Tuesday, 31 January 2017

Malvertising Rises 132% in 2016 Over 2015, Says RiskIQ Research

RiskIQ, the leader in digital threat management, today released its annual malvertising report which indicates a sharp spike in malvertising in 2016, a digital threat that has become increasingly challenging for organisations to detect and mitigate. Delivered through ad networks such as Google and Facebook, threat actors use malvertising to propagate malware, ransomware, and scams (disingenuous advertising), as well as redirect victims to phishing pages and pages hosting exploit kits.

“Malvertising is so nefarious because it’s a direct attack on the lifeblood of the internet as we know it. Digital media marketing is what funds the ‘free’ websites we all know and enjoy online. The success of the internet and all the people that rely on it is inextricably linked to online advertising success and safety,” said James Pleger, threat researcher, RiskIQ. “Publishers, ad platforms, and ad operations teams need active visibility, forensic information, and mitigation capability to enable them to effectively detect and respond to malicious ads in the wild.”

Key findings in the report include analysis data on the following malvertising characteristics:

  • 132.6% Increase in total malvertisements
  • 1,978.9% Increase in redirections to phishing pages
  • 845% Increase in scam detections
  • 22% Increase in antivirus binary injections
  • 25.8% Increase in malicious distribution systems
  • 58% Increase in scareware and browser lockers

According to a report compiled by eMarketer[1], the worldwide paid media market, which accelerates every year, recently hit more than half a trillion dollars, and worldwide paid media spending is expected to reach $674 million by 2020.

“Malvertising threatens this online marketing growth,” James said. “For example, users wary of malvertising will block all ads, hampering the success of the digital advertising industry. By the end of 2017, 14.7 million people in the UK will be using ad blocking software*.”

RiskIQ mitigates the risk for digital advertisers and publishers through the company’s curated blacklist of malicious ads, intelligently scanned from over 2 billion pages and nearly 20 million mobile apps per day. This proprietary blacklist lets ad ops, brand managers, and security staff vet new demand sources and prevent malware within their ad infrastructure. The company’s advanced crawling infrastructure, which allows it to capture the entire ad, ad redirect chain, and creative sources, indicates which part of the ad-serving process was compromised and helps it identify the entity responsible.

[1] https://www.emarketer.com/Article/Worldwide-Ad-Spending-Growth-Revised-Downward/1013858

The post Malvertising Rises 132% in 2016 Over 2015, Says RiskIQ Research appeared first on IT SECURITY GURU.

from Malvertising Rises 132% in 2016 Over 2015, Says RiskIQ Research

Irregular application testing leaves NHS trusts vulnerable to cyberattackers

Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, has released new research revealing nearly half (45%) of NHS trusts scan for application vulnerabilities just once a year, with less only 8% doing so on a daily basis. This potentially leaves them with outdated software and at an increased risk of a cyberattack, potentially exposing patient data to the wrong hands. 

The new findings were gleaned from a Freedom of Information (FoI) request submitted to 36 NHS trusts, with 27 responding. The responses also revealed half (50%) of health trusts also only scan web perimeter apps once-a-year as well, leaving patient data at risk of cyberattacks through legacy websites and third-party plugins. 

There are some promising results, however, with the request also revealing that 12 percent of trusts scan web application perimeters daily, demonstrating a growing awareness of the role application security plays to safeguard sensitive patient data.  

 These findings coincide with the recent Veracode State of Software Security report, which revealed healthcare as an industry once again has the lowest vulnerability fix rate globally, with the second-lowest OWASP pass rate and the highest prevalence of cryptographic and credentials management issues.

 The report presented metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months, revealing that two-thirds (67%) of healthcare applications failed OWASP policy compliance. 

The below percentages detail the prevalence of high profile vulnerabilities within the global healthcare industry, based on first-time application scans: 

·         Cross-site: 45.4%

·         SQL Injection: 28.4%

·         Cryptographic credentials: 72.9%

·         Scripting issues management: 47.7% 

The NHS was also one of the worst performing sectors in terms of the number of data breaches reported to the ICO last year, contributing to 64% of the total figure in the April 2015-March 2016 period. 

The Health Secretary Jeremy Hunt has also recently announced that data from approved health apps will now feed directly into personal health records, with the NHS website soon to allow patients to book appointments, access medical records and order prescriptions. Indeed, he has called for the NHS in England to be paperless by 2018.

 “In light of recent ransomware and other cyberattacks on healthcare organisations, the industry’s low scores on these application security benchmarks is troubling,” said Paul Farrington, Manager, EMEA Solution Architects, Veracode.

 “Our new research certainly raises fresh concerns regarding the safety of patient information here in the UK, as well as across the globe. There appears to be a lack of emphasis on application and web app scanning within the NHS, which could put trusts at an increased risk of losing patient data to hackers. 

“The Information Commissioner’s Office has the authority to fine trusts up to £500,000 for data breaches, so there’s even more of a reason for trusts to ensure they’ve placed an emphasis on their cyber hygiene. With hospitals correctly demanding rigorous sterilisation of surgical instruments and cleanliness from staff to fight the risk of infections spreading, the same should be considered when assessing their digital cleanliness to defend against the growing – and changing – threat of cyberattackers.”

The post Irregular application testing leaves NHS trusts vulnerable to cyberattackers appeared first on IT SECURITY GURU.

from Irregular application testing leaves NHS trusts vulnerable to cyberattackers

Positive Technologies discovers security vulnerability in data center monitoring system that could allow remote access to unencrypted passwords

Positive Technologies has discovered a critical vulnerability in Schneider Electric StruxureWare Data Center Expert. The product from Schneider Electric, designed to monitor physical infrastructure at data centers, is used by banks, media corporations, circuit board manufacturers, insurers, medical centers, and other companies to manage the functioning of everything from cooling to backup generators at data centers.

The vulnerability is rated 7.6 on the CVSS v3 scale, a high score that reflects the ability of an outsider to obtain remote access to sensitive information found in critical data center support systems that are connected to StruxureWare Data Center Expert. An attacker can recover passwords from RAM on the client side of the platform, where they are held in unencrypted form.

“A hacker could use this flaw to penetrate the internal network at a data center, obtain confidential information, or even cause physical harm,” said Ilya Karpov, Head of the ICS Research and Audit Unit at Positive Technologies. “Data Center Infrastructure Management (DCIM) platforms have the ‘keys to the kingdom’ at a data center, since they are connected to all installed systems. A vulnerability such as this threatens the functioning of critical systems on which data centers depend: video surveillance, fire suppression, backup generators and generator control units, switches, pumps, UPS systems, and precision cooling.” 

Schneider Electric urges updating all installations of StruxureWare Data Center Expert to version 7.4[1].

In 2013 and 2014 Positive Technologies researchers also uncovered vulnerabilities in Schneider Electric Wonderware Information Server. At the Positive Hack Days IV international forum, participants in the Critical Infrastructure Attack competition located a number of vulnerabilities in Schneider Electric systems. In addition, in 2015 Ilya Karpov identified an issue involving unencrypted storage of passwords in InTouch Machine Edition 2014.

[1] Update available at https://dcimsupport.apc.com/display/public/download/DCE+device+firmware+catalog

The post Positive Technologies discovers security vulnerability in data center monitoring system that could allow remote access to unencrypted passwords appeared first on IT SECURITY GURU.

from Positive Technologies discovers security vulnerability in data center monitoring system that could allow remote access to unencrypted passwords

Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Today’s Elastic IT Environments

Tenable Network Security®, Inc., a global leader in cybersecurity,  today makes available Tenable.io™, the industry’s first cloud-based vulnerability management platform to secure the full range of assets in the modern elastic IT environment.

According to a recent Gartner report, “organizations with large or growing cloud, virtualization and DevOps deployments must select a [vulnerability assessment] solution with these asset demographics in mind, and must consider a vendor’s current and future commitment to these technologies.” [Gartner source: “Market Guide for Vulnerability Assessment” by Oliver Rochford and Prateek Bhajanka, published Dec. 5 2016]

The challenge for most organizations is that virtualization, cloud, and the accelerating use of web applications and short-lived assets like containers has changed how and when they need to assess vulnerabilities.

“Networks, assets and threats have all changed dramatically over the last few years, but vulnerability management hasn’t kept up,” said Amit Yoran, CEO, Tenable Network Security. “This innovation gap has left organizations everywhere struggling to answer the most basic question in security: what is my vulnerability and risk exposure? Tenable.io represents a new, more strategic approach to vulnerability management for today’s elastic attack surface, with the capabilities and flexibility organizations need to understand and improve their cybersecurity risk posture.”

Tenable.io delivers the broadest coverage of any vulnerability management solution for unparalleled visibility into the security status of modern IT infrastructure. Unique auditing and assessment capabilities help customers identify and remediate vulnerabilities across more technologies, including containers, web applications and cloud instances. It is also the first major vulnerability management solution licensed by assets instead of IP addresses.

Tenable.io capabilities include:

  • Advanced asset tracking: Tenable.io tracks changes to assets and their vulnerabilities with unsurpassed accuracy — no matter how they roam or how long they last. Using an advanced asset fingerprinting algorithm, Tenable.io pinpoints the true identity of each resource — even dynamic assets like laptops, virtual machines and cloud instances. As a result, customers better understand the true state of their environment.
  • Elastic asset licensing: Tenable is the first major vulnerability management provider to offer asset-based elastic licensing. With asset-based licensing, just a single license unit is consumed per asset, even if the asset has multiple IP addresses. This elastic model permits scanning even when license counts are temporarily exceeded and automatically recovers licenses for rarely scanned assets or one-time bursts.
  • Openness and integration: The Tenable.io application programming interface (API) and software development kit (SDK) simplify the export and import of vulnerability, asset, threat and other data. Customers can quickly integrate Tenable.io with other technologies to better understand their level of vulnerability exposure and risk, and to gain a deeper level of visibility and insight. Through the Tenable Technology Integration Partner (TIP) program, partners such as BMC, CyberArk, ForeScout and IBM are also integrating their solutions with Tenable.io, which comes with pre-built integrations for popular patch management, credential management, mobile device management and even other vulnerability management solutions.
  • 360-degree visibility: Traditional scanning tools have not kept up with new assets like cloud, mobile and virtual workloads in elastic IT environments. Drawing on Nessus® technology, Tenable.io employs active and agent scanning as well as passive traffic listening to deliver the broadest coverage of assets and vulnerabilities and eliminate persistent blind spots.

Tenable also announced today immediate plans to extend Tenable.io capabilities in early 2017 with two new products. These application security offerings address the increased exposure from DevOps-led container adoption and the explosion of web applications:

Tenable.io Container Security: Based on the company’s acquisition last October of San Francisco-based FlawCheck, Tenable.io Container Security (available April 2017) continuously monitors container images for vulnerabilities, malware, and enterprise policy compliance. By bringing security into the container build process up-front, organizations can gain visibility into the hidden risks in containers and remediate them before they reach production, without slowing innovation cycles.

Tenable.io Web Application Scanning: Safely scan web applications to identify and manage application vulnerabilities in a single integrated platform, alongside other network vulnerabilities and container flaws. To request participation in the Tenable.io Web Application Scanning customer beta program beginning March 2017, visit http://www.tenable.com/products/tenable-io/web-application-scanning.

In coming quarters, Tenable.io will continue introducing capabilities that advance vulnerability management toward the strategic and integrated model of threat and vulnerability management (TVM), building on the platform’s unique asset coverage, openness, comprehensive vulnerability data, and licensing model.

For a live introduction to Tenable.io, register for one of the regional webinars.

The post Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Today’s Elastic IT Environments appeared first on IT SECURITY GURU.

from Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Today’s Elastic IT Environments

Emsisoft Website Hit by DDoS Attack as Company Releases Ransomware Decrypter

In the past week, two security firms, Dr.Web and Emsisoft, suffered DDoS attacks at the hands of cyber-criminals who attempted to bring down their websites as payback for meddling with their illegal activities.The first attack hit Russian security firm Dr.Web, who revealed over the weekend that a DDoS attack hit its Russian and Ukrainian domains (drweb.ru & drweb.ua). According to the company, the attack arrived at a rate that ranged between 200,000 to 500,000 packets per second, and it lasted for over two days until its engineers managed to keep it under control and restore full service to its servers.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Emsisoft Website Hit by DDoS Attack as Company Releases Ransomware Decrypter appeared first on IT SECURITY GURU.

from Emsisoft Website Hit by DDoS Attack as Company Releases Ransomware Decrypter

Europol and Global Cyber Alliance team up to fight cyber-crime

Europol and the Global Cyber Alliance (GCA) have signed a Memorandum of Understanding (MoU) to cooperate on decreasing systemic cyber-risk and improving internet security throughout Europe and beyond. As part of the MoU, Europol and GCA will fight cyber-crime through the exchange of information on cyber-crime trends and joint international projects to increase cyber-security. To this end, the two organisations will partner to offer best practice recommendations that help organisations secure their networks and domains through the Internet Immunity project.

View full story


The post Europol and Global Cyber Alliance team up to fight cyber-crime appeared first on IT SECURITY GURU.

from Europol and Global Cyber Alliance team up to fight cyber-crime

UK Cybersecurity: Permanent job salaries growing faster than contractor pay rises

Demand for cyber security skills in the UK means that salaries for full time IT security jobs are increasing faster than contractor rates, according to a new survey. Annual IT security permanent salaries climbed by 5 per cent (from Q4 2015 to Q4 2016) to £57,706, compared to a 0.62 per cent increase for contractor day rates (up to £484) over the same period, according to tech recruiting firm Experis. Experis reports that annual demand for permanent and contract IT security professionals has increased by 46 per cent, driven by demand spurred on by the need to build robust defences against cybercrime in the wake of high profile hacks.

View full story


The post UK Cybersecurity: Permanent job salaries growing faster than contractor pay rises appeared first on IT SECURITY GURU.

from UK Cybersecurity: Permanent job salaries growing faster than contractor pay rises

Trump Expected to Sign Cyber Security Executive Order Tuesday

President Donald Trump is expected to sign an executive order on cyber security on Tuesday, two sources familiar with the situation said, marking the first action to address what he has called a top priority of his administration. The order is expected to commission several different reviews of the government’s offensive and defensive cyber capabilities, according to one of the sources and a third briefed on a draft of the order that circulated last week.

View full story


The post Trump Expected to Sign Cyber Security Executive Order Tuesday appeared first on IT SECURITY GURU.

from Trump Expected to Sign Cyber Security Executive Order Tuesday

EA Sports hacked? Gamers unable to play Fifa, Madden or Battlefield after servers suffer outage

EA Sports appears to be suffering a major outage, with gamers all over the world complaining they are unable to play titles such as Fifa, Madden and Battlefield. The website Down Detector, which tracks major network outages, reports that EA has been having issues since 08:52 GMT. Outage Report also reported a spike in people claiming they are unable to access the online gaming platform.

View full story


The post EA Sports hacked? Gamers unable to play Fifa, Madden or Battlefield after servers suffer outage appeared first on IT SECURITY GURU.

from EA Sports hacked? Gamers unable to play Fifa, Madden or Battlefield after servers suffer outage

Monday, 30 January 2017

Key Card Ransomware: News versus FUD

On the 28th January 2017, a news site reported that Hotel ransomed by hackers as guests locked out of rooms. The story initially claimed that a ransomware gang had been able to compromise systems in the Romantik Seehotel J√§gerwirt in Austria including the key card registry system, even managing to lock guests into their rooms. The […]

The post Key Card Ransomware: News versus FUD appeared first on ITsecurity.

from Key Card Ransomware: News versus FUD

The Impact of GDPR Outside the EU

On 25 May 2018, the General Data Protection Regulation, or GDPR[1], takes effect in the European Union.  The regulation mandates strict protection requirements over personal data concerning EU citizens.  Governments and companies inside the EU have been preparing, but many companies outside of the EU may yet be unaware of how this regulation will affect their businesses.  GDPR applies to any organization that holds or processes data on EU citizens, regardless of where it is headquartered.  This includes companies that have employees in the EU, sell or market products or services in the EU, or partner with EU organizations. The penalties for non-compliance can be as high as 4% of global revenue.

User consent is a cornerstone of this new law.  GDPR defines personal data as physical address, email address, IP addresses, age, gender, locations, health information, search queries, items purchased, etc.  Many companies today freely harvest this data, use it, share it, and sell it under the auspices of their ever-changing, usually unintelligible click-through “privacy policies”.  In a post-GDPR world, users must issue explicit consent for each attribute collected and for each use or transfer of these attributes.  If an organization’s privacy policy or data sharing agreements change, users must consent to the changes before they take effect.

Moreover, organizations collecting this data must allow users to take their data with them or delete it entirely if requested.  Compliance audits will become regular events.  GDPR mandates privacy by design and by default.  A quick interpretation means that users must “opt-in” rather than “opt-out” of data collection schemes.

Data minimization, purpose and storage limitations are important principles in the new regulation.  Simply put, don’t collect more information than necessary, don’t use it for purposes other than what you state, and store it only as long as needed.  Exceptions do exist for health, public safety, and national security reasons.

Within each EU member state, the GDPR establishes the position of Supervisory Authority, a government official responsible for overseeing the implementation and enforcement of the regulation.  When organizations detect a breach of EU citizens’ personal data, they are required to report it to the Supervisory Authority in each affected Member State within 72 hours.  The use of encryption on PII can be a mitigating factor in data breaches, which may obviate the need for disclosure to data subjects.

Ideally, data about EU citizens should be housed within the EU.  GDPR has provisions for data transfers outside the EU, and the best way to avoid being subject to these conditions is to keep it local.  One weakness of GDPR is that it doesn’t adequately define the term “third country”.  This will likely cause additional legal debate.

In cases where regular transfers of EU subject data are expected to occur between Member States and other countries or international organizations, the EU Commission may make “adequacy decisions” which facilitate these exchanges.  One such example is the EU-US Privacy Shield[2].  The EU-US Privacy Shield framework replaced the former Safe Harbor, which was ruled invalid by the European Court of Justice.  Companies may apply and self-certify that they meet the criteria contained therein.

With a little over a year to go before GDPR implementation, now is the time to prepare. To help customers comply, software vendors, e.g. IAM, IaaS, SaaS, and marketing solutions providers, need to:

  • Build fine-grained consent options into their UIs
  • Provide granular data encryption capabilities
  • Automate privacy policy change notifications and re-consent prompts
  • Respond to personal data export and data deletion requests
  • Where appropriate, allow parents or guardians to control the use of children’s PII
  • Develop GDPR compliance auditing and reporting tools

Organizations that have European operations or do business with EU citizens will need to:

  • Inventory all data
  • Conduct data privacy impact assessments
  • Encrypt PII data at rest and in transit
  • Modify privacy policies, data collection processes, and data handling procedures
  • Develop rapid data breach notification processes
  • Add mechanisms to customer portals so that users can provide consent to data usage
  • Possibly migrate and prune PII from systems
  • Apply for EU Commission approved transfer adequacy programs, e.g. EU-US Privacy Shield

GDPR will certainly enhance EU citizen privacy, but the fines for violations could be substantial.  Make sure your IT systems and processes are ready.

[1] http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf

[2] https://www.privacyshield.gov/PrivacyShield/ApplyNow

About the author

John Tolbert is a senior analyst at KuppingerCole, with internationally recognized expertise in cybersecurity and identity management. John has consulted for national governments, and has 20 years of experience working in Aerospace, Defense, Manufacturing, and Financial industries. John was honored as an OASIS Distinguished Contributor in 2014, and as an Associate Technical Fellow at Boeing in 2011. In addition to working with OASIS, he has also participated in Kantara Initiative, Transglobal Secure Collaboration Program (TSCP), the FIDO Alliance. He has numerous technical security publications, and is a frequent speaker at cybersecurity and identity management events

The post The Impact of GDPR Outside the EU appeared first on IT SECURITY GURU.

from The Impact of GDPR Outside the EU

Retailers, it’s time to reduce the hacker threat

Stuart Facey, VP of EMEA at Bomgar

From Target, eBay and TalkTalk, to this year’s Oracle data breach, it has become increasingly common for big retailers and brands to be victims of large security incidents. In fact, the retail sector has now overtaken the financial services industry generating the most incident responses following a cyber security breach. These retail responses account for 22 per cent of all those tracked across the 17 verticals that were investigated, according to the annual NTT Global Threat Intelligence Report.

The retail sector is amongst those at the forefront of IoT adoption, driven by the need for seamless customer engagement. There’s a multitude of connected devices being used, from monitored freezer and chiller cabinets, distribution centre drones, smart garment tag scanners and even to simpler things such as free customer Wi-Fi.

The increasing number of access points and users entering a retailer’s network connection through IoT, is opening up the possibilities for cyber criminals looking to infiltrate or utilise user credentials to access a network. With this in mind, it is essential that retailers of all sizes invest in technology that allows them to closely monitor and control who has access, and to what areas, of their network.

From the customer logging on in-store to see the latest sales, to the cleaner at HQ linking his smart phone to the network to listen to music, every point of access needs to be monitored and controlled to stave off any malicious users’ intent on breaching security defences.

However, it’s not just customers and employees that should be in focus.

The expansion of product lines is a reality for most growing retail businesses, which often means expanding third-party suppliers and merchant networks. In doing so, retailers are having to share access to platforms, data, customer information or other intellectual property.  Retailers need to be aware of the exact level of access these third-party vendors have to their networks. If this isn’t sufficiently controlled or monitored, hackers can easily use the vendor’s access to piggy back onto a retailer’s system.

The 2013 breach of American retailer Target’s systems is a perfect example of this danger, as a hacker entered the company’s system via their air conditioning vendor’s access. They captured the credit and debit card information of approximately 40 million customers (data the vendor shouldn’t be allowed to access) and became known as one of the largest data breaches in history.

Unfortunately, many retailers don’t have the visibility and hence don’t realise they are using these unsecure remote access methods, which is providing a viable attack pathway that can be used by hackers to gain access to sensitive systems and data.

Research shows that only 35 per cent of IT professionals are confident in knowing the actual number of vendors accessing their IT infrastructure, and just 34 per cent actually know the number of individual log-ins that can be attributed to vendors. This is a vulnerability that can be addressed by implementing an access management solution that provides the ability to control when a vendor can access a network and what data they can access. This solution can also manage access by a retailer’s own privileged users including their IT support teams and IT Administrators. Retailers should look for solutions that record each remote access session and safeguard the transferred data with SSL encryption. By recording and monitoring sessions, if a breach happens, the point of access is easily traceable and the threat can be addressed quickly.

Retailers are investing in firewalls and data encryption tools to protect sensitive customer information. However, hackers still have the ability to work around some of these defences to combat this. It is vital that they all understand who is accessing their systems at any time.

It is advisable that they have the software and processes in place to actively manage who has access to the most privileged credentials like domain administrators and root accounts in their environment. By regularly changing password credentials retailers can also neutralise any attacker’s ability to compromise their accounts. The latest PCI announcement called for multi-factor authentication as a requirement for any personnel with administrative access into environments handling card data. The Payment Card Industry Security Standards Council recognises that just a password should not be enough to verify an administrator’s identity and grant access to sensitive information. This alone should be a wakeup call for retailers to quickly address the management of access to their systems.

In the end, it’s not just about data and compliance that you need to worry about, but your reputation. After an attack takes place and becomes public, the perception by media and customers can quickly become negative and could have a devastating effect on the future of your business. To safeguard future operations, it’s essential that retailers act now to protect themselves from the immediate and lasting effects of a breach. Only through implementing stricter processes to monitor and control network access across the countless number of access points and devices, will a retailer be able to fully gain the appropriate insight into who is doing what on their network.

The post Retailers, it’s time to reduce the hacker threat appeared first on IT SECURITY GURU.

from Retailers, it’s time to reduce the hacker threat

3 top digital asset threats facing your brand in 2017

Corporation Service Company (CSC), the leading provider of corporate domain management and online brand protection services, today announces the three biggest cyber threats digital brands will face in 2017 – and how to manage them.

  1. Distributed Denial of Service (DDoS) attacks are set to increase in 2017. This now common form of cyber-attack floods servers with traffic which consequently overloads networks. DDoS attack activity increased 85% year on year in 2016, whilst Deloitte recently estimated there will be on over 10 million DDoS attacks in total this year.[1]

Worryingly, 50% of businesses worldwide have no countermeasures against DDoS attacks, presenting an irresistible opportunity for cyber criminals to attack businesses in 2017.[2] To reduce this risk, businesses must consolidate all domain names onto a single DNS platform and start adopting a DDoS protection / mitigation service.

  1. Email phishing scams are one of the biggest threats brands face today. Research shows that phishing attacks currently cost brands $4.5 billion a year, with customers 42% less likely to do business with a company that has fallen victim to an attack.[3] Because these attacks happen in an instant, they are difficult to defend against and are likely to increase this year.

In response, businesses need to improve staff training, showing them how to identify phishing emails, and start subscribing to email fraud protection and email takedown services that provide threat assessments and blacklist offending URLs.

  1. Expiring Secure Sockets Layer (SSL) certificates – designed to secure online payment transactions – are putting both brands and consumers at risk of cyber-attack. The cost of expiring SSL certificates is significant; according to a recent survey, the average multinational company spends $15 million to recover from the loss of business due to a certificate outage and can face a further fine of up to $25 million from regulatory bodies.[4]

CSC recommends following three simple steps to ensure brands do not fall victim to this kind of attack. First, audit all existing certificates and cross-reference them with your live websites. Next, consolidate certificates onto one platform, making the certificates easier to manage. Last, develop and implement a policy and process to ensure all certificates are managed effectively in the future.

Ken Linscott, Director Cyber Security Services, CSC says:

“The days when businesses relied on lock and key to keep their assets safe are long gone. Today, it’s cyber security systems which are responsible for keeping criminals at arm’s length. This reality has finally been recognised by Governments across the globe, with both the UK and US investing heavily in national defences against cyber-attacks.

The problem for corporations is that it’s ridiculously easy for anyone with a grudge or criminal intent to target a brand and launch an attack. You don’t need a degree in computer science or to spend lots of money – the tools used to launch these attacks are readily available and simple to use. It’s not a question of ‘if’ you will be targeted but ‘when’. Our advice is to ensure the threats and consequences to your business are truly understood at board level as these are decisions that can make or break a brand.”

[1] Deloitte Tech Trends 2017, p6

[2] http://www.itpro.co.uk/security/23749/ddos-attacks-remain-key-threat-with-only-half-of-companies-prepared

[3] https://www.emc.com/emc-plus/rsa-thought-leadership/online-fraud/index.htm

[4] http://www.csoonline.com/article/2987186/browser-security/expired-certificates-cost-businesses-15-million-per-outage.html

The post 3 top digital asset threats facing your brand in 2017 appeared first on IT SECURITY GURU.

from 3 top digital asset threats facing your brand in 2017

US has no strategy for dealing with Russian cyber-attacks, says McCain

Senator John McCain has warned that the US “[doesn’t] have a strategy” for dealing with cyberwarfare tactics that may be employed by Russian, Chinese or North Korean agents, The Guardian reports. Speaking at the Republican party’s annual retreat in Philadelphia, he reiterated the commonly-held belief among the US intelligence community that “the Russians were trying to influence the outcome of our election”, and warned that America wasn’t ready to respond to similar attacks on elections in Europe.

View full story


The post US has no strategy for dealing with Russian cyber-attacks, says McCain appeared first on IT SECURITY GURU.

from US has no strategy for dealing with Russian cyber-attacks, says McCain

OurMine just hacked a bunch of WWE accounts

Notorious hacker group OurMine is back at it, hacking social media profiles to let the world know just how easy it can be to get inside an account.  This time, the World Wrestling Entertainment (WWE) group is at the receiving end. Several Twitter accounts affiliated with WWE, including those of WWE Universe, WWE NXT, wrestler and celebrity John Cena, WrestleMania, WWE Network and Summer Slam were hacked Saturday with the group OurMine claiming responsibility.

View full story


The post OurMine just hacked a bunch of WWE accounts appeared first on IT SECURITY GURU.

from OurMine just hacked a bunch of WWE accounts

How to Hack into Donald Trump’s Phone

Donald Trump refuses to give up his insecure Android-based smartphone even after becoming president. He continues to use his old Samsung Galaxy S3 to tweet from his @realDonaldTrump account. The president, who on Jan. 4, called the Democratic National Committee careless with its security while refering to election rival Hillary Clinton’s emails being hacked, is himself quite vulnerable to hacking. Hacking group Anonymous has repeatedly tweeted against Trump and has warned it will be targeting him. The group on Friday attached a screenshot in a tweet explaining how Trump’s phone is vulnerable to hacking as the phone runs on Android 4.4 OS, which is out-of-date with existing security requirements. The tweet mentioned a software called Stagefright which could be used by anyone to hack into the phone.

View full story


The post How to Hack into Donald Trump’s Phone appeared first on IT SECURITY GURU.

from How to Hack into Donald Trump’s Phone

Ransomware hijacks hotel smart keys to lock guests out of their rooms

What’s the worst that could happen when a Ransomware hits a Hotel? Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel’s IT system, and the hotel had no choice left except paying the attackers.The Romantik Seehotel J√§egerwirt 4-Star Superior Hotel has admitted it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their electronic key card system that prevented its guests from entering or leaving their rooms.

View full story


The post Ransomware hijacks hotel smart keys to lock guests out of their rooms appeared first on IT SECURITY GURU.

from Ransomware hijacks hotel smart keys to lock guests out of their rooms

Alleged Hacker Behind LinkedIn Breach at Center of US-Russia Tussle

An alleged computer hacker being held in the Czech Republic is at the center of an international legal tussle between the United States and Russia amid lingering disquiet over Moscow’s alleged interference in the recent US presidential election. Yevgeniy Nikulin, 29, faces extradition requests from both countries after being detained by Czech police on an Interpol arrest warrant issued by US authorities.

View full story


The post Alleged Hacker Behind LinkedIn Breach at Center of US-Russia Tussle appeared first on IT SECURITY GURU.

from Alleged Hacker Behind LinkedIn Breach at Center of US-Russia Tussle

Friday, 27 January 2017

Firewall Efficacy Increased When Deployed with a Firewall Management Tool

FireMon, the leader in Network Security Policy Management (NSPM), has released a commissioned study entitled Automate Zero Trust Policy and Enforcement conducted by independent, research-based consultancy, Forrester Consulting. The study illustrates the many benefits of using a firewall auditing tool, including increased IT staff productivity, fewer data breaches and attacks and improved visibility into network traffic.  It also points to a marked increase in the number of organizations who say they can respond to a data breach in under an hour as a result of using firewall management tools.

According to Forrester, in the age of cybercriminals, hacktivists, state-sponsored agents and internal security threats, a Zero Trust (ZT) network that assumes neither internal nor external networks can be trusted is the best approach to security. This makes firewalls and next-generation firewalls (NGFWs) critical to architecting a ZT network.

“While NGFWs play a crucial role in creating Zero Trust networks, the inherent complexity means that if they are not configured properly or managed effectively, they will not be used to their full potential,” said Paul Calatayud, Chief Technology Officer for FireMon.  “This study has shown that firewall management tools, such as the FireMon suite of products, help IT departments create more secure environments and save organizations a lot of time.”

The research consisted of an online survey with 188 IT security decision makers at US enterprises in highly regulated industries and found that firms that implemented firewall management and configuration auditing solutions achieved significant productivity and security benefits. Comparatively, firms that have not implemented a solution struggle with time-intensive auditing and change control processes, quality issues, and resource constraints.

“The study shows as enterprises upgrade their firewalls to defend their network perimeters, many fail to modernize how they manage complex firewall rule bases,” said Paul Calatayud, Chief Technology Officer for FireMon. “Nearly half of enterprises that use a next-generation firewall do not use firewall management or configuration auditing tools and that exposes the organization to more risk as well as increases the time it takes to respond to a potentially business-crippling data breach.”

Some key findings from the study include:

  • NGFWs are approaching mass adoption, yet configuration auditing solutions are less prevalent
  • Users of firewall auditing solutions are three to four times likelier than nonusers to address and implement firewall change requests within 24hours.
  • Firms that manually audit their firewalls face more challenges than those that use a solution
  • Solution users reap more benefits than nonusers even expect

The post Firewall Efficacy Increased When Deployed with a Firewall Management Tool appeared first on IT SECURITY GURU.

from Firewall Efficacy Increased When Deployed with a Firewall Management Tool

Comparitech.com urges public to take the power back this Data Privacy Day

The security and privacy advice comparison website Comparitech.com is encouraging people that feel helpless in the wake of the Investigatory Powers Act to make their privacy concerns heard this Data Privacy Day on the 28th of January.  The Act is supposed to protect national security; however, recent FOI requests reveal that it has been used to secretly spy on UK residents as reported in the Guardian  bringing into question its abuse.

Over the course of last year, the UK government made it legal for the “interception of communications, equipment interference and the acquisition and retention of communications data, bulk personal datasets and other information”. This means that communications companies will store the records of websites visited by every customer for 12 months, making them accessible to police, security services and other public bodies with a warrant.  The act applies to all UK residents, except it seems politicians – where any warrants to access their information will need the extra layer of the Prime Minister’s approval.

Lee Munson, security researcher at Comapritech.com says that “businesses of all sizes are obligated to look after the personal information under their control, but we have seen countless cases including TalkTalk, where this information has been breached.  Now, with the government requiring communications companies to store more than just personal identifying information – information that points to habits, likes/dislikes and internet browsing history – privacy for UK citizens is eroding very quickly.  If there are ways for the ‘good’ guys to access this information at will, you can bet the bad guys aren’t far behind.  People have the right to know what information is being stored on them and what steps are being used to secure that information.”

The best ways for the public to take back some power over privacy:

  • Send a subject access request under the Data Protection Act to your Internet Service Provider (ISP) or phone company to ask them to provide you with the data that is being stored on you and which government departments have had access to it.
  • Sign the petition to repeal the Law, then
  • Write a letter to your MP expressing your wish for repeal of the law that was branded unconstitutional by the European Court of Justice. Ask your MP if s/he thinks it is right that s/he is exempt from the law while the rest of the public faces this attack on privacy.
  • Make sure you use a Virtual Private Network (VPN) to protect your privacy online. Pick a VPN that isn’t based in the UK, doesn’t keep log files and scores highly for privacy.

Comparitech.com surmises that if thousands of people submit requests and make their concerns tangible, then it will force the government to look more closely at the issue to protect its citizens not only from the threats of acts of terror, but from cybercriminals or nation state actors that might exploit their information.

Data Privacy Day is held every 28th of January and is an international effort to encourage Internet users to consider the privacy implications of their online actions and encourage prioritizing data protection in all corporate fields.

“The hope is that, with enough people showing concern for their privacy, the government will have to consider it.  It’s not just about names on a list that can be easily ignored – these requests will require action,” said Munson.

Comparitech.com has submitted its own Freedom of Information request to the government which will be made available when the answers are forthcoming.

The full blog post with details of how to submit a subject access request and a sample letter to an MP, please see the blog.

The post Comparitech.com urges public to take the power back this Data Privacy Day appeared first on IT SECURITY GURU.

from Comparitech.com urges public to take the power back this Data Privacy Day

EMEA Security Concerns Take Priority in Adoption of App Services

F5 Networks (NASDAQ: FFIV) today announced the EMEA results of its 2017 State of Application Delivery report. The only global report of its kind is now in its third year, surveying over 2,000 IT, networking, application, and security professionals worldwide to examine the role application services play in allowing enterprises to deploy apps faster, smarter and more securely.

EMEA is set for a dynamic year in this respect, as the average organisation plans to deploy 18 app services in the next 12 months, compared to the 2016 global average of just 11. As the threat landscape continues to evolve in complexity, speed and availability were for the first time deemed less important that overall application protection, with the most important services cited including network firewalls, anti-virus and SSL VPN solutions.

An era of cloud expertise 

The highest area of investment for 2017 in EMEA was the use of on-premise private clouds (46 per cent). Almost half of respondents (48 per cent) stated the private cloud would have the most strategic importance to their organisation in the next two to five years, and that three quarters (76 per cent) of their apps would be in the cloud by 2017.

The most important security feature was that the cloud should provide the same level of security and auditability as other similar on premises services (61 per cent). This hints that organisations are concerned about the disruption moving to the cloud can have on operations.

Nevertheless, respondents indicated that a shift towards a more agile, multi-cloud world is gaining momentum. Globally, four out of five respondents indicated they are adopting hybrid cloud models. The main challenge here is maintaining consistent security policies across multiple environments (25 per cent of respondents).

“Businesses are putting their money where their strategy is when it comes to cloud,” said Ryan Kearny, CTO, F5 Networks.

“There are still challenges to overcome but the global shift to embrace hybrid scenario clearly shows a growing recognition that agility and speed can be achieved without compromising security, provided there are consistent policies and solutions in place.”

On a global scale, the more apps a company has deployed, the greater motivation to reap the operational benefits of the cloud, with respondents running the largest number of applications (3,000+) reporting the highest percentage of apps in the cloud.

Sophisticated cyber-attacks changing priorities 

A new era of security vigilance is required as security teams expand beyond traditional firewalls and legacy enterprise perimeters. Organisations with a web application firewall (WAF) and DDoS mitigation services had the highest confidence in their ability to withstand an application-level attack and interestingly, cloud-first organisations have more confidence in their security.

“This past year, not a week went by without some hack or vulnerability making the headlines,” said Kearny.

“And yet there is no sign that security breaches are slowing digital transformation. Our report shows how the sometimes-competing demands of customer and data protection inform companies’ deployment of apps and app services, and can usher in security best practice at a time when it’s needed most.”

The top security challenges cited were the increased sophistication of attacks (64 per cent) followed by employees underestimating the impact of not following security policy (53 per cent). However, despite over half naming employees as one of the top challenges, a third (32 per cent) admitted a lack of IT security skills or training within a company was challenging.

Operational scale and programmability rise to the top for DevOps 

On a global scale, the increase in app services and continued expansion to the cloud is driving organisations to automation and orchestration to scale operations across environments.  As a result, over half of respondents now view API-enabled infrastructures and templates as important, up from 31 per cent and 22 per cent last year, respectively. Scalability and OpEx reduction remain the top two drivers for the use of SDN frameworks, and companies are increasingly showing a tendency toward standardisation, with 39 per cent relying on only one framework in 2017, compared to 32 per cent in 2016.

The post EMEA Security Concerns Take Priority in Adoption of App Services appeared first on IT SECURITY GURU.

from EMEA Security Concerns Take Priority in Adoption of App Services

97% of UK CEOs surveyed said their business is currently addressing cyber breaches

As world leaders gathered in Davos last week, cyber security again featured high on the agenda. PwC’s CEO Survey reveals that three-quarters (76%) of UK CEOs consider cyber risks to be a significant business threat. This is second only to the availability of key skills, and ahead of changing consumer behaviour, the speed of technological change and new market entrants.

The findings – based on a research sample of 1,379 global leaders, including 126 UK CEOs – show that UK leaders are significantly more concerned about cyber threats than many of their global peers (UK 76%; global 61%) who don’t consider it amongst the top three business threats.

Nearly all CEOs in the UK (97%) say their organisation is currently addressing cyber breaches affecting business information or critical systems, well above the global average figure of 90%.

Richard Horne, UK cyber security partner at PwC said “The majority of boards now recognise that cyber security is a complex risk that requires their attention. However, most struggle to move beyond building ‘standard’ cyber security control frameworks in the hope they are sufficient, to genuinely managing risk.

“The most successful leaders will be those who define a comprehensive board approach to governing cyber security. It’s key to recognise that requires changing their businesses and operations to make themselves more securable, as well as building security controls. In response to our engagements with boards across various sectors, we’ve created a set of principles for the governance of cyber security to help them improve their response to this existential business risk.”

Now is the time to take cyber security governance seriously

PwC has released seven principles for boards to adopt to assist both themselves and investors around the governance of cyber security:

  1. Have a real understanding of exposure;
  2. Have appropriate capability and resource dedicated to cyber security;
  3. Adopt a holistic framework and approach, including meaningful measurement;
  4. Submit to independent review and test;
  5. Have sufficient incident preparedness and a track record of identifying, responding to, and learning from, incidents;
  6. Have a considered approach to legal and regulatory environments for cyber security;
  7. Make an active community contribution, sharing information with others in the industry.

Richard Horne concluded “These principles will help organisations to challenge themselves as to whether their response to cyber threats is adequate and continuing to evolve with threat developments.

“We’re also seeing investors becoming increasingly focussed on cyber security when making investment decisions. The principles are therefore designed to not only to aid board governance, but also frame the discussions around cyber security between boards and current or potential investors.”

The post 97% of UK CEOs surveyed said their business is currently addressing cyber breaches appeared first on IT SECURITY GURU.

from 97% of UK CEOs surveyed said their business is currently addressing cyber breaches

Almost half of British children left to roam the internet alone

Today Intel Security released findings from a recent global study, “New Family Dynamics in a Connected World,” that reveal the extent to which technological devices are embedded in the lives of British families. The research shows families spend almost the same amount of time interacting with one another in person (37% of their time), as they spend interacting with their connected devices (35% of their time).

Internet Monitoring Methods aren’t up to scratch

As families are becoming more tech dependent, Gartner forecasts that “there will be more than 10.5 billion ‘things’ in homes by 2020[1], and with the EdTech market[2] set to reach over $252 billion in investment globally by 2020, children will increasingly be within arms’ reach of connected devices.

Despite the safety risks associated with the internet, Intel Security discovered that parents are struggling to take the necessary security precautions to protect their families from cyber crime. According to the survey of 13,000 people, 21% of British parents reported that they were not concerned about their children speaking to a social predator or criminal online. This may explain why 40% of children are not being monitored when they are using their devices, leaving them open to being vulnerable to risks such as cyber bullying or online crime.

Parents currently feel powerless about how to educate their children, with a third (29%) saying that they would monitor their children’s online activity if there was an easier way to do it.

Bedtime reading replaced with cyber-risks 

Bedtime is proving to be a particularly big challenge for British families. The advent of smartphones and tablets has transformed bedtime and the days of reading a book with a torch under the duvet are behind us. 

Intel Security found that children are increasingly being left with gadgets in their room, further challenging parents to find a way to monitor and control their internet usage post-bedtime:

  • 42% of parents would choose to pause the internet in their household during bedtime if they could to stop their children from being distracted
  • Only 28% of parents keep their children’s devices in their possession when their children shouldn’t be using them and allow their children to use the devices when the correct security measures are in place

“Technology has revolutionised our home lives, with many parents relying on devices to help their children with learning and entertainment” says Nick Viney, VP of Consumer at Intel Security. “However, we need to empower parents to actively manage how their families interact with those devices, to ensure the benefits continue to outweigh the potential risks. When the correct security and privacy measures are taken, everyone in the family will feel more protected enabling them to fully enjoy all the benefits of living in a smart home.” 

Tips to Keep Families Secure in Year Ahead

To stay protected in the evolving online world, Intel Security has the following tips for parents:

  • Start conversations early. If you start talking about online safety early, it will make your job that much easier when your children get older. If your kids are young, start with simple rules like: “don’t open emails from people you don’t know.” You want online safety to be part of normal behavior.
  • Set a good example.It’s easy to get caught up spending a lot of time on our devices, and kids pick up our habits – both good and bad. Set a positive example by limiting your time on social networks when at home and putting your phone away during dinner and family time.
  • Keep strangers out. Most children have been using devices from an early age, desensitising them to the potentials risks of online behavior. A false sense of security can set in for children and they could be unknowingly interacting with a social predator or dangerous person posing as a teen (catfish). This isn’t just on social media networks; it applies to common services such as Uber*, Lyft* and Craigslist*. Remind kids that anyone can create a profile and to decline friend requests from strangers.

Take control of your home network. The home network is the hub for all of your connected devices. New solutions, such as McAfee Secure Home Platform, help you easily manage and protect devices connected to this network while providing parental controls with permissions that can be tailored to the entire household.

[1] Gartner, Market Trends: Choose a Functional Business Model for the Connected Home Market, 15 April 2016

[2] Edtext Global, 2016 Global Edtech Industry report, n/a http://ecosystem.edtechxeurope.com/2016-edtech-report

The post Almost half of British children left to roam the internet alone appeared first on IT SECURITY GURU.

from Almost half of British children left to roam the internet alone

Americans fear their data isn’t safe, yet do little to defend it

Approximately 28 per cent of Americans are “not confident at all that the federal government can keep their personal information safe,” the Pew Research Center reported on Thursday, while also noting that many Americans fail to observe security best practices when online.

View full story


The post Americans fear their data isn’t safe, yet do little to defend it appeared first on IT SECURITY GURU.

from Americans fear their data isn’t safe, yet do little to defend it

Microsoft Approves Thai Government’s Root Certificate, Which Could Enable Spying

Privacy International, a UK-based nonprofit founded in 1990, released a report showing that Microsoft is the only operating system vendor to have approved the Thai military government’s root certificate by default, which is managed by the Electronic Transaction Development Agency (ETDA). The nonprofit worries that the Thai government could now perform “man-in-the-middle” (MITM) attacks against Thai citizens.

View full story


The post Microsoft Approves Thai Government’s Root Certificate, Which Could Enable Spying appeared first on IT SECURITY GURU.

from Microsoft Approves Thai Government’s Root Certificate, Which Could Enable Spying

4.2 Billion Records Exposed in Data Breaches in 2016: Report

2016 was a record year for data breaches, as the number of exposed records exceeded 4.2 billion, nearly four times than the previously set record. The latest release of Risk Based Security’s annual Data Breach QuickView report shows that there were 4,149 data breaches reported during 2016, down from the 4,326 data breaches reported in 2015. The number of exposed records, however, reached an all-time high that might not be easily equaled: 4.281 billion.

View full story


The post 4.2 Billion Records Exposed in Data Breaches in 2016: Report appeared first on IT SECURITY GURU.

from 4.2 Billion Records Exposed in Data Breaches in 2016: Report

Russia-linked Fancy Bear hackers had access to UK television station for ‘almost a year’

The same hacking group that targeted the US political system in the run-up to the country’s presidential election last year was able to infiltrate the computer systems of a UK television network for almost a year, security experts have revealed. The network has not been named for legal reasons, and likely due to the strict non-disclosure agreements surrounding breach probes. Yet analysts from SecureWorks, a cybersecurity firm, say hackers gained access in July 2015 and remained undetected for up to 12 months.

View full story

ORIGINAL SOURCE: International Business Times

The post Russia-linked Fancy Bear hackers had access to UK television station for ‘almost a year’ appeared first on IT SECURITY GURU.

from Russia-linked Fancy Bear hackers had access to UK television station for ‘almost a year’

Rogue Tweeters in Government Could Be Prosecuted as Hackers

Who are the federal government’s rogue tweeters, using official agency social media accounts to poke President Donald Trump? Are these acts of civil disobedience, or federal crimes? The online campaign began with unauthorized tweets — on subjects such as climate change inconsistent with Trump’s campaign statements and policies — that have been mostly deleted from official agency accounts. It shifted tactics Thursday as at least 40 new but unofficial “alternative” accounts for federal agencies began spreading across Twitter. It wasn’t clear how many unofficial accounts were run by government employees, but there were early indications that at least some were created by federal workers using their work email addresses — and that may have exposed their identities.

View full story


The post Rogue Tweeters in Government Could Be Prosecuted as Hackers appeared first on IT SECURITY GURU.

from Rogue Tweeters in Government Could Be Prosecuted as Hackers

Thursday, 26 January 2017

Zero Day Exploits will rise from once per week to once per day in 2021

Digital Defense, Inc., a leading provider of Vulnerability Management as a Service (VMaaS™), today announced a new Zero Day Report from CyberSecurity Ventures that provides vulnerability trends, statistics, best practices, and resources for CISOs and IT security teams.  The report contains data and comments from industry experts from the Zero Day Initiative, Trend Micro, Black Duck, Gartner, VMWare, Digital Defense, and DARPA, among others. It paints a frightening picture for what’s on the horizon as more powerful exploit kits run downstream to less experienced hackers.

The Digital Defense sponsored report highlights several jaw dropping stats, including:

  • The application attack surface is growing by 111 billion new lines of software code every year.
  • Zero day exploits will increase from one per week in 2015 to one per day in 2021.
  • More zero day flaws will be found in commercial software produced from companies like Apple and Adobe.
  • There will be open source code in 99% of mission critical apps of the Global 2000.

“Widespread use of open source code needs to be approached carefully from a security standpoint,” said Mike Cotton, vice president of research and development at Digital Defense. “A block of code can be a component in software written for many kinds of devices, so a zero-day flaw found in such a component can be multiplied many times. You’ll typically see a slew of vulnerabilities come out on all types of appliances and platforms.”

“Digital Defense is a thought leader around zero day exploits, and their contributions to our report are invaluable,” says Steve Morgan, Founder and Editor-In-Chief at Cybersecurity Ventures. “Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, and zero-day exploits are a growing contributor. We urge CISOs and IT security teams to get proactive – best they can – and take zero-days seriously, sooner rather than later.”

The post Zero Day Exploits will rise from once per week to once per day in 2021 appeared first on IT SECURITY GURU.

from Zero Day Exploits will rise from once per week to once per day in 2021

Confidential information at greatest risk in new businesses

Businesses under five years old are twice as likely to compromise the confidentiality of sensitive information than more established businesses. This is one of the findings of recent research into information management and security practices in the mid-market, commissioned by leading storage and information management services company Iron Mountain (NYSE: IRM).

The in-depth study of mid-market businesses across Europe and North America found that staff at recently established organisations expose their businesses to information risk because they are less careful with critical business data. Nearly half (48%) of those surveyed admitted they had left sensitive documents lying about the office, had mislaid them completely or had lost them in a public place. This is twice as many as staff at more established firms, where fewer than one in four (23%) had made similar information management mishaps.

Younger businesses are considerably less clear on how long they are legally required to retain documents such as tax records, contracts and customer data, making these organisations more likely to put the safety of this information at risk. For example, more than half (59%) of business professionals at companies between one and five years old admitted they could be keeping sensitive human resource records beyond their retention deadline, exposing the business to the threat of reputational damage and fines from information regulators. This is compared with just 20% at firms with more than 25 years in business.

Yet young firms are doing little to address the situation, preferring instead to prioritise expansion into new markets (80%) or product development (54%). The majority (76%), for example, have no plans in place to automate key information management processes such as HR. They are also less adept than older firms at managing data protection procedures or extracting value from their information. When asked about their processes for regulatory compliance in data handling, just a third (32%) of respondents at firms under five years old said their processes are “relevant and easy to comply with”. By comparison, 46% of respondents at firms aged 25 years and over said the same. Similarly, just over a quarter (28%) of those at younger firms said they have effective processes in place to monitor where their information is most valuable, compared to two fifths (40%) of respondents at older businesses.

Elizabeth Bramwell, director at Iron Mountain said, “The first five years of a business’s life are often dedicated to rapid growth as the organisation establishes itself in the market. The start-up phase is a busy one, so it’s perhaps understandable that information management mistakes are more likely to happen during this time. However, whether you’re a new or an established business the law is the law, so it’s vital that confidential information is protected. If bad information habits are left unchecked and effective processes aren’t put in place, young businesses face severe legal and reputational consequences that could fast erode customer confidence and threaten the very survival of the business.”

Previous research from Iron Mountain and PWC[i] suggests that many mid-market companies experience an ‘information epiphany’ when the products or services with which they launched the business start to approach their end-of-life, which normally happens around the five to seven years stage.[ii] According to this research, over a third (38 per cent) of younger firms don’t know how information flows through the business, compared to 22 per cent of those aged six and over. To take a more mature approach to handling and harnessing the value of information, young businesses need to put effective information management processes in place from the start, which can then become part of their company culture as they grow.

[i] Iron Mountain and PwC surveyed 1,800 senior business leaders across a broad range of sectors (energy, financial services, legal services, manufacturing and engineering, healthcare (US only) insurance, pharmaceuticals), in North America (US and Canada) and five European countries (France, Germany, Spain, the Netherlands and the UK).

[ii] https://library.e.abb.com/public/a046973f29f765b0c1257c210039f2fb/3ADR025047K0201.pdf  and http://beyondplm.com/2012/12/31/plm-2013-what-is-your-7-years-plan/

The post Confidential information at greatest risk in new businesses appeared first on IT SECURITY GURU.

from Confidential information at greatest risk in new businesses

Despite rise in breaches, companies still prioritising network and endpoint solutions over encryption

Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, issued in conjunction with analyst firm 451 Research. Sixty-eight percent of respondents have experienced a breach with 26 percent experiencing a breach in the last year – both numbers that rose from last year. Paradoxically, overall security spending is also up; in 2017 73 percent of organisations increased IT security spending – a marked jump from 2016 (58 percent).

Old Habits Die Hard

The report, which is in its fifth year, polled 1,100 senior IT security executives at large enterprises around the world and indicates an ongoing disconnect between the security solutions organisations spend money on and the ability of those solutions to protect sensitive data. While 30 percent of respondents classify their organisations as ‘very vulnerable’ or ‘extremely vulnerable’ to data attacks (and the number of breaches continues to rise) the two top spending priorities are network (62 percent) and endpoint (56 percent) protection solutions. Counterintuitively, spending on data-at-rest solutions (46 percent) comes last.

Garrett Bekker, senior analyst, information security at 451 Research and author of the report says:

“One possible explanation for this troubling state? Organisations keep spending on the same solutions that worked for them in the past but aren’t necessarily the most effective at stopping modern breaches. Data protection tactics need to evolve to match today’s threats. It stands to reason that if security strategies aren’t equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase.”

 Compliance the top driver for IT security spending

The reasons behind security spending decisions are varied, but the key driver remains constant: compliance. Almost half (44 percent) of respondents list meeting compliance requirements as their top spending priority, followed by best practices (38 percent) and protecting reputation/brand (36 percent). Fifty-nine percent also believe compliance is ‘very’ or ‘extremely’ effective at preventing data breaches. While compliance regulations provide a data security blueprint, they are by no means are the only consideration when building a security strategy robust enough to withstand today’s sophisticated attackers.

External and Internal Cyber Actors the top threat

As in years past, the 2017 Data Threat Report explored threat perceptions. All vertical industries polled identified cyber criminals as the top threat (44 percent), followed by hacktivists (17 percent), cyberterrorists (15 percent) and nation-states (12 percent). With respect to internal threats, 58 percent of respondents believe privileged users are the most dangerous insiders (a slight decrease from last year’s 63 percent). At 44 percent, executive management is seen as the second-most-risky insider, followed by ordinary employees (36 percent) and contractors (33 percent).

Securing Data from Future Threats: Promise or Peril?

In this age of the cloud and SaaS enterprise deployments, more and more enterprise data is being created, transported, processed and stored outside corporate network boundaries, making traditional perimeter-based security controls and legacy network and endpoint protection solutions increasingly less relevant. Other new, popular technologies also bring added security challenges. For example, nearly 40 percent of respondents are using Docker containers for production applications. At the same time, 47 percent cite security as the ‘top barrier’ to broader Docker container adoption.

Peter Galvin, vice president of strategy, Thales e-Security says:

“Enterprises today must inevitably confront an increasingly complicated threat landscape. Our world, which now includes the cloud, big data, the IoT and Docker, calls for robust IT security strategies that protect data in all its forms, at rest, in motion and in use. Businesses need to invest in privacy-by-design defense mechanisms – such as encryption – to protect valuable data and intellectual property and view security as a business enabler that facilitates digital initiatives and builds trust between partners and customers.”

To offset the data breach trend and take advantage of new technologies and innovations, organisations should, at a minimum, adhere to the following practices

  • Leverage encryption and access controls as a primary defense for data and consider an ‘encrypt everything’ strategy
  • Select data security platform offerings that address a variety of use cases and emphasise ease-of-use
  • Implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use.

The post Despite rise in breaches, companies still prioritising network and endpoint solutions over encryption appeared first on IT SECURITY GURU.

from Despite rise in breaches, companies still prioritising network and endpoint solutions over encryption

Tens of thousands of computers in San Diego infected with malware

At  least 53,172 PCs, laptops, tablets and smartphones in San Diego County contained malicious software last year, according to a survey conducted by Webroot, an Internet security company.

View full story

ORIGINAL SOURCE: San Diego Tribune

The post Tens of thousands of computers in San Diego infected with malware appeared first on IT SECURITY GURU.

from Tens of thousands of computers in San Diego infected with malware

Twitter botnet has cyber security implications, say reseachers

A researcher is urging the security community to consider the implications of massive botnets of fake Twitter accounts. Security researchers have reported further evidence of cyber attackers abusing legitimate tools after the discovery of networks of hundreds of thousands of fake accounts lying dormant on Twitter.

View full story

ORIGINAL SOURCE: Computer Weekly

The post Twitter botnet has cyber security implications, say reseachers appeared first on IT SECURITY GURU.

from Twitter botnet has cyber security implications, say reseachers

Security budgets shifting from prevention to detection

According to industry estimates, enterprises have historically spent more than 75% of their infosec technology budgets on preventative technologies. According to a new survey conducted by Anderson Research, the portion of security budgets targeted for detection solutions increased substantially over 2015.

View full story

ORIGINAL SOURCE: Help Net Security

The post Security budgets shifting from prevention to detection appeared first on IT SECURITY GURU.

from Security budgets shifting from prevention to detection

Google Promotes Chrome 56 to Stable with HTML5 by Default, 51 Security Fixes

Google promoted today its Chrome 56 web browser to the stable channel for all supported platforms, including GNU/Linux, macOS, and Microsoft Windows, which comes about 55 days after Chrome 55 was released.

View full story


The post Google Promotes Chrome 56 to Stable with HTML5 by Default, 51 Security Fixes appeared first on IT SECURITY GURU.

from Google Promotes Chrome 56 to Stable with HTML5 by Default, 51 Security Fixes

Patched Acrobat Reader heap overflow flaw could result in remote code execution

One of the vulnerabilities patched in Adobe Systems’ most recent software update was a flaw in the JPEG decoder and parser of Adobe Acrobat Reader, which could have been exploited to execute code remotely, Cisco’s Talos threat intelligence division.

View full story


The post Patched Acrobat Reader heap overflow flaw could result in remote code execution appeared first on IT SECURITY GURU.

from Patched Acrobat Reader heap overflow flaw could result in remote code execution

Wednesday, 25 January 2017

Survey finds a quarter of enterprises experienced a breach in the past year

Developed in conjunction with cybersecurity veteran Byron Acohido, DomainTools’ Cybersecurity Report Card surveyed more than 550 security analysts, IT managers, and executives, and revealed that the majority of organizations are struggling to monitor and prevent cyberattacks on their network. More than one in four organizations have been breached in the past 12 months, while shockingly 23 percent aren’t sure if they have been breached or not. When asked to grade their organization’s cybersecurity program, 43 percent gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”. While there isn’t a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.

“Given that the sophistication and frequency of cyberattacks are only expected to increase in the next year, any business that touches the internet – which is nearly all companies – is highly susceptible to a successful attack on their network,” said Acohido. “Based on the data from DomainTools new global survey, we know that companies are aware of the cyber dangers and are doing what they can to protect their networks, but knowing is only half the battle. As we have seen from the ‘A’ grade companies, organizations must move beyond human-intensive processes and disparate systems in order to more effectively mitigate potential risk.”


One-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients of attempted cyberextortion, also known as ransomware, which cost businesses more than $1 billion in 2016.

Of the 15 percent of companies that gave themselves an “A” grade, the vast majority (82 percent) boast a formalized training program for security staff, virtually all (99 percent) utilize some degree or a high level of automation within their security programs, and 78 percent use threat intelligence to follow up on forensic clues of an attack to protect the company. These attributes compare starkly to lower-graded companies. For example, only 37 percent of the “C” companies and none of the “F” companies have a formalized training program, 63 percent of “D” companies use manual processes and are more likely to think they do not need automated processes. What’s more, when asked if they have experienced a network breach in the past 12 months, only 15 percent of “A” companies have, compared to 27 percent of “C” companies, 38 percent of “D” companies, and 63 percent of “F” companies. In addition to more budget (50 percent) and more staff (49 percent), 42 percent of companies that did not grade themselves an “A” said that they need more time to evaluate and install technologies in order to be successful.

The overwhelming number of ways to attack a network naturally begets the need for a variety of protections. Almost all companies use more than one cybersecurity system, including firewalls (63 percent), anti-phishing or other messaging security software (57 percent), Security Information and Event Management (SIEM) systems (52 percent), and threat intelligence platforms (42 percent). More than one quarter (26 percent) spend 26 hours or more per week hunting threats in the network, and the vast majority (78 percent) find value in threat hunting – specifically in drilling down on forensic clues from phishing emails, such as domain name, IP address, or email address, and disclose that it leads to information that makes the organization more secure. Interestingly, “A” and “B” companies were more likely to follow up on clues and evidence compared to ”D” and “F” companies.

“With devious hackers leveraging various tactics and threat vectors, it’s clear there is no one-size-fits-all approach to protecting the network,” said Tim Helming, director of product management at DomainTools. “What’s interesting about our new global survey data is to see the actual connection between hunting threats and secure networks, as the “A” companies that are more likely to drill down on forensic clues were less likely to be breached compared to the other companies, pointing to some of the necessary components of a more secure network.”

The post Survey finds a quarter of enterprises experienced a breach in the past year appeared first on IT SECURITY GURU.

from Survey finds a quarter of enterprises experienced a breach in the past year