    • 31 percent of security professionals surveyed still do not use a privileged account security solution to store and manage privileged and/or administrative passwords
  • Trust in security is at the core of commercial relationships
    • Similarly, 44 percent of business respondents say potential partners assess their organisation’s security before doing business with them
    • 51 percent of organisations provide third-party vendors remote access to their networks and, of this group, 23 percent fail to monitor remote vendor activity


“Unfortunately, it’s not uncommon for organisations to want to hide the extent of damage caused by cyber attacks. As we’ve seen in data breaches at Yahoo!, Uber and more, these organisations are either intentionally hiding initial details, or the attacks were more extensive than first thought,” said David Higgins, Director of Customer Development, EMEA at CyberArk. “This sort of behaviour will have massive consequences in the coming year with enforcement of GDPR fines for lack of compliance. What’s also surprising about this survey is the persistence of rampant poor security best practices and lack of consistency across line of business and IT security leaders – despite strong awareness of risks and continued headline-generating cyber attacks.”


The 11th Annual CyberArk Global Advanced Threat Landscape Report 2018 will be released in three parts. The first installment was a “Focus on DevOps.” These findings are from part two, focusing on business leaders’ view of IT security. The survey was conducted by Vanson Bourne in autumn 2017 amongst more than 1,300 IT security decision-makers, DevOps and app developer professionals and line of business owners, across seven countries worldwide.

The post CyberArk Survey: 50 Percent of Organisations Did Not Disclose Data Breaches to Customers appeared first on IT SECURITY GURU.

from CyberArk Survey: 50 Percent of Organisations Did Not Disclose Data Breaches to Customers

Threat Intelligence: Music or Noise?

During my college days, I played guitar in a band and it was rarely easy. Practicing in my bedroom so that I could learn how to play the song correctly was difficult, but with time I sounded pretty good. However, delivering that same song in a harmonious way when playing with the entire band was another story. We had to adjust a lot in order to create the perfect sound, and so we spent a lot of time disagreeing on details. Fortunately, we had a strong band leader who was able to make decisions and define a clear direction.


There are a lot of similarities between threat intelligence and the music world. Threat intelligence is made up of multiple, aggregated threat data points (music notes) turned into relevant intelligence for your organisation (your own music track). This music track should represent your own way of building and consuming threat intelligence in order to combat the threats that matter most to your organisation in a holistic and synchronised way. Each organisation should play its own music track and nobody can write it for you. It has to come from your own internal artists, even if they are inspired by others most of the time.


The main challenge today in creating this music track stems from the fact that your musicians are organised in silos (the CSIRT, SOC, Risk Management, Vulnerability Management, Endpoint, Perimeter team, etc.). Each of these teams plays a different instrument which is supposed to add beauty to your music, but they all gather their music sheets from their own sources in various formats and rhythms and start playing without considering the band.


At the end of the day, you get noise and inefficiency.


Threat Intelligence Platform is designed to aggregate the music notes coming from all available sources (external inspiration and internal touch), ingest all possible music sheets from any format and rhythm, and then turn these raw notes into one unique music track to be played by the entire band with your own arrangements. This music track evolves in real time as relevant threats are a moving target modified daily by your own threat detection and feedback. The Threat Intelligence Platform also ensures that all musicians receive in the real time the specific music sheet they need for their instrument (SIEM, IR Ticketing, Web Proxy, EDR, etc.). Much like our band leader did for our band back in college, with a threat intelligence platform your band can play harmonious music, efficiently.


The post Threat Intelligence: Music or Noise? appeared first on IT SECURITY GURU.

from Threat Intelligence: Music or Noise?

Tuesday, 12 December 2017

HP quick to issue updates following keylogger flaw

HP HAS has released updates for their products which removes a keylogger that was accidentally left in place within the driver for the touchpad.

View Full Story


The post HP quick to issue updates following keylogger flaw appeared first on IT SECURITY GURU.

from HP quick to issue updates following keylogger flaw

Impersonation attacks feared more than malware attacks

According to the latest stats from Mimecast’s recent Email Security Risk Assessment (ESRA) Report, many organisations fear impersonation attacks more than malware attacks.

View Full Story


The post Impersonation attacks feared more than malware attacks appeared first on IT SECURITY GURU.

from Impersonation attacks feared more than malware attacks

Russian cyber group linked to $10m robbery

MoneyTaker, a Russian-speaking hacking group has reportedly stolen $10m from global banking targets around the world during a two-year span.

View Full Story


The post Russian cyber group linked to $10m robbery appeared first on IT SECURITY GURU.

from Russian cyber group linked to $10m robbery

1.4 billion exposed after database of usernames and passwords found on Dark Web

It has been discovered by security researchers that a database containing 1.4 billion user names and passwords is floating on the Dark Web.

View Full Story


The post 1.4 billion exposed after database of usernames and passwords found on Dark Web appeared first on IT SECURITY GURU.

from 1.4 billion exposed after database of usernames and passwords found on Dark Web

Security Professionals say nothing has changed since WannaCry and NotPetya

Given the severe devastation WannaCry and NotPetya caused to organisations around the world, you would have thought investment and interest into beefing up defences would have increased? Well not according to the latest research by AlienVault.

Having surveyed 233 IT professionals globally about how their roles have changed following these high-profile attacks, just 16% of IT security professionals believe that their bosses and company boards have taken a greater interest in their roles as a result of the WannaCry and NotPetya cyber-attacks of 2017

It was also found that 14% have had their budgets for cyber security increased, and only a fifth (20%) have been able to implement changes or projects that were previously put on hold.

The findings follow a separate research report from PwC which found that UK businesses have cut their cyber security budgets by a third, compared to the same point last year.

Javvad Malik, security advocate at AlienVault, explained: “WannaCry and NotPetya are generally believed to have marked a turning point in cyber awareness, but the reality on the ground paints a different picture. Destructive malware poses existential threats to companies across all industries and can no longer be ignored. To improve our cyber resilience, corporate strategy needs to be developed that covers how to plan for, detect, mitigate and recover from such destructive attacks.”

Increased workloads

Worryingly, 13% of IT professionals whose organizations were affected by WannaCry or NotPetya felt that they were blamed for their organizations falling victim. As a result, many IT teams have worked hard to strengthen their organization’s cyber security in the wake of these attacks. Two-thirds (66%) are more up-to-date with patching than they were previously, and half (50%) say that they are now using threat intelligence more regularly, to stay ahead of emerging threats. In addition, 58% carried out a review of their organization’s cyber security posture following the attacks.

Javvad Malik continued, “Working life has become much more difficult for many IT professionals in the wake of these attacks. But the preventative measures that many are engaged in, such as patching and security reviews, points towards a panicked reaction from management tiers. Given the unpredictable nature of today’s security environment, organizations should focus their efforts on detection and response.”

Changing perceptions

The research also explored whether IT professionals have noticed any changes in the way others treat them, following the high volumes of media attention around WannaCry and NotPetya. Almost a quarter (23%) reported that their family and friends are more interested now in hearing about their work. In addition, 28% believe that most people in their organizations listen to their IT advice more than they did before.

However, despite the widely reported IT security skills shortage, just 10% of those surveyed have experienced an increase in job offers, or managed to negotiate a pay increase, following the attacks.

Javvad Malik continued, “The IT security profession remains a very tough place to work, where resilience is the key to success – particularly if you are blamed in the event of your company suffering a security incident.”

The post Security Professionals say nothing has changed since WannaCry and NotPetya appeared first on IT SECURITY GURU.

from Security Professionals say nothing has changed since WannaCry and NotPetya