Tuesday, 28 February 2017

CloudPets data breach – industry reaction

CloudPets, a company which makes internet connected toys for children, has suffered a data breach exposing voice recordings between family members as well as sensitive account information.

The Guru reached out to security experts for their reaction on the news.

David Kennerley, Director of Threat Research at Webroot:

“The CloudPets breach is just another in a long list of poorly secured internet-connected devices, although in this case sensitive information was barely secured at all. Aside from the sheer creepiness of hacking a children’s toy, this type of sensitive information can be used by cyber criminals to access a user’s more high-value accounts. The ease with which an attacker can access users’ details including passwords can give them a starting point for accessing other accounts, and sensitive family information can be used to guess passwords and secret questions.

“At the moment we are seeing a number of attacks focused on extortion, with attackers brute-forcing platforms like MongoDB and MySQL. Users are “setting and forgetting” these protocols, tools and software, so we are likely to see more cases hit the news going forward. Companies must ensure that they are securing their devices and the information they collect properly. The CloudPets situation is a prime example of connected device manufacturers being grossly negligent towards the security of their products. In addition, users must be educated on the potential for these devices to generate and store sensitive data, as well as how to use good security practices to ensure their information is safe.”

Richard Brown, Director EMEA Channels & Alliances at Arbor Networks:

“The fact that two million voice recordings of children and their families were exposed online and held to ransom due to an insecure MongoDB installation, highlights just how attractive IoT devices are to attackers because so many are shipped with insecure defaults. A large proportion of embedded systems are rarely if ever updated in order to patch against security vulnerabilities. There are tens of millions of vulnerable IoT devices, and their numbers are growing daily.

“To combat these types of attacks, the solution is twofold. Firstly, users should look to protect their own connected devices, by isolating IoT devices from other services and the internet if they aren’t required. From a business perspective, security teams should implement best practices for ingress filtering to ensure product updates are legitimate from the network. Organisations should also isolate management traffic from data traffic, harden devices and shut down unneeded services, and understand traffic patterns and know what normal traffic looks like.”

John Madelin, CEO at RelianceACSN:

“The security of IoT devices is a growing concern in the industry, but connected toys that are easily accessible by hackers are sinister. The CloudPets issue highlights the fact that manufacturers of connected devices really struggle to bake security in from the start. The 2.2 million voice recordings were stored online, but not securely, along with email addresses and “easily guessable” passwords of 800,000 users, this is unforgivable. It’s clear that Spiral Toys hasn’t put basic security measures in place to protect its customers’ data. Knowing what critical information your organisation holds and why it’s of value to potential hackers, then ensuring that it’s stored securely is a crucial part of security management for any organisation.”

David Navin, Corporate Security Specialist at Smoothwall: 

“The idea of an innocent household teddy bear sharing voice recordings, e-mail addresses and passwords of its users may sound like an elaborate plot from a budget Hollywood film, but is in fact a reality faced by over 800,000 accounts linked to the bear. As the IoT becomes increasingly prevalent in the home, ensuring data is stored safely and securely must be an absolute priority. Parents should feel comforted in knowing that the toys their children play with are secure and private, without having to worry about their personal information attached to that device could be hacked and potentially exploited.

“The news that the database where all information gathered by the teddy bear was public and not protected by a password or firewall is somewhat baffling; the fact that the customer data was accessed many times from a whole host of sources goes to show how vulnerable and attractive a company is without the proper security measures in place. Every company must therefore build a layered security defence which spans encryption, firewalls, web filtering and ongoing threat monitoring to counteract threat actors attempting to steal information.”

Bryce Boland, Chief Technology Officer for Asia Pacific at FireEye:

“This is case of a company bringing a connected toy to the market without taking the most basic steps to protect the information of children or their parents. They are using an unauthenticated database and have audio recordings and images publicly accessible. There’s little excuse for this.

It’s not an isolated incident. This isn’t the first case of a toy manufacturers failing to protect their customers’ information and it likely won’t be the last. The fact is, a baby’s crib is required to meet more rigorous safety standards and testing than connected devices like baby monitors or connected toys.

Companies need to bake security into the design of their products. Security can’t be an afterthought. Connected devices like these need to be designed assuming hackers will try to compromise them. They should be designed so that even if they are compromised and information is stolen, it is useless to the attacker.

As the number of connected devices in our lives grows, we are becoming more vulnerable to devices with weak security. This is frustrating for consumers because they don’t have good visibility into these threats or vulnerabilities. Consumers need to be aware that there will always be potential attack vectors in products connect to the internet, and if there’s no evidence from the company they’ve taken steps to secure information, they probably haven’t. In fact, even in cases where companies claim to have taken steps, we sometimes see they haven’t adequately addressed threats.

Things will probably get worse before they get better. It’s a safe bet that attackers will continue to move faster than manufacturers. In fact, this case could’ve been worse. Imagine attackers using the toys as Trojan horses to encrypt files on the home network and then demand a ransomware.

I’m not typically a fan of regulation, but governments need to shift security from an economic externality to a cost of doing business. Until that happens, these events will continue to be common.”

Paul Calatayud, CTO at FireMon:

“As I like to call IoT, the IOMT as in internet of malicious things, news of the teddy bear leak hit on two main issues: 1) the growing use of open source databases, and 2) putting devices on the internet.

MongoDB is becoming a common technology for use in e-commerce due to its flexibility and price (free). Like most things that are free, there are hidden costs in the form of no security confirmations or common security models. This results in what I call security regression, where the best practices become quickly forgotten in the rush to slap an application on the internet. Combine this with devices that are exposed to the internet you have a combination for a hackers paradise.

Consumers needs to be aware that it takes a lot of energy and investments to properly secure their information. If you have a sense the company may not be up to the task, you may want to think twice about what information you are sharing with them.”

Ben Herzberg, security research group manager at Imperva Incapsula:

“Let’s start with the good: Using a slow-to-crack algorithm (bCrypt) was a good choice, and probably prevented additional damage.

With the great increase of IoT devices (from teddy bears like the ones connecting with the CloudPets to medical devices monitoring patients to connected refrigerators), our race for innovation brings a lot of cool stuff to life in a very short time, and this will continue in the next years, as there is a potential to revolutionise the way we’re living.

However, we’ve seen a lot of security glitches from these IoT companies, and they need to understand that Information Security is not a “good-to-have”. We’ve seen 100,000’s of such devices used in Denial of Service attacks, taking down huge organisations. We’re seeing those devices being used in other malicious activities like probing websites for vulnerabilities and attempting to take over accounts.

In conclusion – every company that’s selling devices that connects to the internet must know that in that moment they become a target, and will probably not have a lot of grace time before they start getting attacked.”

The post CloudPets data breach – industry reaction appeared first on IT SECURITY GURU.

from CloudPets data breach – industry reaction

Safeguarding Service Providers from the Evolving Threat Landscape

As service providers fortify infrastructure for the transition to 5G and to better defend against the increasingly menacing threat landscape, you need to ensure your networks and services are not only secure today, but well into the future.

And it must be done while you continue to add new services to draw new customers and grow revenue.

It’s a perfect storm and presents the opportunity to break away from the competition and lead the pack.

Introducing Thunder CFW Gi/SGi

At Mobile World Congress today A10 Networks lifted the curtain on the A10 Thunder CFW Gi/SGi Firewall, which gives service providers enough throughput to support 268 million concurrent connections and more than 6 million connections per second, all in a compact single rack-unit appliance.

The Thunder CFW Gi/SGi Firewall features Gi/SGi interface protection that safeguards subscribers while shielding mobile core infrastructure from multi-vector cyber attacks so services can be delivered uninterrupted.

It’s a stateful layer 4 firewall that also defends against multi-vector volumetric attacks with layer 4 and layer 7 DDoS protection and protocol anomaly protection. It also features integrated IPsec VPN and traffic inspection.

It empowers you to consolidate security and application networking into one high-performance solution so you can better monetise your network and introduce new revenue streams and services.

The Thunder CFW Gi/SGi Firewall packs enough protection to ease the transitions to 5G and IPv6 while supporting broad scale deployment of network functions virtualisation (NFV), software defined networking (SDN) technologies and the explosion of connected devices.

Integrated DDoS Defense

The Thunder CFW Gi/SGi Firewall is the industry’s first Gi firewall with integrated protection from distributed denial of service (DDoS) attacks, which gives you an additional weapon in your security arsenal to protect your network and services from potentially catastrophic DDoS attacks.

Having DDoS protection integrated into the Thunder CFW Gi/SGi Firewall ensures neither you nor your customers will suffer service disruption caused by a DDoS attack.

Prepare for 5G

The Thunder CFW Gi/SGi Firewall primes you for the imminent transition from 4G to 5G, which will put a new spin on wireless by providing connectivity for more machines and devices.  5G is poised to spark a dramatic increase in connected Internet of Things (IoT) devices.

That means the amount of network traffic generated by IoT devices will reach unprecedented levels, adding new risks and an attractive attack vector for threat actors. Attackers recently leveraged IoT devices to carry out some of the largest DDoS attacks on record, including the attacks against Krebsonsecurity.com and OVH.

The Thunder CFW Gi/SGi Firewall was specifically designed to protect you from the threats posed by the rise of IoT devices and 5G data services.

The Transition to IPv6 

And the Thunder CFW Gi/SGi Firewall goes one step further. It’s designed to aid in the transition from IPv4 to IPv6 so you can maintain growth and business continuity while meeting current and future traffic requirements.
The appliance features integrated Carrier Grade NAT (CGNAT) which delivers IPv4 preservation and IPv6 transition technologies to address the looming shortage of IPv4 addresses and ensure a smooth transition to IPv6.

Peace of Mind 

The security landscape is evolving. As a service provider, you need a robust firewall solution that ensures you and your customers are protected against modern threats and attacks. Yet, you can’t sacrifice performance for security. With the A10 Thunder CFW Gi/SGi Firewall, you get the security of a carrier-grade firewall coupled with built-in DDoS protection along with a transition path to future-proof your networks for next generation technologies.

With the Thunder CFW Gi/SGI Firewall, you get peace of mind.

The post Safeguarding Service Providers from the Evolving Threat Landscape appeared first on IT SECURITY GURU.

from Safeguarding Service Providers from the Evolving Threat Landscape

IoT Heading for Mass Adoption by 2019 Driven by Better-than-Expected Business Results

A new global study The Internet of Things: Today and Tomorrow published by Aruba, a Hewlett Packard Enterprise company (NYSE: HPE), reveals that IoT will soon be widespread as 85% of businesses plan to implement IoT by 2019, driven by a need for innovation and business efficiency. While the analysis confirms the clear business benefits from investments in IoT, Aruba’s report cautions that connecting thousands of things to existing business networks has already resulted in security breaches for the majority of organizations.

The research questioned 3,100 IT and business decision makers across 20 countries to evaluate the current state of IoT and its impact across different industries. The study shows that while virtually all business leaders (98%) have an understanding of IoT, many are unclear of the exact definition of IoT and what it means for their business.

In his new eBook Making Sense of IoT’, commissioned by Aruba, technology visionary Kevin Ashton—who coined the term ‘Internet of Things’— presents the following definition:

The ‘Internet of Things’ means sensors connected to the Internet and behaving in an Internet-like way by making open, ad hoc connections, sharing data freely and allowing unexpected applications, so computers can understand the world around them and become humanity’s nervous system.”

The Expectations Dividend

When examining the business benefits of IoT, Ashton discovered that the real-world benefits gained from IoT exceeded even the original expectations. This ‘expectations dividend’ is evident in two key performance areas: business efficiency and profitability.

As an example, only 16% of business leaders projected a large profit gain from their IoT investment, yet post-adoption, 32% of executives realized profit increases. Similarly, only 29% of executives expected their IoT strategies to result in business efficiency improvements, whereas actual results show that 46% experienced efficiency gains.

Chris Kozup, vice president of marketing at Aruba, comments: “With the business benefits of IoT surpassing expectations, it’s no surprise that the business world will move towards mass adoption by 2019. But with many executives unsure of how to apply IoT to their business, those who succeed in implementing IoT are well positioned to gain a competitive advantage.” 

How Global Organizations are Using IoT

Aruba’s research reveals varying levels of IoT maturity across different industry sectors. The following five vertical industries are leaders in their adoption of IoT and have realized tangible business benefits from a focused, use case approach to adoption.

Enterprises create a smart workplace for productivity and efficiency:

•       Over seven in ten (72%) enterprises have introduced IoT devices into the workplace. Indoor location-based services ranks as the second most promising use case to improve employee productivity, after remote monitoring. Twenty percent report remote operation of building lighting and temperature as a key use case, but that number more than doubles to 53% when asked about future IoT implementations.

•       Looking at the tangible results being realized today, 78% say the introduction of IoT in the workplace has improved the effectiveness of their IT team, and 75% find it has increased profitability.

The industrial sector increases business efficiency and visibility through IoT-enabled monitoring and maintenance:

•       More than six in ten (62%) respondents in the industrial sector have already implemented IoT. Using IoT to monitor and maintain essential industrial functions was identified as the most impactful use case in the sector. Today, the use of IP-based surveillance cameras for physical security within industrial organizations is still in its infancy, with only 6% having implemented it. However, when asked about future implementations, surveillance jumped five-fold to 32%.

•       Across the sector, 83% report increased business efficiency and another 80% have found improved visibility across the organization.

Healthcare introduces IoT to improve patient monitoring, reduce cost and foster innovation:

•       Coming in as the third most advanced in its implementation of IoT, 60% of healthcare organisations globally have introduced IoT devices into their facilities.

•       Across the sector, 42% of executives rank monitoring and maintenance as the number one use of IoT—higher than all other sectors. This underscores the importance of IoT-enabled patient monitoring in the modern healthcare industry.

•       Eight in ten report an increase in innovation and another 73% report cost savings.

Retailers engage with customers and boost sales using indoor location technology:

•       Just 49% of retailers are using IoT technology, but 81% of these report improved customer experiences. An improved customer experience is likely to have a significant impact on customer loyalty and ultimately, revenue.

•       In-store location services delivering personalized offers and product information to shoppers was touted as the number one implementation for IoT, alongside monitoring and maintenance. Four in ten retailers ranked surveillance in their top three key use cases.

Governments lag in IoT adoption, struggle with legacy technology but still reduce costs:

•       The slowest sector to adopt IoT, only 42% of municipalities have deployed IoT devices and sensors. A third (35%) of IT decision makers claim their executives have little to no understanding of IoT, double the global average, suggesting that lack of education is the biggest barrier to mass adoption in this sector.

•       While nearly half (49%) of government IT departments are struggling with legacy technology, seven in ten IoT adopters in the public sector report cost savings and improved organisational visibility as the major benefits.

The Data Context and Security Challenge 

Alongside these positive returns, the study also uncovers a number of obstacles that IT leaders feel are preventing IoT from delivering greater business impact. In particular, the cost of implementation (50%), maintenance (44%) and integration of legacy technology (43%) were highlighted as key issues.

Most notably, security flaws were found across many IoT deployments. The study found that 84% of organisations have experienced an IoT-related security breach. More than half of respondents declared that external attacks are a key barrier to embracing and adopting an IoT strategy. This confirms that a holistic IoT security strategy, built on strong network access control and policy management, will not only protect enterprises but also simplify the security approach for IT.

The ability to capture and effectively use data is described by Kevin Ashton as “what defines the Internet of Things”, but this appears to be another clear challenge for global organizations. While nearly all (98%) of organisations that have adopted IoT claim that they can analyse data, almost all respondents (97%) feel there are challenges to creating value from this data. Well over a third (39%) of businesses are not extracting or analysing data within corporate networks, and are thereby missing out on insights that could improve business decisions.

Kozup comments, “While IoT grows in deployment, scale and complexity, proper security methodologies to protect the network and devices, and more importantly, the data and insights they extract, must also keep pace. If businesses do not take immediate steps to gain visibility and profile the IoT activities within their offices, they run the risk of exposure to potentially malicious activities. Aruba is enabling customers to rapidly assess IoT deployments within their facilities and determine any potential threats that may be present.”

Ashton concludes: “Since its inception in 1999, the Internet of Things has been ridiculed, criticized, and misunderstood. And yet here we are, less than two decades later, in a world where tens of thousands of organizations are saving and making hundreds of millions of dollars from the Internet of Things, using cars that drive themselves, subway stations that sense passengers, algorithms that diagnose deadly diseases using phones, and many other once apparently-impossible technologies. The future promises far more amazing things. The most important decision you can make now is how to be a part of it.”

The post IoT Heading for Mass Adoption by 2019 Driven by Better-than-Expected Business Results appeared first on IT SECURITY GURU.

from IoT Heading for Mass Adoption by 2019 Driven by Better-than-Expected Business Results

Collective action will help reduce the rising malvertising security threat

Ad agencies, search engines and cybersecurity specialists should work collectively to tackle the security threat from rising malvertising. Ben Williams, Head of Operations and Communications at Adblock Plus, argues that without this, more users will be exposed to potential security compromises such as malware and phishing, and push further adoption of adblockers as a solution to these threats.

According to a report from digital threat management firm Risk IQ, in 2016, total malvertising rose at an unprecedented 132% since 2015. Some of the most notorious ads in the previous year included fake software at 70%, scams at 845%, and redirects to phishing pages at 1,978%. With eMarketer reporting a 7.2% growth in digital advertising in 2016 to $550.51bn, the increase in online ads, could also potentially increase the chances of users suffering a form of malvertising.

Ben said: “While it’s positive to see digital ad spend increasing, if rising malvertising is a by-product, then it’s going to be detrimental for both users and the industry. The results coming from the Risk IQ report also seem to suggest a delayed response from advertising parties in tackling the issue, especially as the problem extends past websites, and directly onto users. If users are not protected, we’re going to see more people looking for ways to mitigate their security, which will naturally include anti-malware software and adblockers.”

Malvertising has been a growing problem, with third-party ad networks often responsible for embedding attacks in legitimate websites. Ben continued: “No victim of this was larger, and no example more ironic, than Forbes, who in early 2016 told their readers they would have to disable their adblockers to gain entry to Forbes.com – then served malware through some infected ads. Woops? Well, of course, but as a side note let’s not blame them here, because malvertising seems ever to be full of victims; you rarely see its authors – but, increasingly, users know they’re there and know how to keep them off their devices.”

In fact, Adblock Plus research conducted with HubSpot in 2016, found that nearly two-fifths (39%) of respondents were using adblockers to address security concerns, while another 32% were concerned about privacy. PageFair’s latest adblocking report also discovered that ad blocking usage soared 30% in 2016, with security cited as the number one reason for people using an ad blocker (30%).

Speaking about the growth of adblocking in response to security concerns, Ben explained: “It’s clear that a real concern exists amongst users and if the proper defences are not in place then this will only escalate. Adblockers are a legitimate way to gain back control, but users are fighting against a sea of publishers installing adblocker-blockades, which are in fact hindering the user experience and increasing the chance of an infection.

Ben concluded: “Malvertising is something that simply won’t go away overnight. The trouble is, it’s very difficult to eradicate completely, even for the best ad networks in the world. For practitioners of malware it offers a massive return on investment meaning more forms of malvertising, while on the other end of the spectrum, ads provide the monetary support for smaller and independent websites to remain live and active. If global ad spend is set to increase then there needs to be a sustainable effort made to keep users safe, but also provide relevant content. At the same time, the worrying surge in malware may serve as the stark call-to-action needed for the industry to come together and adopt new measures to tackle against this security threat.”

The post Collective action will help reduce the rising malvertising security threat appeared first on IT SECURITY GURU.

from Collective action will help reduce the rising malvertising security threat

NHS data loss: 500 patients may have suffered serious harm

Five hundred patients may have suffered serious harm as a result of the NHS mislaying 500,000 test results and letters over a five-year period, ministers and officials have admitted in parliament. The review is also understood to be looking at whether correspondence between GPs and hospitals that was mislaid between 2011 and 2016 caused or contributed to the death of any patients, sources added.

View full story


The post NHS data loss: 500 patients may have suffered serious harm appeared first on IT SECURITY GURU.

from NHS data loss: 500 patients may have suffered serious harm

Smart teddy bears involved in a contentious data breach

If you own a stuffed animal from CloudPets, then you better change your password to the product. The toys — which can receive and send voice messages from children and parents — have been involved in a data breach dealing with more than 800,000 user accounts. The breach, which grabbed headlines on Monday, is drawing concerns from security researchers because it may have given hackers access to voice recordings from the toy’s customers. But the company behind the products, Spiral Toys, is denying that any customers were hacked.

View full story


The post Smart teddy bears involved in a contentious data breach appeared first on IT SECURITY GURU.

from Smart teddy bears involved in a contentious data breach

The real cost of ransomware: Attacks take most victims offline for at least a week

It only takes seconds for ransomware to block access to an entire network, but the vast majority of businesses remain locked out of crucial files and systems for a week or more, with the impact causing severe financial and reputational damage. Data gathered from over a thousand businesses which have been victims of ransomware within the last year suggests that 85 percent of those infected by the malicious file encrypting software had their systems forced offline for at least a week, while a third of cases resulted in data being inaccessible for a month or more.

View full story


The post The real cost of ransomware: Attacks take most victims offline for at least a week appeared first on IT SECURITY GURU.

from The real cost of ransomware: Attacks take most victims offline for at least a week

Mindef Internet system hacked, personal data of 850 personnel stolen

A breach in the Ministry of Defence’s (Mindef) Internet access system for servicemen and employees earlier this month led to personal data, comprising NRIC numbers, telephone numbers, and dates of births, of around 850 servicemen and employees being stolen. No classified military information was stored on the hacked system. The attack “appeared to be targeted and carefully planned”, said Mindef deputy secretary (technology) David Koh on Tuesday (Feb 28). The ministry added that the real purpose may have been to gain access to official secrets. But it was prevented from doing so by the physical separation of the hacked system from Mindef’s other internal systems.

View full story


The post Mindef Internet system hacked, personal data of 850 personnel stolen appeared first on IT SECURITY GURU.

from Mindef Internet system hacked, personal data of 850 personnel stolen

Government-backed malware campaign targets South Korean public sector

A sophisticated and likely government-backed malware campaign has targeted the public sector in South Korea. Attacks on these individuals could be an attempt to gain a foothold into assets that can be deemed extremely valuable. Cisco Talos discovered the campaign was active between November 2016 and January 2017, targeting a limited number of people. The malicious document in question, which is written in Korean, is a Hangul Word Processor (HWP), a popular alternative to Microsoft Office in South Korea.

View full story


The post Government-backed malware campaign targets South Korean public sector appeared first on IT SECURITY GURU.

from Government-backed malware campaign targets South Korean public sector

Monday, 27 February 2017

Majority of global healthcare enterprises using cloud, big data and IoT without securing sensitive data

Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, Healthcare Edition, issued in conjunction with analyst firm 451 Research. The fifth annual report indicates global healthcare IT professionals are confronting a rapidly changing, challenging landscape, with 66% of respondents experiencing a data breach and 88% feeling vulnerable as a result. In response, 73% are increasing IT security spending to offset threats to data. 

Out with the Old, In with the New?

While healthcare records have always been a desirable commodity on the black market, technological changes have further complicated its storage and protection. Despite the risks that come from increased access points, 65% of global healthcare respondents report their organisations are deploying to cloud, big data, and IoT environments without adequate data security controls. The global healthcare industry is also adopting some of these technologies for sensitive data use wholesale, with 51% of global healthcare respondents deploying sensitive data to SaaS and IaaS environments, 36% to big data environments and 34% to IoT environments.

Despite the changing face of healthcare data deployments, many organisations remain stubbornly focused on network and endpoint security. Fifty-three percent of global healthcare respondents are spending the most on network security, followed by endpoint security at 51%. Additionally, 67% of global healthcare respondents perceive network security as highly effective at stopping data breaches, followed closely by endpoint security (66%). While network and endpoint technologies are a required element of an organisation’s IT security stance, they are increasingly less effective at keeping external attacks at bay, and in securing cloud, big data, IoT and container deployments – which result in data being distributed, processed and stored outside corporate network boundaries.

Perceived Data Protection Barriers – and Threats

In response to questions about why they are not implementing more effective data security controls, 43% of global healthcare respondents cited ‘lack of staff’, followed by ‘perception of complexity’ (37%) and ‘lack of organisational buy-in’ (also 37%). Further exacerbating these barriers are internal and external threats. At 63%, privileged users top the list of internal threats. Executives are second at 51%, followed by external service providers with internal account access (29%). When it comes to external threats, cyber-criminals are considered the greatest challenge by 47%, with hacktivists a distant second (16%) and competitors in third (13%).

Encryption Playing Larger Role in Healthcare Data Protection

Across the board, encryption is the technology of choice when it comes to protecting sensitive data residing within cloud, IoT and container environments. Fifty-eight percent of global healthcare respondents opt to encrypt data in the public cloud, with the survey yielding similar numbers for IoT data (58%) and container data (60%). Data sovereignty, a hot topic in light of concerns about new privacy regulations and government snooping, is also spurring encryption adoption. The technology is the clear choice for satisfying local data privacy laws such as the EU’s General Data Protection Regulation (GDPR) by 66% of global healthcare respondents. Also notable are the 33% searching for local data locations or cloud providers to meet data residency needs.

Peter Galvin, VP of strategy, Thales e-Security says:

“Globally, healthcare companies are under pressure. The use of advanced technologies is increasingly impacting security decision-making, as our data privacy and residency requirements. For healthcare data to remain safe from cyber exploitation, security strategies need to move beyond laptops and desktops to encompass an ‘encrypt everything’ approach that best suits a world of internet-connected heart-rate monitors, implantable defibrillators and insulin pumps. Adhering to the security status quo will create vulnerabilities that lead to breaches, and further erode customer trust.” 

Healthcare organisations interested in improving their overall security postures should strongly consider:

  • Deploying security tool sets that offer services-based deployments, platforms and automation
  • Discovering and classifying the location of sensitive data, particularly within IoT and container environments
  • Leveraging encryption and “Bring Your Own Key” (BYOK) technologies for the cloud and other advanced environments

Please download a copy of the new 2017 Thales Healthcare Data Threat Report for more detailed security best practices.

The post Majority of global healthcare enterprises using cloud, big data and IoT without securing sensitive data appeared first on IT SECURITY GURU.

from Majority of global healthcare enterprises using cloud, big data and IoT without securing sensitive data

New cybersecurity certification first to address behavioural analytics

To combat the increasing risk of cyber-attacks, CompTIA, the world’s leading information technology (IT) association, today unveiled a ground-breaking, vendor-neutral certification, CompTIA Cybersecurity Analyst (CSA+). It is the first of its kind to bring behavioural analytics to the forefront cyber threat detection, rather than focusing solely on the technical aspects of the sector.

In recent years, hackers have learnt to evade detection from traditional systems such as firewalls, with increasingly sophisticated attacks such as Advanced Persistent Threats. This has led to a need for an analytics based approach – one which can identify anomalies, spikes, positives and false positives in network traffic which could be symptoms of an underlying cyber-attack. The certification is the first of its kind to ensure that cybersecurity workers are able to take a data-driven approach and bolster their companies’ cyber defences.

Some of the highest profile cyber-attacks in recent times, such as the Mirai botnet DDoS attack in 2016, which took down the servers behind popular sites such as Twitter and Reddit, are unable to be stopped by traditional methods. They require a more analytical approach to detection and prevention, and the ability for security teams to interpret vulnerabilities where they might not be immediately obvious.

The demand for cybersecurity analysts is strong. Recent research from Tech Partnership found that security analyst roles are one of five occupational groups in the cyber workforce that make up three quarters of all jobs posted in the industry.

An economic and societal imperative 

Graham Hunter, VP Certifications, Europe and Middle East at CompTIA, said: “We are starting to see technological developments such as the Internet of Things come to the forefront of the business and social landscape. As these technologies continue to grow and develop, so too does the threats to networks and devices, as hackers find new avenues to attack and access personal information.

“To combat these new threats, it’s vital that we are training the next generation of IT and security professionals on how to keep the public and organisations secure. CSA+ certification provides the platform that IT professionals need for learning and developing new skills — so that they have all the critical information and tools to keep up with emerging technologies.”

“By placing greater emphasis on data analytics, we get a real-time, holistic view of the behaviour of the network, its users and their devices to identify potential vulnerabilities and strengthen them before an intrusion happens,” explained CompTIA’s Senior Director for Products Dr. James Stanger.

“Armed with this information, cybersecurity professionals can more precisely identify potential risks and vulnerabilities so that resources can be allocated where they’re most needed.”

“Data analytics is key,” states Jim Lucari, Senior Manager of Certification at HP Enterprise. “Everybody in technology should have this CSA+.  It should be mandatory if you’re going to stay in IT over the coming decade.”


The post New cybersecurity certification first to address behavioural analytics appeared first on IT SECURITY GURU.

from New cybersecurity certification first to address behavioural analytics

ESET researchers uncover new Android banking botnet

Android banking botnet malware based on publicly available source code has been discovered on Google Play. Weak security of the C&C server allowed ESET to analyse the botnet. 

In their investigation of the botnet-forming Android banking malware, discovered on Google Play, ESET researchers discovered that both the Android Trojans and the C&C server were built using source code that was made public in December, 2016.

Android users were exposed to malware, disguised as weather forecasting apps, capable of stealing banking credentials and locking the screens of infected devices’. Two versions of the botnet-forming Trojan made it onto Google Play. Each had a lifetime of several days and together achieved thousands of downloads before being detected by ESET and taken down by the Google security team in mid-February.

A thorough investigation by ESET analysts revealed that these banking Trojans are modified versions of a source code made available online. Allegedly written from scratch, the “template” code of the binary, along with the code of the command and control server, which includes a web control panel, have been available on Russian forums since late December 2016.

“On top of the source code being available to virtually anyone, the C&C server itself has also been left accessible to whomever has the URL, without requiring any credentials,” says ESET Malware researcher Lukas Stefanko.

Analysis of the C&C server, which has been active since February 2, 2017, has revealed a list of victims. By February 23, when the C&C server was taken down by the hosting company based on ESET’s notice, the botnet contained 2,810 victims from 48 countries, but fortunately Ireland was not among them.

The fact that the source code of another example of Android banking malware has been made available online may lead to its proliferation, according to ESET security experts. “With tools for creating Android banking malware now accessible more easily and for free, Android users should take even more care about prevention,” recommends Lukas Stefanko.

You can read the full story on ESET Ireland’s Official Blog.

The post ESET researchers uncover new Android banking botnet appeared first on IT SECURITY GURU.

from ESET researchers uncover new Android banking botnet

Could you hack into a car? If so, a cyber security career awaits!

This weekend, Protection Group International (PGI) and Cyber Security Challenge UK, pitted 30 of the UK’s best cyber security amateurs against each other in an ultra-realistic simulated cyber-attack on an automotive company, all in a bid to find the country’s best cyber talent. In a role known as ‘red teaming’, candidates were tasked to infiltrate Internet-connected GPS tracking devices to find critical vulnerabilities that hackers could exploit, and protect the Internet of Things (IoT) based system from future attack. The trackers were to be installed on a range of prestige vehicles offered by the fictional company, dubbed ‘Premiere Vehicles Limited’.

The competition was the first face-to-face semi-final round of the UK Cabinet Office-backed Cyber Security Challenge UK’s 2017 programme of competitions. Its mission is to find and deliver more cyber security talent into the sector and work towards plugging the industry’s skills gap. With a recent report by (ISC)2 predicting the shortfall of skilled cyber workers to reach 1.8 million globally by 2022, it’s critical to act now.

The competition was designed to reflect scenarios and vulnerabilities that professionals face in real-life and mirrored 2016’s most notorious DDoS cyber-attack, in which thousands of IoT devices were hijacked and used as a botnet army to bring down the servers behind popular websites such as Reddit and Twitter. Candidates took advantage of some of the vulnerabilities that led to that attack (exploiting hard-coded credentials) in the IoT-based tracking devices.

Candidates were tested on their ability to ethically break into devices, and use these as entry points into the company’s network. As they progressed through the competition, their skills in network analysis, digital forensics and brute force attacks were assessed by industry experts; proficiencies that are in great demand by the cyber security industry today. The scenario tasked the contestants to think like attackers in order to successfully defend the organisation from future attacks. It is important to know how your enemy operates so that you can block their attacks; but at every stage the candidates were asked to justify their actions against ethical guidelines to ensure safe and legal practice.

Defending an organisation involves digital skills, but also requires innovative thinking, coordination and teamwork so candidates were also tasked with lock-picking challenges, combining clandestine techniques in both physical and digital environments, to break into an organisation’s networks. Successful candidates were able to use the GPS devices as entry point to subvert the internal systems of Premiere Vehicles Limited and gate-crash a VIP launch event in which PVL unveiled its new fleet of cars. The winners were rewarded with a test drive in Audi’s new RS Q3, which was supplied for the event by Audi Tetbury.

The winning team was team ‘Turing’ who displayed the best overall technical ability according to PGI’s assessors. The team consisted of 17-year-old James Nock, Michael Senior, Dennis Jackson, Andrew Walsh and Kieran Amrane-Rendall.

The ten that will go through to Masterclass in November are Edward Godfrey, Thomas Spoor, James Nock, Oliver O’Brien, Dennis Jackson, William Seymour, William Hutcheson, Steven Woodhall, William Ashton and George.

The competition was closely monitored by PGI’s security team and a host of industry specialists, who judged the candidates on how well they performed tasks in-line with industry best practice. This allowed candidates to show off their abilities in front of prospective employers and qualify for the Challenge’s grand finale Masterclass competition which will see the best candidates compete to be the UK’s 2017 cyber security grand champion.

Since the Cyber Security Challenge UK launched its competitions in 2010, over half the candidates from the Face-to-Face and Masterclass competitions have been hired directly into cyber security roles, demonstrating the effectiveness of these competitions. By comprehensively testing candidates’ abilities across a number of disciplines that are highly sought after by employers today, the Challenge’s sponsors have access to talent that would otherwise remain hidden.

Stephanie Daman, CEO at Cyber Security Challenge UK said: “The pace of technological change that our society is undergoing creates an even greater demand for a wide range of cyber security skills. PGI’s Face-to-Face competition reflects this change and illustrates the latest skills that professional organisations require such as knowledge of connected devices and ethical hacking abilities. These competitions can only take place with the support of our sponsor community, all of which are looking to hire the most outstanding talent. Five of today’s 30 candidates are under 18, showing that there is some great talent at the younger ages. These competitions are crucial for providing an outlet for their skills and demonstrating that cyber security is a great career for them.”

Ian Lyte, Senior Security Consultant at Protection Group International said: “The competition reflects the breakneck pace of technological progression in our society and how it has created new and unpredictable vectors of attack, which cyber criminals are quickly taking advantage of. We specialise in protecting organisations from online attacks and as such, we need highly-skilled people who can face the latest threats. These competitions allow us to unearth, recruit and train the UK’s most talented individuals in a way that would not otherwise be possible.”

The post Could you hack into a car? If so, a cyber security career awaits! appeared first on IT SECURITY GURU.

from Could you hack into a car? If so, a cyber security career awaits!

Russian cyber experts’ treason charges related to 7-year-old allegations of data sharing with US

The treason charges that were brought against of a top cybersecurity expert from Kaspersky Laband two Russian state security officers in December is reportedly linked to allegations made in 2010 by a Russian businessman Pavel Vrublevsky. According to sources familiar with the matter and Vrublevsky, who is the founder of an online payments firm ChronoPay, the arrests of Kaspersky Lab heads of incidents investigation team Ruslan Stoyanov and Russian Federal Security Service (FSB) officials Sergei Mikhailov and Dmitry Dokuchayev relate to allegations of the suspects having passed on state secrets to US firm Verisign, as well as to other unnamed US companies. The firms in turn, are believed to have shared the information with US intelligence agencies, Reuters reported.

View full story

ORIGINAL SOURCE: International Business Times

The post Russian cyber experts’ treason charges related to 7-year-old allegations of data sharing with US appeared first on IT SECURITY GURU.

from Russian cyber experts’ treason charges related to 7-year-old allegations of data sharing with US

NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

NSA and US Cyber Command boss Mike Rogers has revealed the future direction of his two agencies – and for the private sector, this masterplan can be summarized in one word. Kerching! Speaking at the West 2017 Navy conference on Friday, Rogers said he is mulling buying up more infosec tools from corporations to attack and infiltrate computer networks. At the moment the online offensive wing of the US military develops most of its own cyber-weaponry, he claimed, and he figures the private sector has plenty to offer.

View full story


The post NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree appeared first on IT SECURITY GURU.

from NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

Windows 10 Getting a Feature That Can Block Win32 App Malware from Infecting PCs

One of the new features coming in the Windows 10 Creators Update (and still not announced by Microsoft, for some reason) is the possibility of blocking the installation of Win32 software, limiting the operating system to Windows Store apps.

View full story


The post Windows 10 Getting a Feature That Can Block Win32 App Malware from Infecting PCs appeared first on IT SECURITY GURU.

from Windows 10 Getting a Feature That Can Block Win32 App Malware from Infecting PCs

Patients put at risk after 700,000 sensitive hospital letters go missing including test results from biopsies and patient treatment plans

Thousands of patients may have suffered delays to treatment after it was revealed that the NHS failed to deliver more than half a million sensitive documents to GPs. Test results from biopsies and patient treatment plans were among the thousands of official records that went missing between 2011 and 2016. The hospital documents did not reach the intended recipients because patients had either moved away or were not known showing up on practice records.

View full story


The post Patients put at risk after 700,000 sensitive hospital letters go missing including test results from biopsies and patient treatment plans appeared first on IT SECURITY GURU.

from Patients put at risk after 700,000 sensitive hospital letters go missing including test results from biopsies and patient treatment plans

Cyber attacks against financial services cost consumers £8bn in 2016, research reveals

Online financial services and lending companies are increasingly being targeted by fraudsters and costing consumers millions of pounds around the world last year alone, according to research. Cyber attacks against online lending companies and alternative payment systems increased 122pc last year, according to ThreatMetrix, a security company that monitors more than 20bn online transactions a year. The fraud is estimated to have cost consumers as much as £8bn in 2016, the company said.

View full story

ORIGINAL SOURCE: The Daily Telegraph

The post Cyber attacks against financial services cost consumers £8bn in 2016, research reveals appeared first on IT SECURITY GURU.

from Cyber attacks against financial services cost consumers £8bn in 2016, research reveals

Friday, 24 February 2017

Donald Trump owns 3,600 Domains

CNNMoney has carried out an investigation on Donald Trump’s online portfolio of domain names and found that he has 3,643 websites that range from TrumpEmpire.com to TrumpFraud.org.

CNNMoney investigated 20 years of internet records using Domain name search tool DomainTools. Before he reached the White House, Trump’s company had laid claim to at least 3,643 website domains. The buying spree continued as he ran for president. Trump bought 93 of them after he launched his presidential campaign.

According to CNNMoney’s investigation, Trump owns websites including ImBeingSuedByTheDonald.com, VoteAgainstTrump.com, TrumpMustGo.com, NoMoreTrump.com and DonaldTrumpSucks.com.

The Trump Organization issued a statement on Tuesday:

“Unfortunately cyber squatting, publishing false content and the use of ‘negative’ domain names is a serious issue facing all large companies around the world,” said company spokeswoman Amanda Miller. “We take the protection of our corporate identity and our intellectual property very seriously… this includes trademarking both positive and negative domain names and taking firm legal action when necessary to protect our name and intellectual property.”

DonaldTrumpSucks.com originally belonged to Dan Parisi, who once ran WhiteHouse.com as a porn site. Parisi, an infamous cybersquatter , told CNNMoney that he let the TrumpSucks domain registration lapse. Parisi said he now plans to turn WhiteHouse.com into “a voice of the people against the administration.”

The post Donald Trump owns 3,600 Domains appeared first on IT SECURITY GURU.

from Donald Trump owns 3,600 Domains

Most Hackers Can Access Systems and Steal Valuable Data Within 24 Hours

More than three-quarters (88%) of hackers can break through cybersecurity defences and into the systems they target within 12 hours, while 81% say they can identify and take valuable data within another 12 hours, even though the breach may not be discovered for hundreds of days, according to research by global technology company Nuix.

The Nuix Black Report—the results of a confidential survey of 70 professional hackers and penetration testers at DEFCON, the world’s largest hacking and security conference—will overturn many conventional understandings and sacred cows of the cybersecurity industry.

“There is no shortage of cybersecurity industry reports so we’ve avoided going down the familiar path of compiling data about incidents that have already taken place or highlighting trends and patterns in data breaches—these are clearly the symptoms of a deeper problem,” said Chris Pogue, Nuix’s Chief Information Security Officer and a co-author of the Nuix Black Report. “Instead, we have focused on the source of the threat landscape: the attackers themselves.”

By examining the security landscape from the hacker’s perspective, the Nuix Black Report has revealed results that are contrary to the conventional understanding of cybersecurity. For example:

  • Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down but endpoint security technologies were more effective at stopping attacks
  • More than half of respondents changed their methodologies with every target, severely limiting the effectiveness of security defenses based on known files and attacks
  • Around one-third of attackers said their target organizations never detected their activities.

“Data breaches take an average of 250–300 days to detect—if they’re detected at all—but most attackers tell us they can break in and steal the target data within 24 hours,” said Pogue. “Organizations need to get much better at detecting and remediating breaches using a combination of people and technology.”

Nuix Insight Adaptive Security is a next-generation endpoint technology with cutting-edge detection algorithms that can identify and stop security threats—including new and unknown attack methodologies—within seconds. According to industry analyst firm Enterprise Management Associates, Nuix Insight Adaptive Security “has applied practical field knowledge to the product’s development, leveraging a design team that includes malware analysts, penetration testers, incident response experts, social engineers, and digital forensic professionals” and “is well aligned with all of the top use cases for adaptive security technology.”[1]

“The Nuix Black Report illuminates the true nexus between attacker methodology and defensive posture; showing which countermeasures will improve security and which are a waste of money and resources,” said Pogue. “Readers will learn what is the best spend for their security dollar and, more critically, why.”

[1] Enterprise Management Associates, Nuix Insight Adaptive Security Brings Context Visibility and Deception to Protect Endpoints, January 2017

The post Most Hackers Can Access Systems and Steal Valuable Data Within 24 Hours appeared first on IT SECURITY GURU.

from Most Hackers Can Access Systems and Steal Valuable Data Within 24 Hours

Security specialist identifies security breaches in apps from 50 top global banks

The Pradeo Lab, a worldwide leader in mobile devices and applications security, analysed the mobile applications of 50 of the world’s top 100 banking establishments to identify security breaches. It discovered on average every app was vulnerable to seven security threats: that is, 100% of the 50.

Data from the BBA, the leading trade association for the UK banking sector, says there were 11 million banking app logins a day during 2015, a 50% rise for 2014***.  American Federal Reserve stats show that 71% of people using mobile banking services are confident about the security of mobile banking transactions**. In fact, it is estimated that the security failings revealed in the Pradeo test could affect over half a billion, or 500 million, people worldwide.

 “Our job is to provide solutions to prevent threats generated by mobile applications and mobile device environments. We chose to make an assessment of the threats targeting banking applications because of their importance. We were very much not expecting what we discovered as our analysis evolved.” explains Clément Saad, Founder and President of Pradeo.

Mr Saad explained that what is worrying is not only the number of establishments concerned, but also the number of techniques that worked when the company checked potential security approaches. “We did not settle for a demonstration of the vulnerability of each application in front of a simple keylogger, but their weaknesses facing more than twenty threats.  Not a single banking app successfully passed our exam, and on average, and each app was susceptible to seven breaches.”

Potential cybercriminals attack banking apps with a number of different goals: stealing passwords, spying into account behaviour, retrieving transaction validation codes to name just a few.

Many malicious actions are within the reach of many computer geeks. Under the disguise of a game or a utility, “malware” lies in wait before working silently on thousands or even millions of devices as was the case with  the malware Marcher.

Should users be concerned? For Clément Saad, while the implications of his company’s findings are far-reaching, the priority is to equip banks with the right tools to beat cyber criminals in a rapidly evolving digital landscape: “We limited Our study to 50 banks. Chances are that apps from other banking establishments are also at risk and that consequently, the number of impacted users is potentially very significant. While there have not yet been any major security issues with banking apps, banks need to address these issues. This is why Pradeo develops these tests as well as the solutions. The world of mobile applications is relatively young compared to the web and it is evolving quickly. It takes time to better understand this new environment and face the threats linked to it.”

The post Security specialist identifies security breaches in apps from 50 top global banks appeared first on IT SECURITY GURU.

from Security specialist identifies security breaches in apps from 50 top global banks

Spectra Cyber Security Solutions ready to defeat the threat of ‘cyber-hackers’

Fast-growing voice and data communications specialist, Spectra Group (UK), has announced that it is extending its Cyber Security division in order to give SMEs similar options available to its existing Government, Defence and Public customers in the fight against cyber-attack.

Spectra has identified cyber services as the ‘next huge growth area’ and heralds the launch of Spectra Cyber Security Solutions as a natural progression for a company that already has a proven expertise in this area.

The Herefordshire-based company can count on extensive experience successfully designing, delivering and maintaining networks for military organisations and Government Agencies.  Its high-grade solutions are designed to integrate seamlessly with business architecture minimising downtime. Data is available as and when required and it is kept secure and protected from attacks throughout its lifecycle. Spectra Cyber Security Solutions can provide defence-in-depth, with proactive testing, to identify vulnerabilities in networks and procedures and protect data.

Spectra operates a Security Operations Centre (SOC) which provides 24/7/365 monitoring of networks to immediately identify any breach – or potential breach – as well as providing a UK-based help desk. This enables clients to benefit from security monitoring and provides the user with a 24-hour contact if they have concerns or issues with their network.

Spectra is ISO 27001-accredited which, as an information security management standard, is clear and precise, listing 114 key security controls that should always be at the heart of any organisation’s approach to security.

The company is also fully compliant with the UK Government-backed Cyber Essentials Scheme. Developed in conjunction with the Information Security Forum (ISF), Cyber Essentials forms a robust and stringent checklist that security companies must meet to be considered eligible to work with highly sensitive information and Government level security contracts. It is also a Cisco Partner – Cisco Select Certification recognises and rewards partners that have achieved a Cisco specialisation.

Cyber-attack has been identified as one of the four highest priority and most pervasive of risks faced by the UK – with the others being international terrorism, international military crises and major accidents or natural hazards. In the last year alone, some two thirds of large businesses in the UK experienced a cyber-attack and, staggeringly, almost a quarter fell victim to breaches at least once a month.

Simon Davies, CEO of Spectra Group (UK) Ltd, said: “Without doubt Spectra views cyber security services as the next growth area. We have already been delivering cyber services through our existing networks business so the launch of Spectra Cyber Security Solutions is a natural progression for the company.

“Among our talented employees are experts who possess all the know-how and experience to deliver highly bespoke security solutions to protect against cyber-attacks. As data now plays an increasingly important part in everyday life, ensuring its confidentiality must be of paramount importance to any organisation. We recognise that not every company can afford to have a large, highly trained, IT department, and some need a straightforward pricing system to plan their business operations. Spectra Cyber Security Solutions aims to make keeping companies safe from cyber-attack as simple and cost-effective a process as possible.”

The post Spectra Cyber Security Solutions ready to defeat the threat of ‘cyber-hackers’ appeared first on IT SECURITY GURU.

from Spectra Cyber Security Solutions ready to defeat the threat of ‘cyber-hackers’

Security should be top priority for mobile developers to protect consumers

With the recent surge in fake apps tricking consumers out of personal data, experts are warning that manufacturers and developers of mobile devices need to make security a top priority in the design process to mitigate the serious risks posed by hackers.

As recently as last month, numerous consumers fell foul of a fake Netflix app that infiltrated devices via a trojan allowing hackers to secretly spy on conversations, use the camera and microphone, and access contacts and messages.

Jason Fry is a cybersecurity specialist at pav.co.uk.  He has worked with numerous corporate and independent businesses across the UK helping them to review and update their cybersecurity policies, procedures and solutions.  He said:

“The rise in fake apps, particularly those purporting to be from recognisable brands, has brought a new level of scam potential for cybercriminals with millions of people being duped out of confidential data such as bank details and passwords.

“Whilst the fraudsters are constantly refining and improving the ways to trick unsuspecting targets, one of the main problems is the vulnerability of the devices themselves, which aren’t designed with security as a primary concern.”

And as mobile and tablet usage now officially exceeds that of PCs and laptops, the problem is teetering on the edge of a colossal cybersecurity fallout.  Jason says this could result in ever increasing issues with apps that are available to download from reputable stores but, once installed, upload vicious malware or fool targets into entering personal information, bank account details and passwords.

Jason continued:

“As an industry, we are well aware of the risks of cybercrime.  There is a great deal of knowledge available, which developers should be tapping into in order to improve the security efficiency of their products and limit attacks.  Developers could be doing more to educate consumers about the importance of security and should be creating products that have security as a core feature.”

Jason’s advice to those using smart phones and tablets is to always ensure they are protected from hacks and viruses with a reliable piece of security software.

“Unfortunately, the vast majority of smartphones and tablets remain unprotected, which makes them easy targets for fraudsters.  To minimise the risk of an attack, I’d recommend that you invest in a good quality piece of antivirus software from a reputable provider, such as Norton, that is suitable for the make of device.”

The post Security should be top priority for mobile developers to protect consumers appeared first on IT SECURITY GURU.

from Security should be top priority for mobile developers to protect consumers

Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug

Big-name websites leaked people’s private session keys and personal information into strangers’ browsers, due to a Cloudflare bug uncovered by Google researchers. As we’ll see, a single character – ‘>’ rather than ‘=’ – in Cloudflare’s software source code sparked the security blunder. Cloudflare helps companies spread their websites and online services across the internet. Due to a programming blunder, for several months Cloudflare’s systems slipped random chunks of server memory into webpages, under certain circumstances.

View full story


The post Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug appeared first on IT SECURITY GURU.

from Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug

Cybercriminal selling nearly one million Coachella accounts on the dark web

Nearly one million Coachella accounts are reportedly currently up for sale on the dark web. An underground data trader is allegedly selling over 950,000 Coachella user accounts data, which includes usernames, hashed passwords and email addresses, for $300. “Coachella complete database dump from this month,” the cybercriminal, who uses the handle Berkut, wrote in their listing, on the popular dark web marketplace Tochka, Motherboard reported.

View full story

ORIGINAL SOURCE: International Business Times

The post Cybercriminal selling nearly one million Coachella accounts on the dark web appeared first on IT SECURITY GURU.

from Cybercriminal selling nearly one million Coachella accounts on the dark web

Uber accused of ‘calculated theft’ of Google’s self-driving car technology

Waymo, the self-driving car company owned by Google’s parent Alphabet, filed a suit against Uber on Thursday alleging that the ride-share company engaged in the “calculated theft” of its self-driving technology. The suit is the latest setback for Uber, which is still reeling from the viral #DeleteUber campaign and which this week launched an “urgent investigation” into claims of sexual harassment.

View full story


The post Uber accused of ‘calculated theft’ of Google’s self-driving car technology appeared first on IT SECURITY GURU.

from Uber accused of ‘calculated theft’ of Google’s self-driving car technology

Russian military admits significant cyber-war effort

Russia’s military has admitted for the first time the scale of its information warfare effort, saying it was significantly expanded post-Cold War. Defence Minister Sergei Shoigu said that Russian “information troops” were involved in “intelligent, effective propaganda”, but he did not reveal details about the team or its targets. The admission follows repeated allegations of cyberattacks against Western nations by the Russian state.

View full story


The post Russian military admits significant cyber-war effort appeared first on IT SECURITY GURU.

from Russian military admits significant cyber-war effort

Briton ‘responsible for cyber attack on Germany’ arrested at Luton Airport

A British man has been arrested at Luton Airport accused of a cyber attack in Germany last year which hit a million homes. The 29-year-old suspect was held on a European arrest warrant accused of wiping out internet access to Deutsche Telekom subscribers in a planned attack. “The Briton stands accused of attempted computer sabotage in a particularly serious case,” said German police. Around a million of Deutsche Telekom’s 20 million customers were unable to connect to its network in late November after the attack on its routers.

View full story


The post Briton ‘responsible for cyber attack on Germany’ arrested at Luton Airport appeared first on IT SECURITY GURU.

from Briton ‘responsible for cyber attack on Germany’ arrested at Luton Airport

Get my goat

If there’s one thing guaranteed to get my goat, it is this kind of claptrap you find all over LinkedIn. Seriously? Has Dr. Ken Jennings really discovered the difference between success and failure? What is success? What is failure? Is a CEO successful and a postman a failure? Go Green and you will be a […]

The post Get my goat appeared first on ITsecurity.

from Get my goat

Thursday, 23 February 2017

Spectacular Fear

Now I really am worried. Deep in the new Black Report from Nuix (I wrote about it here) is this statement from Terry L. Sult; Chief of Police, Hampton, Virginia. He is lamenting the process of criminals ‘going dark’, hiding from law enforcement behind unbreakable encryption. “This should seriously concern every law-abiding citizen,” he said. […]

The post Spectacular Fear appeared first on ITsecurity.

from Spectacular Fear

Nearly 80 percent of cyber professionals say enterprises must understand behaviours and intent as people interact with critical data and IP

Global cybersecurity leader Forcepoint™ today released a new study – “The Human Point: An Intersection of Behaviors, Intent & Critical Business Data.” The study showed that, while an overwhelming majority of respondents – 80 percent – believe it’s important to understand the behaviors of people as they interact with intellectual property (IP) and other critical business data, only 32 percent are able to do so effectively. Further, 78 percent believe understanding user intent is important, yet only 28 percent of those surveyed currently have this capability.

The study surveyed more than 1,250 cybersecurity professionals worldwide across a range of industries, including financial services, oil and gas, and healthcare.

The study shows that cybersecurity professionals are dissatisfied with technology investments, while data sprawl and eroding network boundaries makes security more difficult. However, the survey reveals the potential upside associated with understanding users’ behaviors and intent as they interact with IP and other data underpinning corporate value.

“For years, the cybersecurity industry has focused primarily on securing technology infrastructures. The challenge with this approach, however, is that today’s infrastructures are ever-changing in composition, access and ownership,” said Matthew P. Moynahan, chief executive officer at Forcepoint. “By understanding how, where and why people touch confidential data and IP, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives.”

Key findings include:

  • Investing in Cybersecurity Tools: Only four percent of cybersecurity professionals are extremely satisfied with cybersecurity investments they’ve made; only 13 percent strongly agree that more cybersecurity tools will improve security
  • Data Sprawl and Eroding Network Boundaries: Corporate networks are no longer tightly controlled entities, as data sprawls across a range of systems and devices.
    • 28 percent said critical business data and IP may be found in BYOD devices; 25 percent said removable media; 21 percent said public cloud services.
    • 46 percent are very or extremely concerned about the co-mingling of personal and business applications on devices such as smartphones.
    • Only seven percent have extremely good visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and consumer services (e.g., Google Drive, Gmail).
  • Vulnerabilities at the Intersection of People & Content: There are many points where people interact with critical business data and IP, ranging from email to social media to third party cloud applications and more.
    • Email was ranked the greatest threat (46 percent); mobile devices and cloud storage were also deemed significant areas of concern.
    • Malware caused by phishing, breaches and BYOD contamination, along with inadvertent user behaviors were seen as the top risks (30 percent each)
  • Understanding Behaviors and Intent:
    • 80 percent believe it’s very or extremely important to understand the behaviors of people as they interact with IP and other data, but only 32 percent are able to do so very or extremely effectively.
    • 78 percent believe understanding intent is very or extremely important, but only 28 percent are able to do so very or extremely effectively.
    • 72 percent strongly agree or agree that security could be improved by focusing on the point in which people interact with critical data to better understand behaviors and intent.

More information on this research report, including methodology, demographics and key industry highlights, may be found at www.thehumanpoint.com.

The post Nearly 80 percent of cyber professionals say enterprises must understand behaviours and intent as people interact with critical data and IP appeared first on IT SECURITY GURU.

from Nearly 80 percent of cyber professionals say enterprises must understand behaviours and intent as people interact with critical data and IP

Act Now to Prepare Your Cloud for 2017 Peaks, warns Rackspace

Today, Rackspace®, the managed cloud company, shares its top expertise for businesses looking to improve in-house server performance ahead of peak periods.

The smooth running of websites and digital services has become crucial for businesses to secure an advantage over competitors. However, only 33% of IT decision makers in UK businesses have good or strong experience in operating a cloud-based infrastructure[1], meaning that many will be unprepared to scale and meet customer demand throughout the year.

Rackspace is now urging businesses to get ahead of this year’s peak periods by reflecting on last year and looking ahead to ensure they are ready to meet customer demands.

On premise solutions can appear to be more beneficial for certain use cases. But unless the necessary steps are taken to develop infrastructure in line with the evolution of the business, companies run the risk of being underprepared to meet the demands of their customers.

Sticking to plans, like getting technical skills and tools in shape to innovate, and preparing for changes in legislation, can help businesses stay in shape for the whole of 2017. With this in mind Rackspace enlisted some of its top experts to give their advice:

Step 1: Get up and running – Simon Crawley-Trice, Director of Technical Services EMEA,

“In order to hit the ground running, businesses should, despite the contradiction in terms, embrace the opportunity to stop and reflect on the past. Think about how much downtime the business experienced last year and identify what went wrong. That way any bugs or processes that need to be fixed can be detected before they become a problem again. Take the time also to highlight what worked well. This can help when it comes to mitigating the impact of any issues throughout this year.

“It’s also the time to sit and plan for later in the year. Some businesses will be lucky enough to predict when traffic is likely to dramatically increase and should use this to their advantage.  A website can only meet high demand if the infrastructure has been designed to be able to cope with the capacity ahead of time. It might be that the business can host this in-house, or seek external help for when extra capacity is needed during busy periods.”

Step 2: Conserve Energy – Gary Boyd, Senior Director, Global DataCentre Operations

“Businesses can now gain more than just financial savings if they strive to keep energy usage down. A good energy rating won’t just appeal to customers, but it can attract future colleagues and technology talent as well. The first question is how much power will be needed. For instance, it could be more efficient to generate a bespoke energy supply if there are lots of servers to cater for.

“It’s important, however, that the decision-maker considers how the business, and server room, might grow, so any processes can accommodate it. Some might prefer to outsource server space to somewhere already designed to maximise energy efficiency – rather than being hit with the costs of trying to turn a space better suited to offices into an energy efficient datacentre.”

Step 3: Have a Data Clear Out – Mike Bainbridge, Chief Digital Technologist

“Many businesses can be guilty of storing more data than they need. It is easy to fall into the trap of trying to keep everything, on the off chance that you might find a use for it someday. New compliance rules on the horizon, like the General Data Protection Regulations (GDPR), means businesses have to think more carefully about which data they store and for how long. Data policies should be in place and companies should encourage employees to store only what they need. Any critical information should be backed-up off site, so in the event of hardware failure, it can be recovered. It is also crucial that disaster-recovery systems and processes are regularly tested. This is something which is often overlooked.”

Step 4: Bulk up Cyber Security – Dee Richartz, Director of Managed Security Services

“Cyber security concerns are set to continue into 2017, with big company breaches almost a certainty. Company data should be protected from any surprises by ensuring to take advantage of layered security options like firewalls and encryption. This ensures only the people that should be accessing important data are doing so. That said, physical vulnerabilities should be taken into consideration too. There’s almost no point in taking the necessary steps to protect the data if anyone can freely access the servers it is kept on. Another important but often overlooked aspect of cyber defence is educating staff about the basic measures they can take to protect an organisation’s data – such as not disclosing credentials or clicking on suspected URLs.

“Revisit the processes the company has in place for identifying and responding quickly to any system failures and bugs. These can prove an easy way in for cyber criminals to access sensitive data. Although, this isn’t all that businesses have to lose. If the processes aren’t in place to meet legislation like GDPR, organisations can lose out in other ways – for instance, by incurring high fines.”

Step 5: Learn New Skills –  James Cowe, Director, AWS Strategy and Architecture

“Cloud is changing both the way we do business and the skillsets necessary to be successful in the IT industry. Last year, we noted significant increases in jobs which require skills related to Amazon Web Services (AWS) or Microsoft Azure; roles requiring AWS experience increased by 36 percent whilst roles requiring Microsoft Azure experience grew by 61 percent year on year.

“It can be challenging to keep pace with this continually evolving landscape, particularly if a business is focusing on its strategic goals for 2017 in lieu of recruiting and on-boarding new staff. In order to remain competitive and improve customer experience by leveraging these new cloud technologies, it is vitally important that they stay on top of attracting and developing these skills.”


[1] Rackspace Anatomy of Migration Report

[1] Rackspace Anatomy of Migration Report

The post Act Now to Prepare Your Cloud for 2017 Peaks, warns Rackspace appeared first on IT SECURITY GURU.

from Act Now to Prepare Your Cloud for 2017 Peaks, warns Rackspace

Increased Circulation of Cyber Risk

Multiples of past and present crime surveys have confirmed the ongoing impact of Cyber Crime on business was, and is high, and were measured to have increased by an average of 25% on previous years of reporting, were seeing financial losses increase by 18%+ and rising. However, these statistics only represent the known knowns of cyber impact, and do not include those unknown unknown factors of the non-report, and non-detected successful cyber incursions.

The advent of Malware, and Ransomware variants, and their associated strains of payload have particularly focused attention on the end-game of Project Planned hack-attacks impacting multiples of business, and public authorities. Such as a well-publicised successful attack against the UK Local Authority born out of insufficient levels of adequate security being implemented to protect against a known known threat. Such cyber compromises as these hold the ability to impact the business, and/or end user’s PC or Laptop with an adverse payload, which may impose one of, or even all the following miscreant actions:

  • Allow remote viewing of sensitive and private files stored on the local PC’s hard drive
  • Allow access to information relating to bank accounts and other such on-line financial transactions
  • Sending emails from the system/email account without the owner’s knowledge
  • Invoking the attached Web Cam to visually infiltrate personal space to view the locality from afar
  • Using a compromised system, potentially to launch a Distributed Denial of Service Attack [DDoS] against other machines and/or organisations
  • Activate other attached devices, such as microphones

The enhanced threat imposed by Ransomware however will allow Cyber Criminals to leverage adverse manipulation of say, encryption to prevent the authorised user from accessing their own files. Whilst the attacker may offer the impacted owner the opportunity to pay to regain access to their locked files, there is no guarantee that they will be unlocked once the transaction has been concluded.

Recent attacks encountered within the UK have also seen an increase in threat born out of the distribution of communications by Social Engineering emails, claiming to be from a bank or a government agency, such as HM Revenue and Customs, or PayPal urging the end user to go online to check their account, or to claim an outstanding refund. However, the real purpose of these communications is to capture, and of course abuse the valuable and sensitive credential and data objects. So, what? Well to fact of this situation is, such attacks are still so very successful, implying that the message it not getting out to the general, unaware public – thus I conclude more must be done to educate.

Following the well-publicised historic Stuxnet computer programme considered to have been created by Israel/US hands, which succeeded in infecting and sabotaging Iran’s uranium production in 2012, the SCADA industrial control systems of hundreds of European and US Energy companies have also been infected by a sophisticated cyber weapon operated by a state-backed group, with apparent ties to Russia. And remember the use of that powerful piece of malware , known as “Energetic Bear”, which allowed operators to monitor energy consumption in real-time, or to cripple physical systems such a wind turbines, gas pipelines. What this tells us about the prospects of insecurity associated with Smart Metering is only to be anticipated! But again, in the opinion of the author, feel it can only be adverse as the required due diligence security controls up to the start of 2015 were considered ineffective, and now we see Smart Meters becoming a new member of IoT and a brand-new target.

The Hackers, and Cyber Criminals are also getting smarter with imaginative miscreant evolution of criminal techniques. But this state of Cyber insecurity is nothing new, and has been a subject of conversation for many years. In fact, it was around 10 years ago in a conversation with a UK CPNI representative who commented that the ‘Cyber Exposure was way over hyped and a product of imagination!’ – the problem being no one has been willing to listen. In fact, these threats were also clearly outlined in a report some ten years ago, written by myself, which was, at that time classified by a CPNI representative as the product of scaremongering! So to some extent we are where we are, and it is going to take a quantum leap of mindset change across the spectrum to deliver what will represent a robust security model.

The overall conclusion is the time to act has gone well past its sell by date, and thus, if the technological age is to strive forward, delivery of the right set of security controls is now a must do, and represents a value add proposition – and should no longer been seen as an incurred cost.

The post Increased Circulation of Cyber Risk appeared first on IT SECURITY GURU.

from Increased Circulation of Cyber Risk