Saturday, 22 July 2017

Lastline Unveils Unprecedented Breach Protection Capabilities

Malware protection firm Lastline has introduced Lastline Breach Defender™, the industry’s only solution that provides a dynamic blueprint of a breach as it unfolds and moves laterally across a network. Informed by unprecedented understanding of malware behaviours, Lastline Breach Defender provides the visibility, context, threat intelligence, and integration enterprise security teams need to remediate breaches faster, with fewer resources, and at lower cost.

“When malware strikes, it is imperative that security teams see and understand all the malicious activity taking place across a compromised network,” said Christopher Kruegel, Lastline CEO. “Lastline Breach Defender provides this information, accelerating the team’s ability to respond to a breach before data exfiltration can occur by identifying all the applications, systems, and data affected by the malware.”

Features of Lastline Breach Defender includes:

  • Malware Detection: Lastline Deep Content Inspection™ detects attacks that evade sandboxes, firewalls, and other “next-gen” tools by uncovering malicious behaviour engineered into a piece of malware with unique fidelity not possible with other technologies.
  • Network Analysis: Monitors events and network activity, including low-level events and seemingly benign activity, to uncover all malicious network activity.
  • Global Threat Intelligence: Provides context by linking activity within a network with global information about threats previously detected by Lastline’s global customer base.
  • Integrations: Proven integration with third-party security products further inform breach analysis and improve effectiveness of existing controls.
  • Data Correlation: Applies machine learning and AI techniques to connect collected data and identify relationships among seemingly unrelated aspects of the breach activity, spotting elements of a breach that otherwise would have been missed with limited security staffing and other tools.
  • Anomaly Detection: Builds a profile of normal network activity using machine learning, and correlates anomalies in the context of detected breaches, providing improved threat analytics without overwhelming analysts with benign anomalies.
  • Manual or automated response enables an organization to implement mitigating controls to help secure their organization
  • Integrations with existing security infrastructure improve the effectiveness of current security products, staff, and processes
  • Cloud-based architecture and flexible deployment options reduce the cost and complexity of eliminating advanced threats

“Lastline provides unmatched breach detection with a single product that correlates network anomalies, threat intelligence, and our deep visibility of malware behavior,” said Brian Laing, Lastline VP of business development and products. “Lastline Breach Defender provides all the capabilities enterprises need to detect breaches quickly with minimal false positives, remediate them more efficiently and effectively, and do so with fewer resources, protecting the organization from costly and damaging data breaches.”

The post Lastline Unveils Unprecedented Breach Protection Capabilities appeared first on IT SECURITY GURU.



from Lastline Unveils Unprecedented Breach Protection Capabilities

UK uni warns students of phishers trying to nick their tuition fees

Foreign students looking to experience the stochastic joys of a year at Newcastle University in England are being warned that phishers are after their cash – using an unusually well-crafted attack. The raiders set up a very realistic-looking fake website proclaiming itself to be Newcastle International University, complete with pages of well-laid-out information. The URL isn’t that of the actual university site, but if you’re a student unfamiliar with the center of learning, it would be easy to be fooled.
View Full Story

ORIGINAL SOURCE: The Register

The post UK uni warns students of phishers trying to nick their tuition fees appeared first on IT SECURITY GURU.



from UK uni warns students of phishers trying to nick their tuition fees

BEC Attacks Far More Lucrative than Ransomware over Past 3 Years

Despite all the recent attention paid to ransomware, cybercriminals walked away with $5.3 billion from business email compromise (BEC) attacks compared with $1 billion for ransomware over a three-year stretch, according to Cisco’s 2017 Midyear Cybersecurity Report released today. Cybercriminals are increasingly taking a practical approach to their pilfering, going for the fastest method that they can steal a buck, or in this case, billions, says Steve Martino, Cisco’s chief information security officer. “What we are looking at is the continual commercialization of cyberattacks,” Martino says, pointing out that is a major theme in the report.

View Full Story

ORIGINAL SOURCE: Dark Reading

The post BEC Attacks Far More Lucrative than Ransomware over Past 3 Years appeared first on IT SECURITY GURU.



from BEC Attacks Far More Lucrative than Ransomware over Past 3 Years

Donald Trump in talks with Russia over ‘creating cyber security group’

Moscow and Washington are in talks to create a joint cyber security working group, a Russian news agency has reported. In its report, RIA news agency cited Russia’s special envoy on cyber security, Andrey Krutskikh. “Different proposals are being exchanged and are being studied, nobody is avoiding the need for negotiations and contacts,” Mr Krutskikh said, according to the agency. “There is no need to overdramatise the working process, it is underway without doubts, it is difficult taking into account the US realities, but this is more of the issue of the US administration, not ours.” Last week, Russia said Donald Trump and Vladimir Putin had discussed forming a group on cyber security.
View Full Story

ORIGINAL SOURCE: The Independent

The post Donald Trump in talks with Russia over ‘creating cyber security group’ appeared first on IT SECURITY GURU.



from Donald Trump in talks with Russia over ‘creating cyber security group’

Valve Patches Security Flaw That Allows Installation of Malware via Steam Games

A vulnerability in Valve’s Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user’s computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others. The issue came to light today when security researcher Justin Taft of One Up Security published a report detailing his findings. The vulnerability is a simple buffer overflow in the Source SDK. The buffer overflow can be exploited by an attacker to append a piece of malicious code and execute it on a targeted machine.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Valve Patches Security Flaw That Allows Installation of Malware via Steam Games appeared first on IT SECURITY GURU.



from Valve Patches Security Flaw That Allows Installation of Malware via Steam Games

Friday, 21 July 2017

DarkHotel hackers are going after political targets instead of CEOs with new Inexsmar malware

A highly sophisticated cyberespionage group called DarkHotel, which has been around for decades, is back in business.The hacker group is known for going after targets in the business sector, using luxury hotel’s Wi-Fi to hack and spy on victims. However, DarkHotel hackers have now changed their strategy and are targeting political figures instead of CEO’s, according to security experts. Although DarkHotel hackers previously typically used zero-day exploits in their campaigns, the cyberespionage group’s new multi-pronged attack vector includes a combination of whaling (advanced phishing), a new malware called Inexsmar as well as other complex attack methods.

View Full Story

ORIGINAL SOURCE: IB Times UK

The post DarkHotel hackers are going after political targets instead of CEOs with new Inexsmar malware appeared first on IT SECURITY GURU.



from DarkHotel hackers are going after political targets instead of CEOs with new Inexsmar malware

In an Evil Internet Minute, £656,393 is Lost to Cybercrime, Reveals RiskIQ

With cybercriminals costing the global economy £345 billion last year alone[1], Digital threat management leader RiskIQ has examined the growing volume of malicious activity on the Internet to reveal the inaugural ‘Evil Internet Minute’. In a single evil internet minute, close to £656,393 is lost to cybercrime and 1,080 people fall victim. Despite businesses’ best efforts to guard against external cyber threats, spending up to £109,942[2] in 60 seconds, bad actors continue to proliferate online.

Colin Verrall, VP EMEA, RiskIQ comments, “As the Internet and its community continues to grow at pace, some people have been trying to make the vast numbers associated with it more accessible by framing them in the context of an ‘Internet Minute’. As the same growth applies to cybercrime, similarly, we have framed malicious Internet activity, leveraging the latest research as well as our own intelligence to define the darker happenings across the web in 60 seconds.”

The threats are complex with tactics ranging from malware to phishing, and intentions including monetary gain, inflicting large scale reputational damage or perhaps even to entertain. Cyber criminals continue to find success deploying tactics from 818 pieces of unique malware, 1214 ransomware attacks and over 100,000 phishing emails in just one evil internet minute.

RiskIQ’s research has also uncovered additional malicious activity, ranging from blacklisted mobile apps to malvertising:

  • New blacklisted mobile apps: 0.3 per minute
  • New phishing pages: 100 per minute
  • Malvertising: 14.5 incidents per minute
  • Pirate content: 4,300 people globally exposed to malware from content theft sites per minute

Colin Verrall, VP EMEA, RiskIQ comments, “Sophisticated cyber criminals continue to expand their digital armoury, lurking behind more online activity than we might expect. Websites, emails, mobile apps, online videos or even digital advertisements; all have become regular methods of entry for malicious online activity. The digital footprint of a business is always larger than perceived and with such happenings, control is often relinquished. It is crucial then for organisations to be aware of their entire digital footprint and make it a priority to close any critical security gaps. It is only way to adequately secure a business, its employees and customers.”

For the Evil Internet Minute infographic, please click here.

[1] Hiscox Cyber Readiness Report 2017

[2] https://www.forbes.com/sites/stevemorgan/2016/03/09/worldwide-cybersecurity-spending-increasing-to-170-billion-by-2020/#397cfbcf6832

 

The post In an Evil Internet Minute, £656,393 is Lost to Cybercrime, Reveals RiskIQ appeared first on IT SECURITY GURU.



from In an Evil Internet Minute, £656,393 is Lost to Cybercrime, Reveals RiskIQ

Employees regarded as an organisation’s greatest asset but also one of the biggest data security risks

IT professionals believe that compliance and regulation and the unpredictable behaviour of employees will have the biggest impact on data security according to a new Concensus survey* commissioned by independent global data security specialist, HANDD Business Solutions (HANDD).

 

The findings are launched alongside HANDD’s new Advisory Paper – ‘Securing the Journey of Your Data’ – which tackles the issue of data protection and provides organisations with an insight into the challenges and solutions associated with securing data on its journey through the enterprise.

 

The survey of 304 IT professionals in the UK shows that 21 per cent of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

 

HANDD CEO and Co-Founder Ian Davin commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

 

Worryingly, 41 per cent of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.

 

“Many organisations have no insight into the data that they hold and so don’t understand which data is worth heavy investment and which isn’t so the reality is that they could be spending as much on securing the lunch menu as they are on securing their customers’ data,” explains Danny Maher, CTO at HANDD.

 

While 43 per cent of those surveyed think that employees are an organisation’s greatest asset, more than a fifth (21 per cent) believe that the behaviour of employees and their reactions to social engineering attacks, which can trick them into sharing user credentials and sensitive data, also poses a big challenge to data security.  “Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” adds Danny Maher.

 

Storage is also a key problem area, with more than a third (35 per cent) citing that ensuring data is stored securely, and whether it’s on premise or in the cloud, as their biggest challenge and most likely to keep them awake at night. A data record’s classification will enable a company to make these decisions, automatically and definitively dictating its location and whether an encryption policy should apply.

 

Having stored data to comply with its security policy a company must ensure that an access management system is in place, which understands roles and responsibilities and allows users to see only the information that they need. In HANDD’s survey less than half (45 per cent) of IT professionals are confident that they have an identity access management process in place that dictates that users must have different privileges depending on their roles and responsibilities, while 15 per cent have no access management system in place at all.

 

HANDD’s Advisory Paper, Securing the Journey of Your Data is available to download now http://www.handd.co.uk/advisory-paper

The post Employees regarded as an organisation’s greatest asset but also one of the biggest data security risks appeared first on IT SECURITY GURU.



from Employees regarded as an organisation’s greatest asset but also one of the biggest data security risks

Cisco 2017 Midyear Cybersecurity Report predicts new “Destruction of Service” attacks; scale and impact of threats grow

The Cisco® 2017 Midyear Cybersecurity Report (MCR) uncovers the rapid evolution of threats and the increasing magnitude of attacks, and forecasts potential “destruction of service” (DeOS) attacks. These could eliminate organizations’ backups and safety nets, required to restore systems and data after an attack. Also, with the advent of the Internet of Things (IoT), key industries are bringing more operations online, increasing attack surfaces and the potential scale and impact of these threats.

 

Recent cyber incidents such as WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like traditional ransomware, but are much more destructive. These events foreshadow what Cisco is calling destruction of service attacks, which can be far more damaging, leaving businesses with no way to recover.

 

The Internet of Things continues to offer new opportunities for cybercriminals, and its security weaknesses, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact. Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself.

 

Measuring effectiveness of security practices in the face of these attacks is critical. Cisco tracks progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat. Faster time to detection is critical to constrain attackers’ operational space and minimize damage from intrusions.  Since November 2015, Cisco decreased its median time-to-detection (TTD) from just over 39 hours to about 3.5 hours for the period from November 2016 to May 2017. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.

 

Threat Landscape: What’s Hot and What’s Not

Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw they increasingly require victims to activate threats by clicking on links or opening files. They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. Finally adversaries are relying on anonymized and decentralized infrastructure, such as a Tor proxy service, to obscure command and control activities.

 

While Cisco has seen a striking decline in exploit kits, other traditional attacks are seeing a resurgence:

 

  • Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue. Cisco threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux.
  • Spyware and adware, often dismissed by security professionals as more nuisance than harm, are forms of malware that persist and bring risks to the enterprise. Cisco research sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20 percent of the sample. In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.
  • Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of skill set, to carry out these attacks. Ransomware has been grabbing headlines and reportedly brought in more than $1 billion in 2016, but this may be misdirecting some organizations, who face an even greater, underreported threat. Business email compromise (BEC), a social engineering attack in which an email is designed to trick organizations into transferring money to attackers, is becoming highly lucrative. Between October 2013 and December 2016, $5.3 billion was stolen via BEC, according to the Internet Crime Complaint Center.

 

Unique Industries Face Common Challenges

As criminals continue to increase the sophistication and intensity of attacks, businesses across industries are challenged to keep up with even foundational cybersecurity requirements. As Information Technology and Operational Technology converge in the Internet of Things, organizations struggle with visibility and complexity. As part of its Security Capabilities Benchmark Study, Cisco surveyed close to 3,000 security leaders across 13 countries and found that across industries, security teams are increasingly overwhelmed by the volume of attacks. This leads many to become more reactive in their protection efforts.

  • No more than two-thirds of organizations are investigating security alerts. In certain industries (such as healthcare and transportation), this number is closer to 50 percent.
  • Even in the most responsive industries (such as finance and healthcare), businesses are mitigating less than 50 percent of attacks they know are legitimate.
  • Breaches are a wake-up call. Across most industries, breaches drove at least modest security improvements in at least 90 percent of organizations. Some industries (such as transportation) are less responsive, falling just above 80 percent.

 

Important findings per industry include:

  • Public Sector – Of threats investigated, 32 percent are identified as legitimate threats, but only 47 percent of those legitimate threats are eventually remediated.
  • Retail – Thirty-two percent said they’d lost revenue due to attacks in the past year with about one-fourth losing customers or business opportunities.
  • Manufacturing – Forty percent of the manufacturing security professionals said they do not have a formal security strategy, nor do they follow standardized information security policy practices such as ISO 27001 or NIST 800-53.
  • Utilities – Security professionals said targeted attacks (42 percent) and advanced persistent threats, or APTs (40 percent), were the most critical security risks to their organizations.
  • Healthcare – Thirty-seven percent of the healthcare organizations said that targeted attacks are high-security risks to their organizations.

 

Cisco’s Advice for Organizations

To combat today’s increasingly sophisticated attackers, organizations must take a proactive stance in their protection efforts. Cisco Security advises:

  • Keeping infrastructure and applications up to date, so that attackers can’t exploit publicly known weaknesses.
  • Battle complexity through an integrated defense. Limit siloed investments.
  • Engage executive leadership early to ensure complete understanding of risks, rewards and budgetary constraints.
  • Establish clear metrics. Use them to validate and improve security practices.
  • Examine employee security training with role-based training versus one-size-fits-all.
  • Balance defense with an active response. Don’t “set and forget” security controls or processes.

 

For the 2017 MCR, a diverse group of 10 security technology partners were invited to share data from which to jointly draw threat landscape conclusions. Partners that contributed to the report include Anomali, Flashpoint, Lumeta, Qualys, Radware, Rapid7, RSA, SAINT Corporation, ThreatConnect and TrapX. Cisco’s security technology partner ecosystem is a key component of the company’s vision to bring security that is simple, open and automated to customers.

 

Supporting Quotes

“As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”

Steve Martino, Vice President and Chief Information Security Officer, Cisco

 

“Complexity continues to hinder many organziations’ security efforts. It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts. To effectively reduce Time to Detection and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”

‑ David Ulevitch, Senior Vice President and General Manager, Security Business Group, Cisco

 

About the Report

The Cisco 2017 Midyear Cybersecurity Report examines the latest threat intelligence gathered by Cisco Collective Security Intelligence. The report provides data-driven industry insights and cybersecurity trends from the first half of the year, along with actionable recommendations to improve security posture. It is based on data from a vast footprint, amounting to a daily ingest of over 40 billion points of telemetry. Cisco researchers translate intelligence into real-time protections for our products and service offerings that are immediately delivered globally to Cisco customers.

The post Cisco 2017 Midyear Cybersecurity Report predicts new “Destruction of Service” attacks; scale and impact of threats grow appeared first on IT SECURITY GURU.



from Cisco 2017 Midyear Cybersecurity Report predicts new “Destruction of Service” attacks; scale and impact of threats grow

Thales: As GDPR approaches, retail data breaches remain unacceptably high

Two in five retailers across the globe have experienced a data breach in the past year, according to the 2017 Thales Data Threat Report, Retail Edition, released today.

 

The report, issued by Thales, a leader in critical information systems, cybersecurity and data security, in conjunction with analyst firm 451 Research, reveals that a staggering 43 percent of retailers had experienced a data breach in the last year, with a third (32%) claiming more than one.

With 60 percent claiming that they had been breached in the past, it’s perhaps unsurprising to learn that the majority (88%) of retailers consider themselves to be ‘vulnerable’ to data threats, with 37 percent stating they are ‘very’ or ‘extremely’ vulnerable.

 

As a result, three quarters (73%) of retailers expect their spending on IT security to increase.

 

Taking steps toward compliance

An increase in regulations such as the forthcoming EU GDPR has led to greater awareness and concern around issues of data privacy and sovereignty, with 72 percent of retailers claiming to be impacted.

 

The report reveals that, in an effort to comply with these new requirements, almost two thirds of retailers (64%) are encrypting their data, 40 percent are tokenising data, and a similar number (36%) are implementing a migration project.

 

Pressures to use advanced technology increase risk

According to the report, half of retail organisations (52%) will use sensitive data in a big data environment this year, with a third (34%) using encryption to protect that data. Despite this, however, 39 percent were very concerned that they’re using these environments without proper security in place.

 

What’s more, the report found that as adoption of cloud and SaaS environments continues to rise, so too do concerns regarding their safe use. Two-thirds of retailers (67%), for example, claimed to be very or extremely concerned about cloud service providers (CSPs) falling victim to security breaches or attacks. A similar number (66%) expressed concerns around vulnerabilities in shared infrastructure, and 65 percent were worried about the custodianship of the encryption keys used to protect their data.

 

63 percent of respondents suggested that such fears could be allayed through the use of data encryption in the cloud, with keys being controlled at the retailer’s premises, while half (52%) preferred the CSPs to control the keys.

 

Garrett Bekker, principal analyst for information security at 451 Research says:

“Breach results were not so rosy for global retail – a staggering 43 percent of global retail respondents reported a breach in the past year alone, approaching twice the global average. These distressing breach rates serve as stark proof that data on any system can be attacked and compromised. Unfortunately, organisations keep spending on the same security solutions that worked for them in the past, but aren’t necessarily the most effective at stopping modern breaches.”

 

Peter Galvin, vice president of strategy, Thales e-Security says:

“With tremendous sets of detailed customer behaviour and personal information in their custody, retailers are a prime target for hackers so should look to invest more in data-centric protection. And as retailers dive head first into new technologies, data security must be a top priority as they continue to pursue their digital transformation.”

 

Retail organisations interested in improving their overall security postures should strongly consider:

 

  • Deploying security tool sets that offer services-based deployments, platforms and automation;
  • Discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
  • Leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies.

 

Please download a copy of the new 2017 Thales Data Threat Report, Retail Edition for more detailed security best practices.

 

The post Thales: As GDPR approaches, retail data breaches remain unacceptably high appeared first on IT SECURITY GURU.



from Thales: As GDPR approaches, retail data breaches remain unacceptably high

2017: The Year of the CISO

The role of the Chief Information Security Officer (CISO) is a comparatively new one in both the IT industry and enterprise. Yet, CISOs are arguably the most important technology stakeholder working in businesses today — dealing with a myriad of risks, threats, breaches, policies, regulations and user behaviour. These responsibilities are as complicated as they are important, and CISOs can often find themselves isolated and operating outside of the usual and well-understood aspects of corporate governance.

 

The role of ClubCISO, a private members forum for European information security professionals, is to help understand, promote and shape the future of the profession. Powered by Company85, ClubCISO held its fourth annual survey this year, with 39 CISOs participating in the discussion, and published the findings in the new ClubCISO IT Security Maturity Report 2017. These CISOs represent all sizes of business, from rapidly-growing challengers to major FTSE organisations.

 

While the full results are enlightening and hugely optimistic across the board, we wanted to highlight three areas that sum up the challenges and opportunities for CISOs in today’s enterprise: their role; the relationship with their company boards; and the importance of understanding people and their behaviours.

 

Trust me, I’m a CISO

As the role of the CISO becomes more mature, there are more points of commonality between job descriptions. Several fundamental questions however remain, including ‘what do CISOs actually do, and what exactly is a CISO?’ First and foremost, it is clear there is no one defined CISO role. Yes, they are all the most senior professional in their organisations for mitigating cyber risks, but there is also huge variation between approaches and strategies — pending company and board expectations. CISOs must therefore work together to shape the future of the profession.

 

The trend, however, is for the CISO to become more visible in the organisation. Nearly half (47%) of CISOs surveyed consider themselves to be actively involved in strategic business decisions outside of their core technology remit. And they are also getting more resources, at a time where other roles are facing cutbacks. Only 9% of CISOs have seen a budget cut this year, while 14% have seen an increase of over 100%. The only thing that appears to be holding back further growth in the rise and function is the ability to find good people.

 

In past years the ClubCISO survey has shown that information security hasn’t always had a natural home in a company, but most CISOs now report directly to CIO/CTO, rather than into matrix structures. In 2017 nearly two-thirds of CISOs report to the CIO/ CTO; this figure has almost doubled since 2016 (33%). Reporting via matrix structures has correspondingly fallen to 17% (2016: 37%). A number of CISOs pointed out that they report directly to the CIO but not as part of the IT department. This change in reporting structure will also, no doubt, further define the role of the CISO.

 

Board games

It’s evident from the research, that there’s a clear disconnect between expectation and reality of how information security can and should be managed. Despite the majority of CISOs having better lines of communication into boards, CISOs think many of their company boards still have information security priorities in the wrong order. Security is undoubtedly important for companies, but the temptation is to deal with tactical and visible threats rather than bake security and recovery into the organisation holistically.

 

Company boards are time poor and so tend to focus on the issues right in front of their noses. Perhaps that’s why, in the wake of a growing number of cyber attacks, an increasingly fragmented (and therefore vulnerable) workforce, and a step-up in the complexity and effectiveness of malware, 78% of company boards still place their focus squarely on prevention capabilities, rather than response (just 22%). At the same time, these same boards contradict themselves by prioritising breach response very highly. In fact, 63% cite it as a major responsibility of the CISO. In other words, boards want CISOs to clean up the mess after a breach, but they’re not necessarily taking a balanced approach in investing in solutions that enable them to do this quickly and effectively.

 

The CISO as a people person

IT security is not all ones and zeros. Insider threat and user behaviour (malicious or not) is one of the biggest challenges to an IT security strategy and policy. Time and again, ClubCISO’s annual survey has shown that CISOs believe that people pose the greatest risk to an organisation. Respondents revealed that as many as 60% lack the confidence that internal security policies are actually implemented. As such, it is no wonder that CISOs are working ever more closely with HR to devise and implement solid policies and controls.

 

As one CISO says in the research: “I now spend more time with HR than I do at my own desk”.

 

CISOs touch every part of their businesses and organisations. There are multiple reasons for this. Chief amongst these might be the fact that over one-third of organisations were certain they had suffered a material data loss incident during the past 12 months. It is becoming increasingly evident that security has to be embedded into every facet of the business to minimise risk. CISOs do however admit that ‘security by design’ is very hit-and-miss. More than half of CISOs surveyed said it is considered from the outset for all projects, but nearly one-third think it is hardly ever considered.

 

So what’s next?

Ultimately, CISOs have made it clear that there needs to be a change in security strategy in order to safeguard businesses and their data. CISOs are concerned at how their boards prioritise prevention over response. ClubCISO believes this imbalance does not reflect the reality of breaches—it is an inevitability that every organisation will suffer a data breach at some point, therefore businesses need to do more to ensure they have good recovery plans in place to mitigate the potential damage.

 

What is clear is that now is definitely the time for change for the CISO. And those businesses that want to reduce risk will need to start changing according to the leaders in the industry who are stepping up to fulfil this role.

 

To find out if you, as a CISO, are on track with your peers we suggest downloading the ClubCISO Information Security Maturity Report 2017, here.

The post 2017: The Year of the CISO appeared first on IT SECURITY GURU.



from 2017: The Year of the CISO

The race to own the home

More and more connected devices are released onto the market every day, making the futuristic utopia of the sixties cartoon series The Jetsons, now seem an imminent reality. Hanna-Barbera’s futuristic imagination brought robots, holograms and flying cars to our TV screens. Over 50 years later, robots are entering our homes, holograms are taking the place of live performances and flying cars are being tested. The connected home is no longer a futuristic concept, it’s a reality.

The most successful connected devices are those that make our lives easier (or as some may say, allow us to be lazier!) – coffee machines, fridges, ovens and cars. Perhaps a better term to use would be the Internet-of-Your-Things. With 20.35 billion connected devices expected to be in use worldwide by the end of 2017, and predicted to increase to 75.44 billion by 2025[1], utilities and telecom service providers are in a race to take as big a piece – of this very large pie – as possible.

We recently conducted research into consumer perception of technology in the home[2] to help better understand the barrier to entry providers may be experiencing. Unsurprisingly, British adults have a strong interest in the concept of the connected home – 89 per cent agree that a connected home would make their lives more convenient and 49 per cent feel a connected home would save them money on household running costs by being able to measure and manage the consumption of utilities. The appetite for a connected home is clearly there. The issue, however, is trust and ease of use. It must be simple to manage all connected devices for everyone, no matter their level of technical competence

There are several problems in the connected home, and these problems need to be fixed now. The sheer number of applications and innovative technologies entering the home is creating a fragmented consumer experience, far removed from the simpler way of living promised by the ideological connected home depicted in Back to the Future.

Consumers are driving business strategies and demand ease of use – they are demanding a fully integrated solution controlled centrally to both monitor and manage their entire array of services and connected products. This could lead to market consolidation with one single provider or service aggregator, whether they are from the consumer tech, utility or telco sector, reigning supreme. This is the race to own the home. And the race is on.

Gaining consumer buy-in

Many consumers may feel dubious about one single provider entering and controlling their home at such an unprecedented level. Contenders in the race to own the home must gain consumer trust and consumer buy-in now if they are going to succeed.

Connected devices monitor our lives to provide a better, tailored service. Consumers are willing to sacrifice a proportion of personal privacy in return for a technologically enhanced lifestyle, but the security of connected devices, which hold all this personal information is an issue.

Our research demonstrates the apprehension amongst consumers when it comes to the safety of connected homes; 43 per cent worry a connected home would be easier to break into than a standard home, and 56 per cent fear that the control applications for a connected home would be hacked into, which would prevent 48 per cent from buying them in the future. Surprisingly this figure rises to 61 per cent amongst centennials, those born in 1995 to the early 2000’s – the first generation to never know life without the internet. It is imperative that technology manufacturers calm this unease now if they want to venture further into the home.

Providers must acknowledge and prioritise the severity of a potential cyberattack on a consumer home. The risks are now very different to those when the only connected device in our homes was a PC that used dial-up. A cyberattack on a modern connected home is a serious breach that could potentially have dramatic consequences far beyond a negative impact on an organisation’s reputation. For example, if a home with young or elderly residents reliant on a connected home hub to regulate heating and electricity was hacked, the loss of connectivity could result in serious illness. Cyberattacks are no longer just about an industry or an individual company, they are personal.

Addressing consumer and regulatory concerns

Contending providers in the race to own the home must prioritise the need to address such safety concerns. Not only is this imperative to reassure consumers, but it is vital to ensure compliance with the general data protection regulations (GDPR), due to come into effect in May 2018, likely to impact all services handling increasing volumes of consumer data through the advent of IoT. To do so, service providers must make a conscious effort to reassure consumers that any connected devices are safe and secure. Samsung is a brand which has already adopted this approach proactively, understanding the importance of reassuring consumers, going so far as to include the message in their marketing efforts placing ‘excellence in quality control’ at its core to gain consumer trust.

To be in with a chance to ‘own the home’ providers must ensure that quality underpins not only the devices themselves but also customer interactions, their personal data and ultimately their safety.

Let the race begin.

By Kevin Cunningham, Managing Director at SQS

[1] https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/

[2] https://www.sqs.com/en/download-life-imitates-art-report.php

The post The race to own the home appeared first on IT SECURITY GURU.



from The race to own the home

If you use Wi-Fi on your iOS device, get this security update

Apple released a security patch on Wednesday that you should really consider updating to if you enjoy using Wi-Fi on your iOS devices. So, you know, just about everybody should update. The iOS 10.3.3 update addresses vulnerabilities with your Contacts, Messages, Notifications, Safari and other issues. One of the more potentially damaging exploits was hidden in the iPhone’s Wi-Fi chipset, where an attacker could take over a device remotely if it was searching for a signal. For this Wi-Fi-based attack, you’ll want to upgrade. If your iOS device has its Wi-Fi turned on, attackers in range could find your device, remotely take over its Wi-Fi chip and crash your phone.

View Full Story

ORIGINAL SOURCE: CNET

The post If you use Wi-Fi on your iOS device, get this security update appeared first on IT SECURITY GURU.



from If you use Wi-Fi on your iOS device, get this security update

Russian man who helped develop Citadel malware gets 5 years

A Russian man who prosecutors say helped develop and distribute malware designed to steal personal financial information was sentenced Wednesday to five years in prison. Mark Vartanyan, also known as “Kolypto,” was sentenced by US District Court Judge Mark Cohen in Atlanta after pleading guilty in March to computer fraud, federal prosecutors said. Vartanyan received two years of credit for time served, including more than two years in custody in Norway following his arrest there in October 2014, the Associated Press reported. Between 2012 and 2014, Vartanyan helped to develop, improve and maintain Citadel, which was offered for sale on invite-only, Russian-language internet forums frequented by cybercriminals. Prosecutors estimate the malware infected about 11 million computers worldwide and caused more than $500 million in losses.

View Full Story

ORIGINAL SOURCE: CNET

The post Russian man who helped develop Citadel malware gets 5 years appeared first on IT SECURITY GURU.



from Russian man who helped develop Citadel malware gets 5 years

Publication of NukeBot trojan’s source code leads to new ‘operational’ samples

New “operational” samples of the NukeBot banking trojan have emerged months after its original creator published its source code. NukeBot’s source code leak, which occurred in late March 2017, apparently attracted the attention of malware developers seeking to push out their own threats. Kaspersky Lab’s Sergey Yunakovsky spotted some of those new samples in the wild. A few are “active,” but most of them only in a limited form.

View Full Story

ORIGINAL SOURCE: Graham Cluley

The post Publication of NukeBot trojan’s source code leads to new ‘operational’ samples appeared first on IT SECURITY GURU.



from Publication of NukeBot trojan’s source code leads to new ‘operational’ samples

Thursday, 20 July 2017

Google rolls out new protections against phishing plugins

Google is making it even harder to accidentally install a malicious plugin. Today, the company announced new changes to the way Google services handle plugins, adding new warnings for users and a more involved verification system for apps. The result is more scrutiny on apps plugging into Google services, and more active involvement from Google when an app seems suspicious. The changes come after a sophisticated phishing worm hit Google Drive users in May, masquerading as an invitation to collaborate on a document. The malicious plugin was not controlled by Google, but because it was named “Google Docs,” the app was able to fool many users into granting access. Once granted access, it sent a new request to everyone in the target’s contact list, allowing the app to spread virally. Ultimately, the app was blacklisted by Google, but not before it reached tens of thousands of users.

View Full Story

ORIGINAL SOURCE: The Verge

The post Google rolls out new protections against phishing plugins appeared first on IT SECURITY GURU.



from Google rolls out new protections against phishing plugins

Newcastle council leaks details of adopted children and their families

Details of thousands of children and their adoptive parents have been leaked by Newcastle city council workers who accidentally attached them to invitations for a summer party. The council admitted the adoption data breach, which it blamed on “human error”, and apologised. It has taken steps to contact all those involved. It could face a fine of up to £50,000. The attachment contained the names, addresses and birth dates of 2,743 individuals. Adoption advisers said that adoptive families were now “looking over their shoulders”. A council insider said that some adoptive parents felt that they had been “fobbed off” by the council.

View Full Story

ORIGINAL SOURCE: The Times

The post Newcastle council leaks details of adopted children and their families appeared first on IT SECURITY GURU.



from Newcastle council leaks details of adopted children and their families

Russians hacked energy companies on election day, GCHQ claims

Britain’s energy companies were hacked on the day of the General Election by computer criminals believed to have been backed by Russia. The Government’s electronic spy agency GCHQ said in an official report sent to the energy sector that companies “are likely to have been compromised” in the wake of the attack launched on June 8. The report accuses “state-sponsored hostile threat actors” of being responsible for the cyber attack, which may also have targeted water companies and the manufacturing industry.

View Full Story

ORIGINAL SOURCE: Telegraph

The post Russians hacked energy companies on election day, GCHQ claims appeared first on IT SECURITY GURU.



from Russians hacked energy companies on election day, GCHQ claims

Britain’s cyber security center says has never certified Kaspersky products

Britain’s National Cyber Security Centre said on Tuesday it had never certified products from Russian cyber security firm Kaspersky Lab. “The NCSC certifies products through a range of initiatives, and vendors apply to have their products certified via one of our accredited lab partners,” the NCSC, which is part of Britain’s GCHQ eavesdropping security agency, said. “We certify products through a range of initiatives, but the NCSC has never had products listed from Kaspersky,” it said. After a U.S. government move to restrict its activities, Kaspersky Lab said it had fallen victim to U.S.-Russia global sparring.

View Full Story

ORIGINAL SOURCE: Reuters

The post Britain’s cyber security center says has never certified Kaspersky products appeared first on IT SECURITY GURU.



from Britain’s cyber security center says has never certified Kaspersky products

White House ‘rumoured to close State Department’s only cyber security office’ as top diplomat quits

It has been reported that the cyber security office in the State Department may be closed as its top diplomat quits. Christopher Painter, the Coordinator for Cyber Issues, is leaving his post at the end of the month after well over two decades of leadership on the issue, per Politico. The news outlet also reported that Secretary of State Rex Tillerson may shut down Mr Painter’s office, which is responsible for “negotiating joint agreements with other countries on issues like protecting critical infrastructure and developing cyber norms.” Mr Tillerson may also merge the cyber security office with an office in the Bureau of Economic and Business Affairs.

View Full Story

ORIGINAL SOURCE: Independent

The post White House ‘rumoured to close State Department’s only cyber security office’ as top diplomat quits appeared first on IT SECURITY GURU.



from White House ‘rumoured to close State Department’s only cyber security office’ as top diplomat quits

A Third of Security Professionals Under-Prepared to Defend Cyber Threats

One in three (32%) security professionals lack effective intelligence to detect and action cyber threats, according to a new survey* from Anomali, the provider of market-leading threat intelligence platforms. The results also revealed that almost a quarter (24%) believe they are at least one year behind the average threat actor, with half of this sample admitting they are trailing by two to five years. This confirms that many organisations are not adequately mitigating cyber risks, despite detection and response being cited as the top security priority by a leading research organisation[1] this year.

 

The survey also signals that organisations struggle to detect malicious activity at the earliest stage of a breach, or learning from past exposures, which leaves numerous vulnerabilities undiscovered.

  • Almost one in five (17%) of respondents haven’t invested in any threat detection tools such as SIEM, paid or open threat feeds, or User and Entity Behaviour Analytics (UEBA)
  • Two-thirds of respondents maintain fewer than 200 days of log data online for analysis/forensics, despite hackers often lurking undetected for this length of time
  • 80% of security professionals do not consult historical logs on a daily basis to investigate past exposure to threats
  • Only 13% compare historical logs with threat feeds/indicators of compromise daily

 

Successful cyber attacks are not “smash and grab” type of events. Rather, cyber criminals typically lurk undetected inside enterprises’ IT systems for 200 days or more before discovery. During this time attackers gain access inside the network, escalate privileges, search for high value information, and ultimately exfiltrate data or perform other malicious activities. This ‘200 day problem’ is an ever-present danger, as a US governmental agency discovered last year that malware existed undetected in its network for close to a year[2]. But survey respondents rarely examine historical records to discover whether a threat actor has entered their system. Just 20% consult past logs daily, 20% weekly, 14% monthly and 22% said never or don’t even know how often. This results in multiple missed opportunities to help prevent a breach.

 

“The ‘200 day problem’ arises from the fact that logs are produced in such massive quantities that typically only 30 days are retained and running searches over long time ranges can take hours or even days to complete,” says Jamie Stone, Vice President, EMEA at Anomali. “Detecting a compromise at the earliest stage possible can identify suspicious or malicious traffic before it penetrates the network or causes harm. It’s imperative to invest in technologies security teams can use to centralise and automate threat detection, not just daily but against historical data as well.”

 

To achieve this, organisations must seek to combine streams of siloed intelligence and understand the importance of logging historical data for future analysis. It is more than likely that a bad actor will re-visit an organisation in case a new vulnerability can be found, or a new strain of threat has been developed that they want to try out. However, the survey additionally discovered that 46% of respondents do not use, or don’t know if they use a threat intelligence platform, which can analyse data in real-time and draw upon retrospective data. The primary reasons cited for not using one were lack of resources (18%) and budget (17%).

 

“Organisations must wake up to the daily reality of cyber-attacks and start viewing security as a business enabler that can support and add value to the business as it transforms and innovates. It’s all too common that IT purchase decisions are driven solely by budget rather than need. Implementing the bare minimum is not an option, bolstering cyber security postures must be prioritised. Solutions such as a threat intelligence platform will enable organisations to proactively detect and respond to the modern cyber adversary,” continued Mr Stone.

A threat intelligence platform (TIP) allows organisations to access all their intelligence feeds from one centralised solution, integrate intelligence with internal security tools, and automate the detection and response to active security threats. A TIP also enables organisations to collaborate with peers in their industry or across sectors and geographies to share threat information and help inoculate each other from new attacks.

The post A Third of Security Professionals Under-Prepared to Defend Cyber Threats appeared first on IT SECURITY GURU.



from A Third of Security Professionals Under-Prepared to Defend Cyber Threats

WannaCry Fallout: 80% of Brits more worried about how organisations store their data following latest attacks

New research by leading information security company Clearswift shows how attitudes to cyber security have changed in the boardroom and among staff in the wake of the recent WannaCry attack, surveying 600 business decision makers and 1,200 employees across the UK, US, Germany and Australia.

 

Within a day the WannaCry attack, which affected major organisations including the National Health Service (NHS), was reported to have infected more than 230,000 computers in over 150 countries, once again bringing the issue of cyber security into focus for business and consumers alike.

 

The scale of the WannaCry attack was evidenced none more so than the sheer awareness amongst the general public, with more than three quarters (77%) of people surveyed having knowledge of the attack, with the number even higher (88%) in the UK.

 

With 58% of firms in the UK expecting another attack over the next few months, it is clear that the attack has sent ripples through the industry and brought cyber security front of mind for both employees and businesses. Following the events, 29% of UK businesses will now add cyber security to the boardroom agenda and 29% of firms worldwide have pledged to implement stronger cyber security measures.

 

With 80% of UK employees increasingly worried about how companies hold their data and an identical number (80%) worldwide sharing those concerns it’s no surprise that 38% of employees that were aware of the attack worldwide are now reading more about cyber security in the aftermath of the events. Additionally, 33% have changed their passwords, formally enrolled in courses (24%), or are taking steps to ensure their companies raise their game in cyber security (26%).

 

Dr. Guy Bunker, SVP Products at Clearswift Said: “UK employees are worried about the practices of the custodians of their data, however the gulf between front line security professionals and Board members may at last be bridging, with close to a third (29%) now recognising cyber security has a place at the boardroom table.

 

“Organisations need to answer the clarion call we are hearing from employees to learn from these events and start to raise their game and update their policies, procedures and technology to mitigate against future attacks as well as preparing for the introduction of new data regulations that are on the horizon.”

 

 

Those in the public sector took a slightly more relaxed attitude to how their data is held with more than a quarter (28%) not being worried by the attacks compared to 17% in the private sector.

 

With one of the UK’s most well-known organisations, the National Health Service (NHS) being front and centre of the attack it may be surprising to learn that UK employees who were aware of the WannaCry attack, were less likely than those in the USA, Australia and Germany to change their passwords, read more about cyber security or even ask their company for advice. The US (49%) proved most likely to action change, followed by Australia (43%), Germany (37%) and then the UK (35%)

 

The future may be brighter however as more than half (55%) of those aged 18-24 that were aware of the WannaCry attack, have taken the initiative to read more about cyber security with 29% enrolling in courses or certifications.

 

Dr Bunker added, “An educated workforce that is well briefed on policies and procedures will go some way in limiting the effects of a breach, however Boards need to take a proactive stance on this. Having the latest security technology enables organisations to stop attacks at the boundary, before they enter a network, by removing the source of an attack from documents and attachments shared into an organisation.”

The post WannaCry Fallout: 80% of Brits more worried about how organisations store their data following latest attacks appeared first on IT SECURITY GURU.



from WannaCry Fallout: 80% of Brits more worried about how organisations store their data following latest attacks

MSPs Are At Risk of Getting Stuck in a Cybersecurity Rut, Kaspersky Lab Report Warns

As the global managed services market is expected to reach £187 billion by the end of 2022, cybersecurity is no longer seen as a separate or optional function among MSPs. Instead, it has become an integral part of the IT services they deliver — with customer satisfaction, and the ability to keep security incidents to a minimum, among key performance indicators. But the challenges of these services – high costs, lack of qualified cybersecurity staff and insufficient manageability – means that the industry may soon struggle to meet customer demand.

 

A new report by Kaspersky Lab into the current realities and trends in the global MSP market found that 92 per cent of MSPs now include cybersecurity as part of their portfolio of services and over half (51 per cent) cite it as essential to their customers’ operational continuity. Offering protection from cyberthreats is therefore expected to be a top priority for MSPs in the future.

 

Cybersecurity is expected to boost MSP business in several ways. MSPs with smaller customers (up to 50 end-user workstations) believe that expanding their security portfolio should give them a good reputation among their peers (78 per cent) and help them attract new customers (77 per cent). Meanwhile, service providers working with larger businesses consider cybersecurity, among other things, to be a way of keeping their current accounts (78 per cent).

 

However, the study also reveals that MSPs face a number of challenges when it comes to investing in the expansion of their cybersecurity offering. Two thirds of MSPs, serving both the large enterprise market (60 per cent) and smaller businesses (58 per cent) agree that a shortage of qualified IT security professionals for hire contributes to the challenge of ramping up their cybersecurity offering. In addition, around half have difficulties with the remote deployment and management of their solutions (51 per cent and 54 per cent respectively). To overcome these challenges, MSPs should select cybersecurity products that are easy to manage and use but also offer high quality protection.

 

This is especially relevant in light of the recent ransomware outbreaks around the world. The quality of cyberprotection remains the top requirement for MSPs as the cybersecurity solutions they use should be able to effectively detect and block ransomware – one of the fastest growing threats of 2016–2017. The report proves that this threat has been a high-profile scourge on businesses of all sizes – 54 per cent of MSPs with enterprise customers said this was their customers’ main concern, followed by 49 per cent of MSPs with smaller customers.

 

For service providers, it’s not enough to simply have cybersecurity services in their portfolio. One damaging incident such as a ransomware infection can undermine their reputation and affect relationships with customers,” commented Vladimir Zapolyansky, Head of SMB Business. “That’s why they need the most powerful security solutions and we at Kaspersky Lab are committed to this approach by offering the most tested and awarded protection for endpoints, mail servers and virtualised environments, so that MSPs can deliver as many cybersecurity services as they want, to boost their businesses.

 

Kaspersky Lab’s offering helps MSPs address the growing demand for IT security services and attract new customers that want to outsource their protection to a trusted third party. The portfolio includes Kaspersky Endpoint Security for Business, Kaspersky Endpoint Security Cloud, Kaspersky Security for Virtualisation and Kaspersky Security for Mail Server, allowing MSPs to cover key security functions such as remote monitoring, managed security, virtualisation security and mobile device security and management. To learn more about Kaspersky Lab’s MSP Partner Program please visit our corporate website.

 

The research by Kaspersky Lab and Business Advantage surveyed 569 MSPs and VARs with managed services offerings from 10 countries.

The full report MSP: Trends, Challenges and the Keys to Success in Managed Security in 2017, can be found here.

The post MSPs Are At Risk of Getting Stuck in a Cybersecurity Rut, Kaspersky Lab Report Warns appeared first on IT SECURITY GURU.



from MSPs Are At Risk of Getting Stuck in a Cybersecurity Rut, Kaspersky Lab Report Warns

Wednesday, 19 July 2017

Dow Jones data leak: Over 2 million customers’ personal details exposed in cloud storage error

The sensitive personal and financial details of nearly 2.2 million Dow Jones & Co. customers were inadvertently exposed due to a configuration error on a cloud storage server, the publication confirmed on Monday. The exposed data included the names, addresses, account information, email addresses and last four digits of credit card numbers of millions of customers, including Wall Street Journal and Barron’s subscribers, were accessible online to anyone who had an Amazon Web Services account. The exposed information that included the names, addresses, account information, email addresses and last four digits of credit card numbers of millions of customers, including Wall Street Journal and Barron’s subscribers were accessible online to anyone who had an Amazon Web Services account.

View Full Story

ORIGINAL SOURCE: IB Times UK

The post Dow Jones data leak: Over 2 million customers’ personal details exposed in cloud storage error appeared first on IT SECURITY GURU.



from Dow Jones data leak: Over 2 million customers’ personal details exposed in cloud storage error

GhostCtrl Is an Android RAT That Also Doubles as Ransomware

A new Android RAT (Remote Access Trojan) detected under the name of GhostCtrl can lock mobile device by resetting their PIN and display a ransom note to infected victims. These ransomware capabilities have been observed in the source code of GhostCtrl, but not in real-world infections, where the RAT was mostly used for its data exfiltration capabilities. The GhostCtrl RAT was discovered by Trend Micro researchers part of a wave of attacks against Israeli healthcare organizations. The campaign targeted primarily Windows computers with RETADUP, a combination of a worm, infostealer, and backdoor trojan.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post GhostCtrl Is an Android RAT That Also Doubles as Ransomware appeared first on IT SECURITY GURU.



from GhostCtrl Is an Android RAT That Also Doubles as Ransomware

FBI Issues Warning and Recommendations on Internet-Connected Toys

The Internet Crime Complaint Center (IC3), a division of the Federal Bureau of Investigation (FBI), has issued a public service announcement about the improper security and privacy protections provided by manufacturers of Internet-connected smart toys, also known as IoT toys. The IC3 issues such advisories when it spots trends of abuse in a specific area of technology. It’s most recent warning comes after numerous incidents where insecure smart toys have leaked the personal details of small children, vulnerabilities allowed hackers to spy on little kids, or greedy companies have hidden clauses inside lengthy terms of conditions to allow them to collect large quantities of private information about small kids.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post FBI Issues Warning and Recommendations on Internet-Connected Toys appeared first on IT SECURITY GURU.



from FBI Issues Warning and Recommendations on Internet-Connected Toys

Reyptson Ransomware Spams Your Friends by Stealing Thunderbird Contacts

Over the weekend, Emsisoft security researcher xXToffeeXx discovered a new ransomware called Reyptson that is targeting Spanish victims. Since then, we have seen increased activity in the ransomware’s developmen. Today security researcher MalwareHunterTeam took a deeper look and noticed that Reyptson conducts its own spam distribution campaign directly from a victim’s configured Thunderbird email account.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Reyptson Ransomware Spams Your Friends by Stealing Thunderbird Contacts appeared first on IT SECURITY GURU.



from Reyptson Ransomware Spams Your Friends by Stealing Thunderbird Contacts

Fraudsters just stole $7 million by hacking a cryptocoin offering

Around 9 a.m. eastern time on Monday, Shawn Van de Vyver, a dentist in Michigan, went to CoinDash’s website to check out the project’s initial coin offering — a new way that cryptocurrency start-ups are raising money. Van de Vyver has been building computers and websites for 20 years and started studying bitcoin when it was trading in the single digits (it’s now priced at more than $2,000). He also invested a couple thousand dollars in digital currency ethereum, he told CNBC.

View Full Story

ORIGINAL SOURCE: CNBC

The post Fraudsters just stole $7 million by hacking a cryptocoin offering appeared first on IT SECURITY GURU.



from Fraudsters just stole $7 million by hacking a cryptocoin offering

A UK business will spend more than £1m recovering from a data security breach – NTT Security 2017 Risk:Value

The cost of recovering from of a security breach for UK organisations has been estimated in a new report launched today by NTT Security, the specialised security company of NTT Group. The 2017 Risk:Value report, the company’s third annual study of business decision makers’ attitudes to risk and the value of information security to global organisations, reveals that a UK business would have to spend £1.1m ($1.4m) on average to recover from a breach – more than the global average of £1m ($1.3m), which has gone up from the previous report’s $907,000 estimate.

The study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, also reveals that respondents anticipate it would take, on average, almost three months (80 days) to recover from an attack, almost a week longer than the global average of 74 days. UK respondents also predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5% drop, which fares slightly better than the global average of nearly 10%.

In the UK, business decision makers expect a data breach to cause short-term financial losses, as well as affect the organisation’s long-term ability to do business. More than two-thirds (64%) cite loss of customer confidence, damage to reputation (67%) and financial loss (44%), while one in 10 anticipate staff losses, and 9% expect senior executives to resign following a security incident.

Most telling from the report is that63% of respondents in the UK ‘agree’ that a data breach is inevitable at some point, up from the previous report’s UK figure of 57%. However, less than half (47%) say that preventing a security attack is a regular board agenda item, suggesting that more still needs to be done for it to be taken seriously at a boardroom level in the UK.

Linda McCormack, Vice President UK & Ireland at NTT Security, comments: “Companies are absolutely right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage.  Although this year’s £1.1m figure is slightly down on last year’s report (£1.2m), no company, regardless of its size, sector or focus, can afford to ignore the consequences of what are increasingly sophisticated and targeted security attacks, like the widespread and damaging ransomware attack we recently witnessed.“

On a positive note, an encouraging 72% of UK business decision makers say their organisation has a formal information security policy in place, compared to the global average of over half (56%) and another 16% are in the process of implementing one. But while 83% say it has been communicated internally, less than one third (31%) say company employees are fully aware of the policy.

The study also raises concerns over the use and sharing of incident response plans for when a breach does happen. Around two-thirds (65%) of UK respondents say their organisation has an incident response plan, well above the global average of 48%. However, less than half (44%) of business decision makers in the UK are fully aware of what the incident response plan includes.

“Creating security policies seems to be a work in progress for many UK businesses, unfortunately they become redundant if they are not properly communicated and shared throughout the whole organisation, and sadly this report backs that up. We see time and again organisations with good intentions when it comes to security and response planning, but then it falls to the bottom of the priority list due to a lack of resources, budgets and time. The fact that they are struggling to find the right resources and processes to support the fundamentals in information security and risk management planning is a major concern,’’ adds McCormack.

On the subject of budget, according to UK respondents, only an estimated 14.4% of their organisation’s operations budget is spent on information security, and 13.7% of their IT budget is estimated to be spent on security. This compares to 15.5% and 14.6% respectively across all of the countries surveyed. More than a third in the UK  say their organisation is spending less on information/data security than R&D (36%), HR (36%) and Marketing (36%).

Download the 2017 Risk:Value report: www.nttsecurity.com/RiskValue2017.

The post A UK business will spend more than £1m recovering from a data security breach – NTT Security 2017 Risk:Value appeared first on IT SECURITY GURU.



from A UK business will spend more than £1m recovering from a data security breach – NTT Security 2017 Risk:Value

Sonatype 2017 State of the Software Supply Chain Report: DevOps Practices Reduce Use of Defective Open Source Components by 63%

Sonatype, the leader in software supply chain automation, today announced the release of its third annual State of the Software Supply Chain Report. This year’s report highlights risks lurking within open source software components and quantifies the empirical benefits of actively managing software supply chain hygiene.

 

Organizations that are actively managing the quality of open source components flowing into production applications are realizing a 28 percent improvement in developer productivity, a 30 percent reduction in overall development costs, and a 48 percent increase in application quality. Furthermore, analysis of more than 17,000 applications reveals that applications built by teams utilizing automated governance tools reduced the percentage of defective components by 63%.

 

Conversely, organizations failing to manage software supply chains are unwittingly releasing vulnerable applications into production, wasting thousands of hours on rework and bug fixes, and facing increased liability due to gross negligence.

 

Additional key findings of the 2017 State of the Software Supply Chain report include:

 

Consumption of open source components is growing on a massive scale

  • Year-over-year downloads of Java components grew 68 percent (52 billion in 2016), JavaScript downloads grew 262 percent (59 billion in 2016), and demand for Docker components is expected to grow 100 percent (12 billion downloads).
  • Faced with a near infinite supply of open source components, high-functioning DevOps organizations are utilizing machine automation to govern the quality of open source components flowing through their software supply chains.

 

Open source component suppliers remain slow to fix vulnerabilities

  • Even when vulnerabilities are known, OSS projects are slow to remediate – if they do so at all. Only 15.8 percent of OSS projects actively fix vulnerabilities, and even then the mean time to remediation was 233 days.
  • This puts the onus on DevOps organizations to actively govern which OSS projects they work with, and which components they ultimately consume.

 

Number of downloaded components with known vulnerabilities is slightly decreasing

  • In 2016, the percent of Java components downloaded from the Central Repository that contained known security vulnerabilities fell to 5.5 percent (1 in 18), down from 6.1 percent the year prior.
  • Although this defect download ratio is far from perfect, there is empirical evidence that hygiene is beginning to improve with ratios declining slightly in each of the last three years.

 

The regulatory landscape is rapidly changing

  • In the past year in the United States, the White House, four federal agencies, and the automotive industry have released new guidelines to improve the quality, safety, and security of software supply chains.

 

Supporting Quotes

Wayne Jackson, CEO, Sonatype

“Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of open source component parts. However, many still rely on manual and time consuming governance and security practices instead of embracing DevOps-native automation. Our research continues to show that development teams managing trusted software supply chains are dramatically improving quality and productivity.”

 

Mark Driver, Felix Gaehtgens, Mark O’Neill, Gartner, May 2017 report “Managing Digital Trust in the Software Development Life Cycle”

“By 2020, 50% of organizations will have suffered damage caused by failing to manage trust in their, or their partners’, software development life cycles (SDLC) – causing revenue loss of more than 15%. Application leaders responsible for modernizing application development should re-evaluate the SDLC in the form of a trusted software supply chain, with varied levels of trust.”

The post Sonatype 2017 State of the Software Supply Chain Report: DevOps Practices Reduce Use of Defective Open Source Components by 63% appeared first on IT SECURITY GURU.



from Sonatype 2017 State of the Software Supply Chain Report: DevOps Practices Reduce Use of Defective Open Source Components by 63%

How do SMEs fight off cyber-attacks?

In this article I want to address some of the concerns that small and medium sized enterprises may have around cybersecurity, especially in the wake of the WannaCry ransomware attack and a continuous news flow around successful attacks on high profile companies. Does the fact that well-known brands are successfully attacked and breached mean that SMEs are even more at risk? If SMEs can defend themselves, how should they go about doing so? I’ll look to address these questions and concerns here, providing tips that can help SMEs weather the ever more frightening cybersecurity storm.

 

1) Where should SMEs be investing money for their tech security?

 

Historically, legacy antivirus has been a staple of security and, currently, the market is experiencing a natural evolution to next-generation antivirus (NGAV). SMEs should be looking to upgrade away from ineffective, signature-based legacy AV to an NGAV solution that can provide visibility across the enterprise. It’s critical for both SMEs and large businesses to know what’s going on with their business. NGAV can help provide that visibility. If SMEs are looking for a way to boost their security postures, implementing a free, two-factor authentication for email will make it harder for attackers to gain access to corporate emails. I would also recommend anti-phishing-based email services.

2) What are the priorities?

 

SMEs should look to protect their most valuable assets, which more often than not revolve around data. It’s very rare that attackers are able to access data directly. Most often they look to compromise endpoints and specific accounts. Easy investments SMEs can make today to protect access to endpoints involve implementing an NGAV solution and protecting accounts through multi-factor authentication. These investments will be well worth it and provide a significant ROI.

3) What security weaknesses do SMEs have that larger companies tend not to?

 

The biggest security weaknesses for SMEs are often the result of limited resources, both financial and personnel. If you look at the cost to implement above average security, the cost often exceeds the budget for SMEs. The additional reality is that as these businesses grow, their costs also increase. Security skillsets can be tough to come by and are often expensive. Very few capable security professionals are willing to be the lone security person on staff. If SMEs don’t have the money to hire robust security staff, they may feel hamstrung. There are a number of free and cost effective solutions, such as NGAV, that SMEs can implement without having to break their budgets.

 

4) Should they be updating their operating system?

 

Upgrading operating systems, while considered a best practice, is not by itself necessarily worth the cost. That is to say, simply updating the operating system is often not enough to help a business owner sleep better at night. For many modern operating systems, enabling the additional security configurations require their own level of maintenance that often exceeds those the business might gain from using specific security software. So, in principle, updating outdated OSs (especially those that are end-of-life) is a good practice, but it should not be the lone security measure considered.

 

5) How should they protect from cyber-attacks if they can’t afford a dedicated service?

 

Keep it simple. Keep your environment simple and keep your controls simple. Entropy differs across an environment. If an SME allows employees to bring their own devices, for example, that may breed problems across the enterprises. By keeping the environment homogenous and implementing and sticking to security standards, SMEs can go a long way in establishing good security hygiene from the start. SMEs should leverage their smaller sizes as an advantage.

 

6) What can happen in the worst case scenario?

 

SMEs are built on their brand and reputation. Unfortunately these smaller business are unable to absorb the same brand hit associated with a breach that larger organisations can. One compromise can have a much bigger impact and potentially cripple an SME. One wire transfer that doesn’t come in because it was redirected to an attacker’s account has the potential to bankrupt the business. While I wouldn’t say that’s extremely common, it’s certainly a fear that keeps SMEs awake at night.

This advice should help SMEs to feel more confident in their ability to successfully defend themselves in a world experiencing ever more cyber-attacks. SMEs shouldn’t feel that the fact big brands are being successfully breached means it is inevitable that they will be or that they shouldn’t invest in defence. The price is too high not to. Simple measures can be put in place to keep SMEs secure.

The post How do SMEs fight off cyber-attacks? appeared first on IT SECURITY GURU.



from How do SMEs fight off cyber-attacks?

Monday, 17 July 2017

IBM Mainframe Ushers in New Era of Data Protection

IBM today unveiled IBM Z, the next generation of the world’s most powerful transaction system, capable of running more than 12 billion encrypted transactions per day. The new system also introduces a breakthrough encryption engine that, for the first time, makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time.

IBM Z’s new data encryption capabilities are designed to address the global epidemic of data breaches, a major factor in the $8 trillion cybercrime impact on the global economy by 2022. Of the more than nine billion data records lost or stolen since 2013, only four percent were encrypted, making the vast majority of such data vulnerable to organized cybercrime rings, state actors and employees misusing access to sensitive information.

In the most significant re-positioning of mainframe technology in more than a decade, when the platform embraced Linux and open source software, IBM Z now dramatically expands the protective cryptographic umbrella of the world’s most advanced encryption technology and key protection. The system’s advanced cryptographic capability now extends across any data, networks, external devices or entire applications – such as the IBM Cloud Blockchain service – with no application changes and no impact on business service level agreements.

“The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale,” said Ross Mauri, General Manager, IBM Z. “We created a data protection engine for the cloud era to have a significant and immediate impact on global data security.”

Technology Breakthrough: Industry-First Pervasive Encryption for the Cloud Era
A recent study found that extensive use of encryption is a top factor in reducing the business impact and cost of a data breach. To put that in context, the IBM X-Force Threat Intelligence Index reported that more than four billion records were leaked in 2016 (a 556 percent increase from 2015).

To learn more click here

The post IBM Mainframe Ushers in New Era of Data Protection appeared first on IT SECURITY GURU.



from IBM Mainframe Ushers in New Era of Data Protection

Third of the UK Public not aware of the security policies implemented by their company

  • Recent survey reveals that almost 1 in 3 UK employees are not aware of their company’s safety and security policies.
  • ​​News of global ransomware attacks shows future advanced technology poses a major threat with devastating consequences.
  • Danny Schofield, Managing Director at Expert Security UK has gathered expert opinions to help business owners introduce and maintain a robust security culture in their workplace.

According to a recent survey conducted by Expert Security UK, almost a third of the UK public are not aware of the safety and security policies implemented by the company they work for.

With latest news of the global Petya ransomware attacks from Ukraine and NHS ‘WannaCry’ cyber-attacks, it should come as no surprise. For businesses, the consequences are clear: it is imperative they introduce a robust security culture and ensure their staff abides by them.

To help businesses get on the right track, Danny Schofield, Managing Director at Expert Security UK and a team of business experts have created a guide on why it is important to establish an all-around, effective business security culture and encourage staff to embrace security with robust processes put in place to protect the company.

You can read the guide here.

Danny Schofield, Managing Director at Expert Security UK, commented:

 “As we go forward, it’s imperative that we’re using every possible method to our advantage. This means being open to new solutions (provided that they’re fully tested and operative, of course) and making sure there is a balance between physical and cyber security.

“For businesses, there are plenty of new solutions that are being designed to prevent security breaches – from bi-folding speed gates and crash-tested bollards. With advancing technologies and increasingly sophisticated techniques it’s crucial that businesses stay one step ahead.”

The post Third of the UK Public not aware of the security policies implemented by their company appeared first on IT SECURITY GURU.



from Third of the UK Public not aware of the security policies implemented by their company