Friday, 31 March 2017

Tenable Network Security profile – Gavin Millard: unsecured application containers are creating big risks

These might be boom times for anyone involved in application containerisation but lurking just under the surface are a host of security issues that development teams are only now starting to get to grips with.

It’s an old story for the security industry that has played out numerous times in the past: a new technology arrives on the back of big promises and for a while security gets pushed to the side in the excitement. Eventually, a new set of risks must be factored in at which point organisations look around for a lifebelt.

What might a lifebelt for application containers look like and where can organisations find such a thing? It’s a subject that Gavin Millard, EMEA technical director of vulnerability management company Tenable Network Security would probably be happy to talk about all day.

Founded in 2002 on the back of the famous Nessus vulnerability scanner, Tenable’s expertise is in helping companies with the increasingly complex processes that have grown up around spotting, remediating software flaws, both on premises or in the cloud.

Every ethical hacker will be able to name a favourite pen-testing or vulnerability scanning tools but very few will end up working for the company that makes them. Millard, is one of those rare exceptions.

“I’d known Tenable for many years – Nessus was one of the first tools I used. It was unbelievable the type of information you could get from this free tool,” says Millard.

After ten years at cybersecurity outfit Tripwire, three years ago he made the jump to Tenable. What grabbed his attention was a talent mix that included founder and then CEO Ron Gula (now succeeded by Amit Yoran, who joined from RSA), Security B-Sides co-founder Jack Daniel, noted firewall engineer Marcus J. Ranum and, of course, Nessus inventor Renaud Deraison himself.

In 2014, Millard joined a company of 300 people – it is now three times that number and still expanding. It’s a growth that has happened on the back of a desire by large organisations to see what is going on inside their software deployments as well as being able to do something about it.

Containers might be new but they are turning into one of Millard’s biggest challenges. He frets about the way DevOps teams understand their benefits without necessarily being cognizant of the risks they bring.

“The reason people have started using containers is because it gives them a transportability and predictability to their code,” he agrees. The key moment was the arrival of Docker in 2013, which has taken the old idea of Linux containers and “done a Red Hat” on them, he says.

There are also advantages. “It’s a bit like the next generation of virtualisation. You have ephemeral assets that spin up and drop down as required.

“What that means is that companies save a significant amount of money on the hosting of those assets. They are increasing and decreasing their compute power as required. You can’t do that with a virtual machine – it takes minutes for a new version of Linux to spin up.”

Understanding the beast

For web and microservices developers, this application-centric approach has been a shot of adrenalin. Normally, anyone running an application would need to spin up a separate virtual machine (VM) or hypervisor, a design that scales inefficiently across large numbers of possibly small applications. Containers avoid this by allowing multiple applications to be virtualised inside a single OS.

As well as allowing more smaller applications to use the same underlying hardware, everything needed to make each application function sits within each container, which overcomes the drag of having to create different versions for different OSes. It’s a model that suits the world of small, portable microservices applications built, deployed, and taken down in short order but it does have a security drawbacks.

Now comes the ‘but’. Millard points out that containers lack the isolation of VMs and are therefore, on paper, not as secure. A single vulnerability at kernel level will compromise every application container running on it. Similarly, unless Docker ‘names-pacing’ has been set, a compromise of a container with root privileges will be able to conduct a breakout through the host. Scanning for and managing vulnerabilities on containers, many of which aren’t running for very long, can quickly become a major management headache.

“The big issue with containers is the lack of visibility into the container itself,” agrees Millard. “We’ve been aware of containers being a blind spot for a while now.”

This is compounded by the fact that containers are the responsibility of development rather than operations teams. A vulnerability inside a software library could be embedded inside a single Docker image that ends up being spun up dozens or hundreds of times, causing a new vulnerability to pop into existence on a large scale, as if from nowhere.

“As a CISO I have to trust that the development team are keeping all the libraries up to date. Security isn’t generally part of that process. The risk is these containers are being created without the oversight of what’s being done.

“You can tell that the container is there but you can’t connect into it to see what code it’s running or whether there are any issues with that.”

The good news is that it is easier to address a vulnerability in a container than on a virtual machine. After the doom and gloom, Millard brightens.

“Done properly, containers are an awesome way to do security,” he says, before mentioning Tenable’s October 2016 acquisition of a company called FlawCheck as a case in point.

With containerisation suddenly growing, FlawCheck offered the capability to scan Docker images for both vulnerabilities and malware in a way that would work with different software registries. As we interviewed Millard, Tenable was hard at work integrating FlawCheck’s technology with established Tenable vulnerability management.

What remains harder to solve is the classic problem of awareness: Docker containers are still growing faster than people’s security understanding.

“We have mass adoption with low security awareness. It’s like BYOD a few years ago. Security teams said ‘no’ and they were circumvented. This is the same with DevOps and containers. The best approach is always to put the appropriate controls in place,” he says.

“As security professionals, we must embrace the new wave of deployment technology but do it in a secure way.”

The post Tenable Network Security profile – Gavin Millard: unsecured application containers are creating big risks appeared first on IT SECURITY GURU.

from Tenable Network Security profile – Gavin Millard: unsecured application containers are creating big risks

WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft

Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 – the operating system it stopped supporting roughly two years ago. The buffer overflow bug can be exploited to inject malicious code into a vulnerable machine and execute it, allowing an attacker to gain control of the computer. It requires WebDAV to be enabled. If you have such a machine exposed to or reachable from the internet, and you get hacked, maybe you deserve it.

View full story


The post WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft appeared first on IT SECURITY GURU.

from WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft

Blimey, Did You Know? It’s World Backup Day. But… Surely Every Day is World Backup Day?

Today, March 31, is supposed to be World Backup Day. Where did that one come from? Isn’t every day a backup day? We did a bit of poking around. There is a World Backup Day website. Its legal section states: “World Backup Day and the Globe and Arrow are registered trademarks of 614a ltd.”

View full story


The post Blimey, Did You Know? It’s World Backup Day. But… Surely Every Day is World Backup Day? appeared first on IT SECURITY GURU.

from Blimey, Did You Know? It’s World Backup Day. But… Surely Every Day is World Backup Day?

Tech Giants Bow to Amber Rudd’s Demands to get Tough in Effort to Wipe Islamist Propaganda Videos off the Internet

Technology giants have pledged to join forces in efforts to tackle terrorist content online following a summit with the Home Secretary. FacebookGoogleTwitter and Microsoft committed to explore options for a cross-industry forum and step up collaboration on technical tools that aim to identify and remove extremist propaganda.

View full story


The post Tech Giants Bow to Amber Rudd’s Demands to get Tough in Effort to Wipe Islamist Propaganda Videos off the Internet appeared first on IT SECURITY GURU.

from Tech Giants Bow to Amber Rudd’s Demands to get Tough in Effort to Wipe Islamist Propaganda Videos off the Internet

UK SMEs Not Educating Staff on the Risks of Cybersecurity

New research from specialist cyber-insurance provider, CFC Underwriting reveals that over a quarter of UK-based SMEs (27 percent) are still failing to educate and train their staff on the threat of a cyber-attack. Phishing scams caused 38 percent of CFC’s claims in 2016, meaning that they could arguably have been avoided if staff were trained properly.

View full story


The post UK SMEs Not Educating Staff on the Risks of Cybersecurity appeared first on IT SECURITY GURU.

from UK SMEs Not Educating Staff on the Risks of Cybersecurity

German Military to Unveil New Cyber Command as Threats Grow

Germany’s military will launch a cyber command next week as part of an effort to beef up online defences at a time when German spy agencies are warning of increasing cyber attacks by Russia. The German military remains a high-value target for hackers, with some 284,000 complex and professional would-be attacks registered in the first nine weeks of 2017, a ministry spokesman said. No damage had been reported thus far, he added. Cyber attacks on militaries are rising worldwide, with many now creating separate commands to tackle the issue.

View full story


The post German Military to Unveil New Cyber Command as Threats Grow appeared first on IT SECURITY GURU.

from German Military to Unveil New Cyber Command as Threats Grow

First cyber security start-ups graduate from unique GCHQ Cyber Accelerator programme

Seven cyber security start-ups joined the unique GCHQ Cyber Accelerator – a partnership between GCHQ, the Department for Culture, Media and Sport (DCMS), and Wayra UK, the leading UK corporate accelerator that is part of the global Telefónica Open Future_ network – in January.

There, the companies received support to help them scale all aspects of their businesses, including high-quality mentoring and business services, office space, and access to GCHQ and Telefónica’s world-class personnel and technical expertise.

That support has helped the companies develop substantially, with successes including the securing of contracts with government agencies and projects with major corporations, as well as developing their products and embarking on funding rounds.

The entrepreneurs will today celebrate the end of the programme by pitching their start-ups to an audience of stakeholders and leading investors at a Demo Day in Cheltenham.

At the event, GCHQ, DCMS and Wayra UK will say that later in 2017, they intend to issue a new call for cyber start-ups to join the Accelerator for an extended version of the programme. Further details of the new call will be revealed in due course.

Minister of State for Digital and Culture Matt Hancock MP said:

“Our recent Digital Strategy set out our ambition to create a world-leading digital economy that works for everyone and makes the UK the safest place to do business online.

“The Cyber Accelerator is helping to deliver this aim by supporting entrepreneurs and innovators as they turn great ideas into cyber security products and services, and I congratulate all those who have taken part in the first programme and contributed to its success.”

Gary Stewart, Director at Wayra UK and Telefónica Open Future_ (UK), said: 

“This has been a textbook exercise in how to accelerate companies extremely quickly. We’ve been able to take our strengths and marry them to GCHQ’s world-leading cyber expertise, creating a perfect petri dish for these start-ups to scale. I’m immensely proud that we’ve been able to realise the promise of this collaboration, and enthused about moving the partnership forward in an even bigger and better way through a new call for cyber start-ups to join the programme.”

Company successes during the accelerator programme include:

  •  CyberOwl securing a proof of concept project with Cisco to provide early warning on data theft attacks. The company was also awarded Innovate UK funding of £75,000, and will collaborate with Qinetiq to solve the challenge of reducing the time and effort to detect data breaches in increasingly complex environments, such as the Internet of Things.
  • Status Todaysubstantially progressed commercial deals with some of the world’s largest defence and security companies. It is working with Cisco on a proof of concept project investigating advanced behavioural analytics. It is also working with Microsoft on platform support and pre-release access, and exploring opportunities with Microsoft’s National Safety Team for sales collaboration within the Public Sector. Founder Ankur Modi was also featured in the Forbes 30 Under 30.
  • Elemendarsecuring a contract that enables them to continue to develop its machine intelligence platform, which reads cyber threat reports produced by humans and turns them into industry-standard structured information.
  • Spherical Defence beginning a pilot programme with one of the largest payments providers in India. It is also undergoing its first seed funding round; the company is seeking $600,000, and the round will be led by a major Silicon Valley investor.
  • CyberSmartwent from a minimum viable product (MVP) and not only developed, but also launched its security compliance platform into beta. It also got its first customers and is now preparing for a public rollout.
  • Verimuchmecompleted its MVP while part of the accelerator, and is now reaching out to enterprise clients to customise it to better meet their requirements
  • CounterCraft received unbeatable technical mentoring and was able to leverage GCHQ’s and Wayra’s contacts to position its product strategically in the UK market.

The accelerator was launched to help keep the UK secure online, enable companies to produce the next generation of cyber security systems, and boost the country’s £22 billion cyber security sector, which currently contributes around £2 billion a year in exports to the UK economy.

The new accelerator is the first step in delivering the Cheltenham Innovation Centre, the first of two world-leading innovation centres to be created as part of the Government’s National Cyber Security Programme. A second innovation centre will open in London later this year.

The government’s new National Cyber Security Centre (NCSC), part of GCHQ, is making the UK the safest place to live and do business online. It is a single, central body for cyber security at a national level, managing national cyber security incidents, carrying out real-time threat analysis and providing tailored sector advice.

Chris Ensor, NCSC Deputy Director of Cyber Skills and Growth said:

“The Cyber Accelerator initiative is helping to identify and develop innovative solutions to meet the cyber security challenges the UK faces today. I hope to see some of the companies we have worked with become household names in the future, providing things that will help keep us safe in an ever more connected world.”

The post First cyber security start-ups graduate from unique GCHQ Cyber Accelerator programme appeared first on IT SECURITY GURU.

from First cyber security start-ups graduate from unique GCHQ Cyber Accelerator programme

How backup can help businesses never be held hostage by ransomware

Paying ransom fees to regain access to data in the vague hope that criminals will release files from hostage is a known phenomenon that continues to demand regular column inches. But currently, with ransomware on the rise, no company wants to get into the habit of paying out a ransom fee to access their own services.

Ransomware threats reached an all-time high in 2016, increasing by 752 per cent compared to the previous year and resulting in £815 million in losses for businesses, according to a study by Trend Micro and the Zero Day Initiative. This came as the number of ransomware families – including variants known as Bit Crypt, CryptoWall, Cerber and Jigsaw – increased from just 29 to 247 in the same timeframe, while research by CyberEdge Group found that nearly two thirds of organisations fell victim to a ransomware attack during the year.

This begs the question – how can businesses guard against the rising threat of ransomware?

The rise of ransomware

The vital ingredient in ransomware’s startling rise is money. The sheer size of the reward available can convince even people with impeccable moral standards to commit a crime. Suddenly there is a reason for rogue employees to take a risk and those with intimate knowledge of a company’s business processes can purposely target systems containing its most precious data to ensure the organisation must pay, and pay big.

The other key factor here is that malware has previously been something only skilled hackers could create, but now the ease of ransomware creation makes the process almost effortless – making it a simple task for, in theory, anyone with a computer to drop the malware and wait for the ransom pay-out. Indeed, a service known as Satan on dark web portal Tor allows anyone to create and configure a variant of malware and choose from a range of techniques, select a ransom note, choose a contact preference and track the amount of money they’ve made.

Trojan malware like Locky, TeslaCrypt and CryptoLocker are the most commonly used variations currently used to attack companies. These often breach security loopholes in web browsers and their plugins or inadvertently opened email attachments then, once inside the company, the ransomware can spread at breakneck speeds and begin to encrypt valuable data. The FBI has recommended that companies implement a solid ransomware backup and recovery strategy for effective protection against data loss caused by CryptoLocker or any other Trojan.

Repelling ransomware

Placing tight permissions on data is all well and good but realistically it will not help businesses, given that credentials can be obtained with a keylogger or through social engineering. Instead, to protect themselves against the threat of insider threats and ransomware, businesses should look to air gapped backups, which are essentially offline backups that cannot be manipulated or deleted remotely.

The criticality of the workloads and data within business environments demands a 3-2-1 rule, whereby 3 copies of the company data should be saved on 2 different media and 1 copy should be offsite.

Here are four options for effective data backup:

Backup Copy Job to disk

The first option is to transfer the data from one location to another using Backup Copy Job. Here, a file is not just copied, but the individual restore points within the backup are read and written to a second disk destination. Should the primary backup be encrypted or become corrupt, the Backup Copy Job would also fail because the vendor would not be able to interpret the data.

In such a scenario, the only hope is that the second backup repository has been separated from the rest of the IT environment. One could also use a Linux-based backup repository to secure against Windows Trojans.

Removable hard disks

Another option is to use a removable storage device as the secondary repository. This is usually done with removable hard drives such as USB disks, which aren’t commonly recommended for security purposes but if stored in a secure location could be a viable option for avoiding ransomware. In addition, when it comes to media rotation it is possible to detect when an old piece of media is re-inserted and automatically ensure that old backup files are deleted and a new backup chain is started.


The once-condemned tape option is becoming an increasingly popular option for IT in regards to encryption Trojans. This is because tapes do not enable direct data access, and thus provide protection against ransomware. Just like rotatable media, tapes should be exported to a secure location for optimum protection.

Storage snapshots and replicated VMs

Organisations can enjoy additional availability and ways to implement the 3-2-1 rule with storage snapshots and replicated VMs. These are semi-offline instances of data that can be resilient against malware propagation.

Never pay a ransom again

The ability to restore data means no business should ever have to pay a ransom. However, nothing can be taken for granted in the cybersecurity space, as threats are constantly shifting and the number of attack surfaces grow with every new device added to a network.

Businesses must assume it is a case of when an attack will happen, not if. To remain agile and in control of both new and emerging threats, security must no longer operate as a silo IT function but rather as a fundamental business process and enabler.

Ransomware must be prevented where possible, detected if it gains access to systems and contained to limit damage. But only through a collaborative and integrated approach, which ensures both security policies and SLAs align with business objectives, can organisations have confidence their data is as secure and available as possible. Doing so gives them the best chance of keeping their organisation one step ahead of the cybercriminals, as they look to realise the benefits of digitisation.

By Richard Agnew, VP NW EMEA at Veeam

The post How backup can help businesses never be held hostage by ransomware appeared first on IT SECURITY GURU.

from How backup can help businesses never be held hostage by ransomware

The end of the “It’ll never happen to me” mentality

Take security seriously

The end is nigh. More and more data breaches are happening each day and more information is being stolen than ever before. Attack vectors such as distributed denial of service (DDoS) and Ransomware are on the rise. The former taking out half of the Internet last October when global DNS server Dyn got hit by a huge DDoS attack[1].

Now is not the time to bury our collective heads in the sand, although that has been the defensive tactic of many thus far. UK businesses need to sit up and start taking the requirements for information security seriously. It simply can’t be ignored any more. This awareness must be a three pronged attack by the media, the industry and the Government.

Larger fines

There are plenty of stark warnings in the media, however, the C-suite have until now often been reticent to take them seriously. Coming into force 25th May 2018, the General Data Protection Regulation (GDPR) could be the regulation that makes them sit up and take notice. The regulation, backed by the European Parliament, the European Council and the European Commission, intends to strengthen and unify data protection for individuals within the European Union (which for the immediate future, at least, we remain part of).

The fines for those companies in breach of the regulations will rise, going up to 20 million Euro or 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. This rise has quite rightly put GDPR on the agenda of even the most technophobe CEO.

A security DNA

Security must run through the very DNA of any organisation wanting to compete in these digital times. Yet, most manufacturers – particularly those from a hardware background – are trying to incorporate more and more complex technology on top of already insecure legacy systems. Information security can no longer be an afterthought but rather should be built into the software development life cycle (SDLC).

It is also imperative to implement the correct security architecture and keep it up-to-date. Technologies such as social networks and the Internet of Things (IoT) have changed the business landscape beyond recognition in the past decade and there is no reason to believe this pace of change will suddenly come to a stop. Put simply, the pace of technological change and the complexity that comes with it is the greatest enemy of security today. We always have to play catch up with the bad guys as they find new ways to infiltrate and now is not the time for complacency.

The need for cyber breach drills

Most offices hold regular fire drills and businesses need to treat cyber breaches in the same way. To ensure everyone within the business, from the board to the proverbial shop floor, understand what they need to do to mitigate the impact of a breach, simulations need to be run.

Cybersecurity should be everybody’s responsibility, not just the C-suite. One of the best tactics is to have a number of security advocates within the organisation, to ensure it is up-to-date on emerging cyber security trends and education runs throughout the business. It is, though, also important someone is ultimately held responsible for cybersecurity.

No-one wants to be next

As we have seen over the last 12 months, all industries are vulnerable to cyber security breaches. The negative headlines suffered by the likes of TalkTalk means nobody wants to be the next unwitting CEO to be attacked.

In this day and age, the repercussions of a breach are deep reaching. Whether they are in the form of direct losses such as theft, indirect losses such as brand impact, or productivity losses such as critical system outage. A cyber breach can bring a business to its knees to the point of no return.

In the firing line

Now is not the time to take chances. The threat of a breach is still not being taken seriously enough by many and there needs to be an end to the “it will never happen to me” mentality. In our experience, there’s not enough money being invested in the right places, especially by those responsible for the protection of personal information and valuable intellectual property e.g. healthcare, finance and defence sectors. With ever more stringent regulations – such as the aforementioned GDPR – senior teams need to take responsibility and know they themselves are in the firing line if a breach occurs.

Only by integrating security experts throughout the SDLC and wider supply chain can we address the growing scourge of cyber breaches. The use of quality specialists can help to plug any potential loopholes from the beginning, limiting security and privacy risks from the outset.

By Stephen Morrow, Principle Security Consultant at SQS




The post The end of the “It’ll never happen to me” mentality appeared first on IT SECURITY GURU.

from The end of the “It’ll never happen to me” mentality

Lastline Announces Lastline Labs

Lastline has introduced Lastline Labs, its internal research group and innovative core.  Lastline Labs brings together some of the most brilliant minds in the threat prevention community to collaborate and develop advanced cyber security solutions that successfully detect sophisticated threats and evasive malware. Lastline Labs focuses on innovating the field of advanced threat protection with an effective, scalable, and applicable approach to today’s issues faced by organizations of all sizes.

“Lastline Labs has a unique DNA and pedigree that combine academic excellence with a deep understanding of the threat landscape,” noted Giovanni Vigna, professor of computer science at UC Santa Barbara and co-founder and CTO of Lastline. “This has resulted in disruptive innovation that achieves the highest levels of efficacy in protecting against sophisticated attacks as well as continuous innovation through the transitioning of top-notch research into the real world.”

Using a mix of scientific and academic discipline and rigor, Lastline Labs leverages its knowledge and expertise of ever-evolving threats, including analysis of evasion techniques and how ransomware is delivered, to track the evolution, proliferation and impact of advanced malware. Lastline Labs has been instrumental in developing many of the innovations currently used in the Lastline solution including:

  • Full-System Emulation (FUSE) technique ­– Powers Lastline’s Deep Content Inspection™, which is at the core of how Lastline securely detects every behavior that each piece of malware is designed to carry out.
  • Global Threat Intelligence Network – Provides customers with insights into every malware sample ever analyzed by Lastline.
  • Network Traffic Analysis ­ – Uses behavior profiles to identify anomalous network traffic that could be indicative of malicious activity and data breaches.

Lastline Labs continuously monitors the cyber security landscape and analyzes new security threats and malware-based attacks, actively sharing information and findings via the Lastline Labs blog, research papers and Twitter to help keep security professionals informed of the latest threats, techniques and defenses. For more information, visit

The post Lastline Announces Lastline Labs appeared first on IT SECURITY GURU.

from Lastline Announces Lastline Labs

New research reveals major disconnect between beliefs and actions regarding IoT & cloud security

A recent survey has found that one third of respondents describe the state of security monitoring within their organisation as “complex and chaotic”. AlienVault®, the leading provider of Unified Security Management™ (USM™) and crowdsourced threat intelligence, has released results of a survey showing that cloud security remains a thorn in the side of security professionals, with many still struggling to monitor this environment effectively.

Conducted at RSA 2017, 974 conference participants weighed in on cloud security and IoT monitoring to provide an inside look at the challenges and concerns plaguing companies today, along with the opportunities and benefits associated with each technology.

Main Survey Findings:

  • AlienVault RSA survey finds that one third of respondents describe the state of security monitoring within their organisation as “complex and chaotic”
  • 39 percent of respondents use more than 10 different cloud services within their organisation, and an additional 21 percent don’t know how many cloud applications are being used
  • Lack of visibility into the cloud is a significant concern for 42 percent, yet 47 percent would rather monitor a cloud environment than an on-premises one
  • 62 percent indicate they are worried about IoT devices in their environment, yet 45 percent believe IoT benefits outweigh the risks

“The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way. If data is misused, or inadequately protected, the consequences can be severe,” said Javvad Malik, security advocate at AlienVault. “According to the survey findings, many companies are using these impacting technologies to reap the technological and business benefits they provide, but they are doing so without proper monitoring – leaving their company at greater risk of attack.”

When it comes to monitoring security threats in the cloud, an alarming number of respondents reported being left in the dark when decisions are made. According to the survey, 39 percent of respondents are using more than 10 different cloud services within their organisation, and 21 percent don’t know how many cloud applications are being used. In addition, 40 percent state that their IT team is not always consulted before a cloud platform is deployed, meaning that they are unable to offer guidance and advice, or do due diligence on a platform or service.

The survey also asked participants what concerned them most about cloud security. While malware was rated as the highest concern, with 47 percent of respondents worrying about it, some of the other responses shed light on why so many security professionals view their environments as complex and chaotic. 42 percent of respondents are concerned about a lack of visibility in the cloud, and 21 percent are worried about the cloud-based services they use producing “too many logs.” This finding also points to the problems associated with auditing cloud environments in the event of an incident.

“Most organisations are drowning in ineffective preventative measures and draining resources with investments in expensive, disjointed solutions. This unfortunate combination is likely a tremendous factor in producing the chaos, complexity and confusion experienced by so many companies,” continued Malik. “It’s time for organisations to focus on what they do have control over – threat detection and incident response – and implement a unified solution that can monitor on-premises, cloud and hybrid environments. Simplifying security in this way enables companies to immediately identify and respond to threats, and in today’s cybersecurity landscape, this is the best strategy to mitigate risk.”

The post New research reveals major disconnect between beliefs and actions regarding IoT & cloud security appeared first on IT SECURITY GURU.

from New research reveals major disconnect between beliefs and actions regarding IoT & cloud security

Thursday, 30 March 2017

Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware

The US Department of Justice announced yesterday that Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty for his role in the creation of the Ebury malware and for maintaining its infamous botnet. US authorities indicted Senakh in January 2015, and the law enforcement detained the hacker in Finland in August of the same year. Finland approved Senakh’s extradition to the US in January 2016, but not without the classic rhetoric from Russian authorities who called the extradition process “legal abuse,” and the practice of arresting Russian citizens abroad an “illegal practice” and “witch hunt.”

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware appeared first on IT SECURITY GURU.

from Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware

Leaked Records up 566% to 4 Billion in 2016: IBM Security

In 2016, more than 4 billion records were leaked worldwide, exceeding the combined total from the two previous years, according to a report from IBM Security. In its IBM X-Force Threat Intelligence Index 2017, Big Blue explained the leaked documents comprised the usual credit cards, passwords, and personal health information, but also noted a shift in cybercriminal strategies, finding a number of significant breaches were related to unstructured data such as email archives, business documents, intellectual property, and source code.

View full story


The post Leaked Records up 566% to 4 Billion in 2016: IBM Security appeared first on IT SECURITY GURU.

from Leaked Records up 566% to 4 Billion in 2016: IBM Security

Encryp-xit: Europe Will Go All in For Crypto Backdoors in June

The European Commission will in June push for backdoor access to encryption used by apps, according to EU Justice Commissioner Věra Jourová. Speaking publicly, and claiming that she has been pushed by politicians across Europe, Jourová said that she will outline “three or four options” that range from voluntary agreements by business to strict legislation. The EC’s goal is to provide the police with a “swift and reliable” way to discover what users of encrypted apps have been communicating with others.

View full story


The post Encryp-xit: Europe Will Go All in For Crypto Backdoors in June appeared first on IT SECURITY GURU.

from Encryp-xit: Europe Will Go All in For Crypto Backdoors in June

Ikea Launches Light Bulbs that can be Controlled From a Smartphone – Experts Warn Hackers Could HIJACK Them

The Smart Home era just got even more connected with the launch of smart lighting from the Swedish home-goods giant Ikea. But the future may not be bright for smart light bulbs as cyber security experts have warned hackers might be able to get into the devices. The TRÅDFRI LED bulbs, which cost between $20 -$25 (£16 – £20), can be adjusted using a smartphone to produce different lighting levels.

View full story


The post Ikea Launches Light Bulbs that can be Controlled From a Smartphone – Experts Warn Hackers Could HIJACK Them appeared first on IT SECURITY GURU.

from Ikea Launches Light Bulbs that can be Controlled From a Smartphone – Experts Warn Hackers Could HIJACK Them

German Parliament Foiled Cyber Attack by Hackers via Israeli Website

The German parliament was the target of fresh cyber attacks in January that attempted to piggy-back on an Israeli newspaper site to target politicians in Germany, Berlin’s cyber security watchdog said on Wednesday. Cyber defenses installed after a 2015 hack of the parliament helped avert the attempted breaches, the Federal Office for Information Security (BSI) said in a statement. The hackers appeared to use advertising running on the Jerusalem Post website to redirect users to a malicious site, it said.

View full story


The post German Parliament Foiled Cyber Attack by Hackers via Israeli Website appeared first on IT SECURITY GURU.

from German Parliament Foiled Cyber Attack by Hackers via Israeli Website

New research reveals that 30 percent of malware attacks are zero day exploits

Thirty percent of malware can be classified as new or zero-day because it cannot be caught by legacy antivirus solutions, according to research published today in WatchGuard’s first Quarterly Internet Security Report, which explores the latest computer and network security threats affecting SMBs and distributed enterprises. The results from Q4 2016, confirm that cyber criminals’ capability to automatically repack or morph their malware has outpaced the AV industry’s ability to keep up with new signatures. This means that without advanced threat prevention, companies could be missing up to a third of malware.

The WatchGuard report also shows that old threats are reappearing and macro-based malware is still prevalent. Spear-phishing attempts still rely on malicious macros hidden in files including Microsoft’s new document  format, while attackers also still use malicious web shells to hijack web servers. It appears that PHP shells are alive and well, as nation-state attackers have been evolving this old attack technique with new obfuscation methods.

Other findings in the WatchGuard Q4 2016 report include:

  • JavaScript is a popular malware delivery and obfuscation mechanism with a rise in malicious JavaScript, both in email and over the web.
  • Most network attacks were aimed at web services and browsers, with 73 percent of the top attacks targeting web browsers in drive-by download attacks.
  • All of the top ten exploits were web-based attacks and the top network attack was Remote Code Execution that targets Internet Explorer (IE). But strangely, this attack almost entirely affected Germany alone. Breaking it down country by country, it targeted Germany 99 percent of the time.

The new Quarterly WatchGuard Security Report covers top network and malware trends and examines the most notable cybersecurity stories, details new research from the WatchGuard Threat Lab and provides practical defence tips for security professionals.

The  findings in the report are based on anonymised Firebox Feed data from WatchGuard’s 24,000 active unified threat management (UTM) appliances worldwide.

“We’re incredibly excited to introduce WatchGuard’s Internet Security Report,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Our Threat Lab has been monitoring the most prevalent security industry threats and trends for years and now with the addition of the Firebox Feed—anonymised threat analytics from Fireboxes deployed around the world—we have firsthand, acute insight into the evolution of cyberattacks and how threat actors are behaving. Each quarter, our report will marry new Firebox Feed data with original research and analysis of major information security events to reveal key threat trends and provide defence best practices.”

“With ransomware attempts and malicious websites dominating the headlines along with cyberattacks such as the Mirai Botnet, the SWIFT banking attacks and alleged Russian interference in the US presidential election, it was a busy quarter for cybercriminals,” said Jonathan Whitley, sales director for Northern Europe at WatchGuard. “The insight trends, research and security tips in our Quarterly Internet Security Reports are designed to help companies stay educated and vigilant in such a dynamic threat landscape.”

The 24,000 active WatchGuard UTM appliances worldwide used to build the report blocked more than 18.7 million malware variants in Q4, which averages to 758 variants per participating device. They also blocked more than 3 million network attacks, which averages 123 attacks per participating device. The report includes a detailed breakdown of the quarter’s top malware and attack trends, the top security incidents and web and email attack trends.

In response to the rapid spread of the Mirai botnet, the WatchGuard Threat Lab has also launched an ongoing research project that analyses IoT devices for security flaws. The research highlighted in this report evaluated Wi-Fi cameras, fitness accessories and network-enabled novelty devices. This includes a deeper look at vulnerabilities the Threat Lab found in a relatively popular wireless IP camera and steps consumers should take to secure IoT devices they purchase.

For more information, download the full report here:

The post New research reveals that 30 percent of malware attacks are zero day exploits appeared first on IT SECURITY GURU.

from New research reveals that 30 percent of malware attacks are zero day exploits

93% of cybersecurity researchers say non-malware attacks pose more risk to businesses than commodity malware

Carbon Black, the leader in next-generation endpoint security, today announced the results of its latest research report, “Beyond the Hype,” which aggregates insight from more than 400 interviews with leading cybersecurity researchers who discussed non-malware attacks, artificial intelligence (AI) and machine learning (ML), among other topics.

The results were definitive, pointing to the following trends:

  • The vast majority (93%) of cybersecurity researchers said non-malware attacks pose more of a business risk than commodity malware attacks.
  • Nearly two thirds (64%) of cybersecurity researchers said they’ve seen an increase in non-malware attacks since the beginning of 2016. There non-malware attacks are increasingly leveraging native system tools, such as WMI and PowerShell, to conduct nefarious actions, researchers reported.
  • AI is considered by most cybersecurity researchers to be in its nascent stages and not yet able to replace human decision making in cybersecurity. 87% of the researchers said it will be longer than three years before they trust AI to lead cybersecurity decisions.
  • Three quarters (74%) of researchers said AI-driven cybersecurity solutions are still flawed.
  • 70% of cybersecurity researchers said ML-driven security solutions can be bypassed by attackers. Nearly one-third (30%) said attackers could “easily” bypass ML-driven security.
  • Cybersecurity talent, resourcing and trust in executives continue to be top challenges plaguing many businesses.

“Based on how cybersecurity researchers perceive current AI-driven security solutions, cybersecurity is still very much a ‘human vs. human’ battle, even with the increased levels of automation seen on both the offensive and defensive sides of the battlefield,” said Carbon Black Co-founder and Chief Technology Officer, Michael Viscuso. “And, the fault with machine learning exists in how much emphasis organisations may be placing on it and how they are using it. Static, analysis-based approaches relying exclusively on files have historically been popular, but they have not proven sufficient for reliably detecting new attacks. Rather, the most resilient ML approaches involve dynamic analysis – evaluating programmes based on the actions they take.”

In addition to key statistics from the research, the report also includes a timeline of notable non-malware attacks, recommendations for incorporating AI and ML into cybersecurity programs and an “In Their Own Words” section, which includes direct quotes from cybersecurity researchers and unique perspectives on the evolution of non-malware attacks.

Said one cybersecurity researcher: “Non-malware attacks will become so widespread and target even the smallest business that users will become familiar with them. Most users seem to be familiar with the idea that their computer or network may have accidentally become infected with a virus, but rarely consider a person who is actually attacking them in a more proactive and targeted manner.”

For a full look at the Carbon Black research, click here.

The post 93% of cybersecurity researchers say non-malware attacks pose more risk to businesses than commodity malware appeared first on IT SECURITY GURU.

from 93% of cybersecurity researchers say non-malware attacks pose more risk to businesses than commodity malware

Giving millennials the keys to a kingdom without borders

From mobile phones to WiFi door locks and ingestible smart pills, connected devices that make up the Internet of Things are entering our offices, home, and even bodies at an astonishing rate. Such devices were once a distant figment of our imagination or something only dreamt up in a Sci-Fi film, but we’re quickly becoming dependent on them to track our exercise, unlock our homes, or diagnose our illnesses.

IoT has added momentum to the consumerisation of IT, meaning employees now expect the workplace to be just as connected as their homes. In turn, remote work environments that offer more flexibility are not only expected but even demanded, expanding the business perimeter well beyond the four walls of the office.

Welcoming the millennial workforce

Adding to these challenges is the rise of the millennial workforce, which will comprise 75 per cent of the global workforce by 2025, according to Deloitte[1]. A generation of digital natives, with greater expectations for a modern mobile work environment, millennials don’t want to use clunky legacy IT and demand intuitive user experiences. Unless you comply, they’re likely to defect to competitors who can facilitate their anywhere, anytime, connected culture.

Mobile demands a security reset

To facilitate this demand, many organisations are adopting a ‘deskless’ policy, where employees are no longer tied to a single desk but are provided with the tools to work on the go. This is why Bring Your Own Device (BYOD) dominates how companies provide mobile access to apps. But to ensure digital devices are covered under the protective corporate umbrella, organisations must extend their security measures to wherever their employees are – whether that’s a coffee shop at an airport or the morning train commute. Here are some suggestions for how to do that:

Don’t use legacy directories

Microsoft Active Directory is a popular software system to control access to corporate apps. First released in the 90s, it was designed for very different world than today:

  1. Employees only worked in an office — not remotely
  2. Employees on worked on PCs — not iPhones, Android devices, or Macs
  3. Employees were the only users given access to Active Directory (AD) — not other types of users such as contractors, franchisees, brokers, or other non-employee workers that comprise today’s agile workforce


Because of these factors, AD simply doesn’t work well today’s needs: non-employee users accessing company apps from non-PC devices outside the corporate firewall. Companies should instead use a cloud directory engineered to be secure on the Internet, without the crutch of a firewall, accessible by a wide range of user types and devices.

Don’t rely on passwords

With over one billion credentials hacked[2], passwords are simply not enough to secure corporate apps. Multifactor authentication (MFA), where you use your phone to sign into an app, is now table stakes for keeping your company secure. But having to reach for your phone every time you sign into an app gets tedious, fast. So look for dynamic MFA, which only requires you to sign in when working remotely, which can install a certificate on your laptop as a second factor to enable painless MFA, and which works whatever authenticators are preferred by your security team, such as those from Google, DUO, RSA, and others.

Don’t harm employees with MDM-zilla

Traditional Mobile Device Management (MDM) vendors brag about their ability to wipe all data from a mobile device. This would be fine if it were 2007 and we were all using company-issued Blackberries that only have company email. But — like Active Directory — MDM is designed for bygone era. Imagine if an IT admin used an MDM “solution” to accidentally wipe your personal device when travelling: you wouldn’t be able to contact anyone, you wouldn’t know when your meetings are, and you wouldn’t even have your airline boarding pass! Better solutions that protect personal data and apps from IT admins are coming; be sure to look for them.

Facilitating the needs of the modern mobile workforce will be more important than ever in 2017. It will be vital for companies to turn concerns and demands into actions. It is only a matter of time before skilled tech-savvy workers demand to work with more technologically progressive employers.



By Al Sargent, Sr. Director of Product Marketing at OneLogin

The post Giving millennials the keys to a kingdom without borders appeared first on IT SECURITY GURU.

from Giving millennials the keys to a kingdom without borders

Misguided justifications for not remediating vulnerabilities

According to Nuix’s recent Black Report, 75% of organisations only perform limited remediation after a penetration test. To take the positives, it’s good that organisations are paying attention to critical vulnerabilities. However, the report also shows that 64% of penetration testers say their biggest frustration is that organisations do not fix the things they know are broken.

Product and system owners face a few options when they learn about a vulnerability and the risks it poses. They can accept the risk, usually when the value of the asset is less than the cost of protecting it. A second option is mitigation, which can entail implementing external controls to the product, and relying on internal mechanisms to make it significantly more difficult to exploit a vulnerability.

In most cases, a third possibility – remediation – is the preferred course of action. However, product or system owners often choose not to remediate vulnerabilities, as remediation can be costly and complex. In this case, their justifications tend to be misguided. Here are some of the most common reasons organisations choose not remediate a vulnerability after they find out about it.

Root or user accounts are required to access data, and therefore are protected: By relying on this security measure, there’s an inherent assumption that organisations have effective controls around who can access the servers—physically and digitally. The main reason this fails the security test is that insiders can still access the data, which may or may not be encrypted. Considering it takes an attackerless than 12 hours to compromise a system, organisations cannot afford to rely solely on system-level access controls to protect application data. And if the asset includes database credentials that have significant privileges on the database, the product owner just provided another avenue for attack.

The framework provides protection: Frameworks are a very important part of developing secure applications. The longer a framework has been around, the greater the chance that most of the lower-hanging security issues have been resolved. However, even a well-tested framework is no guarantee of security. Firstly, because not all framework owners respond effectively to security issues offer effective general long-term support. They may not be effective when time comes to communicate issues to the community using the framework, or when fixing problems in a timely manner, or when effectively determining the source of an issue, or with patching the system and delivering updates to the customer. Secondly, most organisations do not use trusted local versions of the framework. If the organisation is always pulling down a copy of the framework from a shared repository, how do they verify that the download is legitimate and not compromised? Last, but not least, because it is possible for malicious code to be injected into open source frameworks. Once this has happened, there might not be a way to recover.

Browser controls are in place, and are sufficient: Browser controls provide a basic level of defence that is meant to act as a gatekeeper – not as an overall solution, given the lack of context browsers have regarding applications. Not allbrowsers support controls and there is no guarantee that current browsers will support them in the future. For example, the HTTP Strict Transport Security feature tells the browser to force any request coming from the page through HTTPS. This header provides a false sense of security. If cookies are not set to be HTTPOnly and Secure Only, any cross-site scripting vulnerability will result in the ability to steal cookies or local storage (HTML5).X-Frame-Options is a very important header to set, but be sure to set it correctly to prevent an attacker from building a site that frames the victim site. It helps prevent against attacks known as clickjacking. This protection also does not prevent cross-site scripting attacks that manipulate the document object model. Organisations can use Access-Control-Allow-Origin to prevent JavaScript hosted on third-party domains from running. Just remember, it doesn’t prevent a user from executing an attack using JavaScript that might have been dropped onto the web server via another attack vector.

Employees won’t misuse internal apps: Organisations tend to think that no employee will take advantage of an internal tool. They assume that employees never make mistakes and that external threats—hackers—will not get access to legitimate user accounts. The key is to remember that not all insider threats are malicious and that there is nothing to differentiate a hacker with stolen credentials from a legitimate user.

Networking controls are efficient: Some product owners use firewalls and network access controls as a justification for not remediating a vulnerability. They believe the network controls are effective enough to make fixing the application unnecessary. There are two challenges with this. The first is it assumes that there are no vulnerabilities in the network firewall or web application firewall and that both are patched in a timely manner when patches are available. The second is that in large, complex network architectures, it can be difficult or impossible to fully understand the flow of network traffic. If the firewall protecting them is misconfigured, there is an increased risk of accidental exposure.

No matter which decision product and system owners decide to make – be it acceptance, mitigation, or remediation – each of these paths carries its own risks and consequences.

Understanding the issues that lie beneath each option will be the key to success.

By Evan Oslick, Software Security Developer, Nuix

The post Misguided justifications for not remediating vulnerabilities appeared first on IT SECURITY GURU.

from Misguided justifications for not remediating vulnerabilities

Wednesday, 29 March 2017

FireMon’s Intelligent Security Management (ISM) Platform (Review)

Verdict: Worried about GDPR compliance? Don’t be as FireMon’s Intelligent Security Management (ISM) Platform keeps you ahead of the game with sophisticated firewall monitoring,
risk analysis and automated change management IT security professionals already faced with a mountain of data protection regulations will find their jobs are about to get a lot tougher. The EU GDPR (general data protection regulations) come into force in May 2018 and that means businesses of all sizes must protect against security breaches involving personal data or be hit hard with punitive fines. Firewalls are the first line of defense and it’s now imperative that administrators start working on compliance with clear and effective configuration and change management policies. This will be challenging in geographically distributed, multi-vendor environments and FireMon’s Intelligent Security Management Platform lightens the load by providing a suite of tools for firewall and network device visibility, compliance audits, risk analysis and change management. The complete suite is seamlessly integrated into a web-based management console that provides a single pane of glass view of your entire security infrastructure. ISM runs on FMOS (FireMon Operating System) – a hardened Linux OS based on CentOS which provides a highly scalable, distributed architecture capable of delivering real-time security intelligence and event analytics across thousands of firewalls.



The post FireMon’s Intelligent Security Management (ISM) Platform (Review) appeared first on IT SECURITY GURU.

from FireMon’s Intelligent Security Management (ISM) Platform (Review)

Apple Squashes Cert-handling Bug Affecting MacOS and iOS

Apple has resolved a certification validation vulnerability affecting both macOS and iOS users. The (CVE-2017-2485) vulnerability posed a remote code execution risk on affected systems, which created a potential mechanism for hackers to craft exploits that pushed malware on to otherwise patched iThings.

View full story


The post Apple Squashes Cert-handling Bug Affecting MacOS and iOS appeared first on IT SECURITY GURU.

from Apple Squashes Cert-handling Bug Affecting MacOS and iOS

How Trump can Keep America’s Grid Safe from Hackers

The U.S. electrical grid could be hacked — and security experts want the Trump administration to make it a lot harder for attackers to turn off America’s lights. MIT released a report Tuesday calling for an overhaul of infrastructure cybersecurity. The authors — led by Joel Brenner, senior research fellow at MIT and former head of U.S. counterintelligence — want the administration to take more effective action on securing critical systems we use every day.

View full story


The post How Trump can Keep America’s Grid Safe from Hackers appeared first on IT SECURITY GURU.

from How Trump can Keep America’s Grid Safe from Hackers

AI, Machine Learning: Not Ready for Prime Time

Artificial intelligence (AI) and machine learning (ML) have been marketed as game-changing technologies amid the climbing number of breaches, increased prevalence of non-malware attacks and the waning efficacy of legacy antivirus (AV). Yet doubts still persist, especially when they’re used in siloes. For now, it appears to be a fledgling space. According to Carbon Black’s Behind the Hype report on the subject, nearly two-thirds (64%) of security researchers said they’ve seen an increase in non-malware attacks since the beginning of 2016; and, the vast majority (93%) of security researchers said non-malware attacks pose more of a business risk than commodity malware attacks.

View full story

ORIGINAL SOURCE: Infosecurity Magazine

The post AI, Machine Learning: Not Ready for Prime Time appeared first on IT SECURITY GURU.

from AI, Machine Learning: Not Ready for Prime Time

Cyber-security Report Shows Increase in Threat to Servers

Networking giant, Cisco, has advised governments and organisations on the need to demonstrate huge security capabilities, having discovered dramatic increase in spam volume as well as huge server vulnerabilities.In its 2017 Annual Cybersecurity Report (ACR), which also showed the true cost of cybercrime, Cisco informed that attackers now launch more attacks against servers. Attacks on server can run the company or organisation down by making hitherto closed information available to attackers; this is even as the breaches impact the firm financially.

View full story


The post Cyber-security Report Shows Increase in Threat to Servers appeared first on IT SECURITY GURU.

from Cyber-security Report Shows Increase in Threat to Servers

FBI Warns Healthcare Entities of Threats to FTP Servers

The FBI is warning the healthcare sector to step up security of its file transfer protocol servers as cybercriminals step up attacks targeting FTP servers running in anonymous mode. “The FBI is aware of criminal actors who are actively targeting FTP servers operating in ‘anonymous’ mode and associated with medical and dental facilities to access protected health information and personally identifiable information in order to intimidate, harass and blackmail business owners,” the March 22 FBI alert says.

View full story

ORIGINAL SOURCE: Data Breach Today

The post FBI Warns Healthcare Entities of Threats to FTP Servers appeared first on IT SECURITY GURU.

from FBI Warns Healthcare Entities of Threats to FTP Servers

Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.

The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10).  According to the Breach Level Index, more than 7 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over 3 million records compromised every day or roughly 44 records every second.

Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.6). In fact the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and 2014.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

 Data Breaches by Type

In 2016, identity theft was the leading type of data breach, accounting for 59% of all data breaches, up by 5% from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 % of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 102% accounting for 18% of all breached records up 1474% since 2015.

Data Breaches by Source

Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year.

Data Breaches by Industry

Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015.

The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in healthcare decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year.

All industries listed in the ‘Other’ category represented 13% of data breaches and 36% of compromised data records. In this category, the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media and entertainment industry related data breaches made up the majority.

Last year 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).

“Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”

The post Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries appeared first on IT SECURITY GURU.

from Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

Timely new guide arms government and business leaders with cybersecurity tactics

The huge economic risk posed by cybercrime has prompted an industry expert to pen a jargon-free guide to help leaders understand the growing problem.

Titled ‘Surviving the Rise of Cybercrime‘, the book explains the complex threat in straight-forward terms. It is to be launched by the Hon Dan Tehan MP, Australia’s Minister Assisting the Prime Minister for Cyber Security, in the presence of Australian cybersecurity experts from industry and government. Craig Davies, CEO of the Australian Cyber Security Growth Network, will also to address the crowd.

Author Craig McDonald, CEO and founder of Australian cybersecurity pioneer MailGuard, wrote the guide with the aim of empowering time-poor, non-tech executives in under an hour.

Cybercrime is a rapidly-growing industry. Last year, 594 million people were victims of online crime.

It is now the number one economic crime in Australia, according to PwC, having been deemed “statistically insignificant” just six years ago.

It’s alarmingly easy for cybercriminals to get a foot in the door, with 91% of cyber attacks arriving via email, usually via phishing. Every day, 205 billion emails are sent around the world – and everyone with an email address is a potential target.

It means sorting the legitimate senders from criminal impersonators is growing increasingly difficult.

McDonald says he wrote Surviving the Rise of Cybercrime to help executives navigate an ever-changing threat landscape.

“Every day I talk to successful business leaders who are charged with the responsibility of steering their organisations to success. To many, cybersecurity is new and unfamiliar territory,” McDonald said.

“In cybersecurity, the human factor is the greatest vulnerability for any organisation, and a large part of the challenge is generating awareness and educating those who are in harm’s way. This is particularly the case with executives who are time-poor and often feel that there’s too much to consider.

“Some executives take the view that it’s somebody else’s problem – most commonly a member of their IT team. In today’s climate such attitudes are outdated and plain dangerous.”

The cost of cybercrime to business and government

Cybercrime costs the Australian economy between $1 billion and $17 billion annually, or roughly 1 per cent of GDP. The average attack costs SMBs $276,000.

Australian Government departments and agencies are not immune, with international cyber attacks reportedly targeting Austrade, the Defence Science Technology Group and the Bureau of Meteorology.

The Australian Cyber Security Centre says between January 2015 and June 2016 the Australian Signals Directorate responded to 1,095 cybersecurity incidents against government systems. The Prime Minister’s cyber security adviser, Alastair MacGibbon, who will attend the book launch, has stated that the Australian Government is “attacked on a daily basis”.

Surviving the Rise of Cybercrime covers:

  •        Identifying threats to a business
  •        Why cybercriminals target particular businesses and staff
  •         Why IT teams struggle to prevent these rising threats
  •        The role leaders and executives need to play in cybersecurity
  •        How to educate managers and teams as the frontline of your company’s cyber defence.

What executives say about the book

“Outstanding. This book is a must-read for every executive. Cybercrime poses a serious threat to every business, large and small. No longer just an IT problem; all executives must comprehend the risks. Cyber attacks lead to serious business disruption, reputational damage and financial loss. It’s the responsibility of every executive, and this book provides a thorough foundation for understanding the cybersecurity landscape.” – Pip Marlow, former managing director, Microsoft Australia and newly-appointed CEO of strategic innovation, Suncorp.

“Knowledge of cybersecurity issues is essential for all executives irrespective of the business they are in. This guide puts the current state of cybersecurity into perspective with deep insights from visionaries in government and commerce, and offers practical advice on defining and protecting critical assets.” – Bradley Bastow Chief Technology Officer, Department of Prime Minister and Cabinet.

“Gone are the days when cybercrime was simply a matter for IT professionals. In today’s world, cybersecurity is an important issue for all leaders and managers at all levels of all organisations. If you value business continuity and strategic growth for your organisation, then Surviving the Rise of Cybercrime is a must-read for all executives.” – Professor Gary Martin FAIM FACE Chief Executive Officer, Australian Institute of Management, Western Australia.

For a copy of the ebook version of Surviving the Rise of Cybercrime, please visit:

The post Timely new guide arms government and business leaders with cybersecurity tactics appeared first on IT SECURITY GURU.

from Timely new guide arms government and business leaders with cybersecurity tactics

IoD and Barclays: More than a third of businesses lack a formal strategy against cyber attack

The Institute of Directors and Barclays have announced in their latest report that more than a third of businesses lack a formal strategy against cyber attack.

Of the 845 members that make the Institute of Directors, 95 per cent had said they considered cyber security to be quite or very important to their business. Despite this, 40 per cent of businesses said they would not know who to report incidents of cyber crime to.

The survey, which was conducted in December 2016, surprisingly found that the number of businesses preparing themselves for cyber attacks had not increased since last year as only 56 per cent of companies had said that have a formal strategy in place to protect business devices and data.

It was also found that 39 per cent of respondents felt vulnerable to the threat of cyber crime on their work laptops and 57 per cent on their mobiles.

Given the number of high profiled attacks on the digital economy over the past year, it is alarming to see that many enterprises have not acted to increase cyber security awareness.

Cyber security experts from Cylance, Synopsys and Synack have given their thoughts on why there has been a lack of urgency shown by businesses.

Dr Anton Grashion, managing director – security practice at Cylance, “This new report from Barclays and the Institute of Directors clearly shows that there is a striking divide between executives’ awareness that information security is a critical concern and their businesses’ actual state of defence readiness. The ability to prevent malicious software from executing on every network endpoint is absolutely critical, yet it’s telling that 39 percent worry about the security of their mobile laptops. There is great reason to worry when the vast majority of businesses are reliant on twenty-year-old antivirus technologies as their executives tote their organisations’ intellectual property – the crown jewels, as it were – around on their travels. It’s high time for even smaller corporations to investigate the vastly more effective next-generation endpoint security technologies.”

Adam Brown, manager – security solutions at Synopsys “In a recent survey at a global security conference, Synopsys found that 73% of top security professionals think it likely that their organisations will be hit with a major data breach in the next 12 months – but they won’t have enough time, money, or skilled staff to handle the crisis. Responses to cyber-attacks can be hard to address without experienced specialists on hand, so the challenge is more than just knowing who to report the incident to. Organisations need to be prepared for such breaches, furthermore they should consider the process for dealing with product releases, compliance requirements.”

Anne-Marie Chun – industry analyst at Synack “The onus is really on the security industry and security practitioners to educate the c-suite and board level, as well as product managers and asset owners, about the importance of security. There needs to be more accountability at the executive level. Until there is accountability, security will not become a priority and there will continue to be a lack of strategy.

We also need leadership from the very top – the government should take a leadership role in cybersecurity, since they have the greatest visibility into the threat and some of the most sophisticated cybersecurity capabilities. The government needs to work with commercial companies to develop a set of standards and best practices that guide how organisations not only respond to attacks, but also prevent attacks. A proactive approach to cyber defence is key to finding and remediating vulnerabilities before they are exploited and can also help mitigate the risk that a cyber attack poses to the business. In addition, the government should facilitate close collaboration between the public and private sectors – both sectors face the same threat and will be stronger together.”


The post IoD and Barclays: More than a third of businesses lack a formal strategy against cyber attack appeared first on IT SECURITY GURU.

from IoD and Barclays: More than a third of businesses lack a formal strategy against cyber attack

Tuesday, 28 March 2017

As of Today, iThings are Even Harder for Police to Probe

Apple today released iOS 10.3, watchOS 3.2 and tvOS 10.2 (14W265), the first two of all of which bring some pleasing extra functionality to iThings, But the main attraction in the new release is Apple File System, because it adds comprehensive encryption to the iPhone and Apple Watch.
Apple’s been very shy about the Apple file system (APFS), which it revealed with little fanfare at last year’s Worldwide Developers Conference (WWDC) and doesn’t even mention it in the list of features in iOS 10.3.

View full story


The post As of Today, iThings are Even Harder for Police to Probe appeared first on IT SECURITY GURU.

from As of Today, iThings are Even Harder for Police to Probe

LastPass Scrambles to Fix Another Major Flaw – Once Again Spotted by Google’s Bugfinders

For most of us, Saturday morning is a time for a lie in, a leisurely brunch, or maybe taking the kids to the park. But for some it’s bug-hunting time. Tavis Ormandy, a member of Google’s crack Project Zero security team, was in the shower and thinking about LastPass – after finding a number of flaws in the password manager over the past week. Then he had an epiphany and “realized how to get codeexec in LastPass 4.1.43,” he said, and filed a bug report.

View full story


The post LastPass Scrambles to Fix Another Major Flaw – Once Again Spotted by Google’s Bugfinders appeared first on IT SECURITY GURU.

from LastPass Scrambles to Fix Another Major Flaw – Once Again Spotted by Google’s Bugfinders

Nato to Spend £2.6 Billion on Satellites, Cyber Security and Drones

Nato has announced plans to spend €3bn (£2.6bn) on upgrading its satellite and computer technology over the next three years, a senior official has said. As the alliance adapts to new types of warfare it hoped the technology will deter hackers, as the North Atlantic Treaty Organisation (Nato) acknowledges conflicts are increasingly fought out online rather than in the air, on land or at sea.

View full story


The post Nato to Spend £2.6 Billion on Satellites, Cyber Security and Drones appeared first on IT SECURITY GURU.

from Nato to Spend £2.6 Billion on Satellites, Cyber Security and Drones

Satnav Spoofing Attacks: Why These Researchers Think They Have the Answer

Even though satellite signals are vulnerable to spoofing attacks from hackers, the world’s newest global navigation system, Europe’s Galileo, has been operating with no way to protect civilian users from hacking attempts since its launch in December.
But it is Galileo’s newness that has led researchers at the University of Leuven in Belgium to equip Galileo with what is believed to be the first digital security measure for a global navigation system for non-military use.

View full story


The post Satnav Spoofing Attacks: Why These Researchers Think They Have the Answer appeared first on IT SECURITY GURU.

from Satnav Spoofing Attacks: Why These Researchers Think They Have the Answer

N. Korea Using Hackers to Rob Banks to Fund Regime

It is estimated North Korea has a hacker army numbered in the thousands.  The regime is becoming increasingly bold in its quest for foreign currency and is using this hacker army to attack banks around the world and steal money, lots of money.According to the New York Times, targets have included the World Bank, the European Central Bank, and big U.S. companies, including Bank of America, State Street Bank and Trust, and the Bank of New York Mellon.

View full story

ORIGINAL SOURCE: Washington Times

The post N. Korea Using Hackers to Rob Banks to Fund Regime appeared first on IT SECURITY GURU.

from N. Korea Using Hackers to Rob Banks to Fund Regime

Tech-savvy generation demands the high street to up its game

A new retail report, by mobile technology solutions provider Apadmi, found that consumers would like to see retailers make better use of technology in-store.

Nearly half (46%) now expect stores to offer free WiFi and one in five shoppers want retailers to use technology that will provide a more tailored shopping experience while they browse in-store – like an app that notifies them of nearby offers or provides product recommendations or reviews.

Speed and convenience are top priorities for today’s high street consumer. Being able to pay for items through an app to avoid queues appealed to over a quarter of shoppers surveyed in the report.

If retailers cannot implement “just walk out” technology, where customers can purchase items through an app without the need for cashiers like that used by Amazon Go, consumers would, at a minimum, like to purchase products through an app and then pick up their items in-store (26%).

With one in ten UK consumers downloading more retail apps in the last 12 months than they did in the previous year, the research highlights the shift towards online and mobile technology and the need for retailers to now offer a unified, omnichannel experience.

Nick Black, CEO of Apadmi, said: “There is a need among consumers for retailers to make better use of technology in-store to make every aspect of the shopping journey more enjoyable. As shoppers continue to embrace mobile e-commerce, and retail apps, the in-store experience needs to remain relevant and therefore incorporate the benefits that can be achieved through shopping online.

“Our research has uncovered a desire among shoppers for more convenient ways of buying items in-store, as well as better communication channels to inform them about the latest offers or promotions as they walk around the shop.

“Expectations of the in-store experience are increasing, and while it will be challenging for retailers to meet the demands of tech-savvy shoppers, it’s important that they get on-board to retain customer loyalty.”

View the report here

The post Tech-savvy generation demands the high street to up its game appeared first on IT SECURITY GURU.

from Tech-savvy generation demands the high street to up its game