Monday, 31 July 2017

Hackers scour voting machines for election bugs

Hackers attending this weekend’s Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results.
The 25-year-old conference’s first “hacker voting village” opened on Friday as part of an effort to raise awareness about the threat of election results being altered through hacking.
View Full Story

ORIGINAL SOURCE: Reuters

The post Hackers scour voting machines for election bugs appeared first on IT SECURITY GURU.



from Hackers scour voting machines for election bugs

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user.

View Full Story

ORIGINAL SOURCE: Securiteam

The post SSD Advisory – McAfee Security Scan Plus Remote Command Execution appeared first on IT SECURITY GURU.



from SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Zillow: Machine learning and data disrupt real estate

Learn how big data and the Zillow Zestimate changed and disrupted real estate. It’s an important case study on the power of machine learning models and digital innovation.
Anyone buying or selling a house knows about Zillow. In 2006, the company introduced the Zillow Estimate, or Zestimate for short, which uses a variety of data sources and models to create an approximate value for residential properties.

View Full Story

ORIGINAL SOURCE: ZDNet

The post Zillow: Machine learning and data disrupt real estate appeared first on IT SECURITY GURU.



from Zillow: Machine learning and data disrupt real estate

Microsoft won’t patch SMBv1 flaw that only an idiot would expose

‘SlowLoris’ flaw could see a mouse of a machine take down an elephant of a server
An SMBv1 bug described late last week at DEF CON won’t be patched, because Redmond says it only needs a suitable block on connections coming from the Internet.
The 20-year-old bug was discovered by two RiskSense researchers combing code for vulnerabilities exposed by the NSA’s EternalBlue exploit.

View Full Story

ORIGINAL SOURCE: The Register

The post Microsoft won’t patch SMBv1 flaw that only an idiot would expose appeared first on IT SECURITY GURU.



from Microsoft won’t patch SMBv1 flaw that only an idiot would expose

For 20 Years, This Man Has Survived Entirely by Hacking Online Games

A hacker says he turned finding and exploiting flaws in popular MMO video games into a lucrative, full-time, job.
Manfred’s character is standing still in the virtual world of the 2014 sci-fi online multiplayer game WildStar Online. Manfred, the real life person behind the character, is typing commands into a debugger. In a few seconds of what seems to be an extremely easy hack, Manfred’s virtual currency skyrockets up to more than 18,000,000,000,000,000,000, or 18 quintillion.

View Full Story

ORIGINAL SOURCE: Motherboard

The post For 20 Years, This Man Has Survived Entirely by Hacking Online Games appeared first on IT SECURITY GURU.



from For 20 Years, This Man Has Survived Entirely by Hacking Online Games

Ransomware on the rise: how to prevent an attack

If the last few months have taught us anything, it’s that enterprises clearly need to take a long hard look at the cyber security they have in place.  One thing is clear – cyber threats now present a bigger risk to organisations than ever before.  Considering the huge growth in the number of new ransomware families (an increase of 752% since 2015), online extortion has become a major issue and one that businesses must address.

When it comes to measuring up the country’s worst hit by ransomware, the UK does not appear to be faring well.  According to a recent report by Malwarebytes, 54% of UK companies have been hit by a ransomware attack compared to 47% of US companies.  It is a common misconception that hackers are only targeting financial institutions, but this year’s attacks on UK parliament and health trusts highlights the reality of the situation – no business or organisation is safe.

It is becoming increasingly easy for hackers to disrupt business operations and extort money with the availability of open source ransomware and ransomware as a service (RaaS).  Organisations are rightly concerned about the loss of productivity over anything else. It is estimated that it takes 33 man hours (on average) to fix the problem, with the financial impact potentially much larger than the demanded ransom.

In addition, companies are increasingly concerned about data protection legislation and the potential for significant fines from governing bodies, as well as damage to reputation, resulting from data loss. This comes sharply in to focus now with the EU General Data Protection Regulation coming into force from May 2018.

So what is Ransomware?

In short, it is a type of malicious software that attempts to obtain money from a computer user or organisation by infecting systems and blocking access. This is typically done through encryption of the files and documents on the victim’s machine, then demanding a sum of money to provide the keys to decrypy the files.

There are a number of ways a hacker can initiate an attack, with the most common being a phishing email. This is where the victim is tricked into clicking on a link, or opening an attachment in what appears to be a legitimate email message.  The malicious software is then covertly installed on a computer, without knowledge or intention of the user.  It can then either stay dormant or spread without user interaction, depending on the type of attack, until it receives a command from the hackers systems to encrypt the files or lock the computer.  As soon as the data is encrypted, the user receives the ransom notification and the clock starts ticking.

Once your data is locked you face a difficult choice, whether to pay or not to pay. If you pay, will you really receive the key to decrypt and get your data back?  You are dealing with criminals after all!

How can you prevent an attack?

Unfortunately, there is no silver bullet.  Cyber criminals are constantly innovating and every cyber-attack is constructed using well-defined phases, which are completed sequentially.  Rendering a cyber-attack unsuccessful is all about blocking one or more of these stages.

You therefore need to look at a layered approach to protection. This means:

  • Securing your entry points.
  • Filtering web traffic and blocking malicious sites.
  • Blocking users from certain websites of which they should have no access.
  • Blocking macro’s and ActiveX along with not allowing external content from running inside office applications.
  • Scanning all emails and attachments for phishing.
  • Educating your employees to increase their awareness of phishing techniques and general vigilance.
  • Ensuring USB devices are scanned or even restricted in some parts, with auto play disabled at the very least.
  • Locking down users’ own (BYOD) devices on secured separate networks from production systems.
  • Deploying ransom behavioural tools and scanning your network traffic.

With this layered approach, research has shown that most ransomware attacks can be stopped at the gateway level, through email and URL blocking. The last line of defence is endpoint anti-ransomware behavioural monitoring, designed to proactively detect and block ransomware execution.  However, you want to stop this at the gateway and so ensure that your intrusion prevention, email and web scanning solutions are suitably robust to protect your edge networks.

Ultimately, you need to improve your security posture, research and follow best practices for technology and solutions that you already have in place. Where possible, looking to complement these with new and improved technology and services.

But what if it still gets through?

Even with all these tools and techniques in place sophisticated malware can still get through your defences.  Cyber criminals are evasive and clever and find new weak points all the time.  If the ransomware gets in, it will begin infecting disks and mapped network shares.  You therefore need plans in place to contain and respond to an infection and ultimately restore your data.  Paying the ransom should not be an option.

Backups are key to protecting your data.  However, for a lot of organisations, restoring the previous night’s backup to recover from a ransomware incident is simply not acceptable, due to the data loss and downtime incurred.  Organisations may leverage snapshots, be they storage based or at the  virtual machine level, to provide more granular restore capabilities.  But these too will likely mean accepting several hours’ worth of data loss.  This may also not be palatable to some companies, and thus we need to go further in terms of our restore capabilities.  We need to look at journaling technologies to be able to quickly roll systems back to a specific point in time, minutes or even seconds before the infection.

Once recovered, it is key that you conduct root cause analysis to help prevent reoccurrence.  There are always lessons to be learned and weak points can then be highlighted and addressed accordingly.  After the issue is resolved, the question should always be why did this happen?  Management will want to see a plan detailing how you will stop this in future.

Vigilance is key

Organisations and their employees need to be educated to be vigilant to avoid losing data and money.  You need to be implementing a multi-layered approach to cyber security, implementing solutions that utilise behavioural monitoring and machine learning whilst protecting your gateways, networks, servers and endpoints to help prevent ransomware infections.  There is no silver bullet, you need to employ a layered approach – defence in depth.

Prevent, contain and respond – you need plans in place for each. It is time to beef up your defence and recover options against the ever-increasing threat of ransomware.

The post Ransomware on the rise: how to prevent an attack appeared first on IT SECURITY GURU.



from Ransomware on the rise: how to prevent an attack

As many as 875,000 UK SMEs suffer cyber security breach in the last 12 months

Results from the latest Zurich SME Risk Index have revealed that almost one in six (16%) SMEs have fallen victim to a cyber-attack in the last 12 months, equating to more than 875,000 nationwide.* Businesses in London are the worst affected with almost a quarter (23%) reporting that they have suffered a breach within this period.

 

Of businesses that were affected, more than a fifth (21%) reported that it cost them over £10,000 and one in ten (11%) said that it cost more than £50,000.

 

Yet, despite the volume of attacks and potential losses, the survey of over 1,000 UK SMEs showed that business leaders are not committing to investing significantly in cyber security in the coming year. Almost half (49%) of SMEs admitted that they plan to spend £1,000 or less on their cyber defences in the next 12 months, while almost a quarter (22%) don’t even know how much they will spend.

 

The results show that for businesses of all sizes robustness of cyber security defences is now a genuine concern for winning and maintaining business contracts. A quarter (25%) of medium sized businesses (between 50 and 249 employees), reported that they have been directly asked by a current or prospective customer about what cyber security measures they have in place. This was also true of one in ten (11%) small businesses (less than 50 employees).

 

As a result, business leaders are reporting that strong cyber security is providing an opportunity to stand out from competitors with as many as one in 20 (5%) claiming to have gained an advantage over a competitor because of stronger cyber security credentials.

 

Paul Tombs, Head of SME Proposition at Zurich, comments:

 

“While recent cyber-attacks have highlighted the importance of cyber security for some of the world’s biggest companies, it’s important to remember that small and medium sized businesses need to protect themselves too. The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses.

 

“While the rate of attacks on SMEs is troubling, it also shows that there is an opportunity for businesses with the correct safeguards and procedures in place to leverage this as a strength and gain an advantage.”

The post As many as 875,000 UK SMEs suffer cyber security breach in the last 12 months appeared first on IT SECURITY GURU.



from As many as 875,000 UK SMEs suffer cyber security breach in the last 12 months

Malwarebytes international ransomware study reveals UK most likely to pay the ransom

Malwarebytes™, the leading advanced malware prevention, and remediation solution released its “Second Annual State of Ransomware Report” today, conducted by Osterman Research. The multi-country study surveyed 1,054 companies across the United States, France, U.K., Germany, Australia, and Singapore and revealed that almost half (49 per cent) of UK businesses believe the ransom demanded should be paid following a ransomware attack, compared to 42 per cent globally. Among UK-based organisations that did not pay the extortion fee, 46 per cent lost files, the highest among the geographies surveyed.

The Osterman Research report, “Second Annual State of Ransomware Report,” sponsored by Malwarebytes explores attack frequency, impacts in business environments, cost, attitudes towards payments, impact, preparedness and more. Globally, most organisations experienced attacks and breaches during the past year, with 35 per cent of businesses suffering a ransomware attack specifically. In the UK, this number was higher with 37 percent of organisations admitting to a ransomware attack during the last 12 months. Concerningly, most of those had been victimised more than five times during the past year.

The research also revealed that the downtime caused following a ransomware attack was more devastating for a business than the fees demanded. For nearly three in five of the organisations that were infected with ransomware, the ransom demanded was $1,000 or less. However, for 15 per cent of impacted organisations in the UK, a ransomware infection caused 25 or more hours of downtime, with some organisations reporting that it caused systems to be down for more than 100 hours

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, Malwarebytes CEO. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for an enterprise. Our findings demonstrate that SMBs are suffering in the wake of attacks to the point where they must shut down operations. To make matters worse, most of them lack the confidence in preventing attacks; despite significant investments in defensive technologies. As a security community, it’s important that we thoroughly understand the battles that these companies are facing, so we can better protect them.”

Other UK findings include:

  • UK most likely to pay the ransom, evaluating ransom demands on a case-by-case basis: 56.9% of businesses surveyed opted not to pay the ransom, and 46.2% lost files by not paying the ransom; in comparison, 84.1% of French businesses surveyed opted not to pay the ransom, and only 24.5% lost files by not paying the ransom
  • This may be because the UK is the least confident when it comes to combating ransomware: While the global average of businesses expressing little or no confidence in their ability to address ransomware was 10.7%, this varied from a low of 1.7% and 2.3% in Germany and France, respectively, to a high of 19.5% in the United Kingdom — quite possibly due to the highly publicised impact of WannaCry infecting the NHS, which of course is a much larger and more funded organisation than the businesses surveyed
  • The UK’s lack of confidence may be well-placed, as it’s the most clueless nation when it comes to identifying the source of ransomware: Among organisations that did not know the source of the most severe ransomware infection they had experienced, organisations in the United Kingdom were most likely not to know the source (35.4%) and the lowest was the United States (8.6%)
  • At the same time, despite lack of confidence, UK companies proved very resilient when faced with a ransomware attack: Only 17.6% of UK-based organisations reported that the most severe ransomware infection they experienced stopped business immediately, compared to 34.3% of French businesses

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident or equipped in their ability to deal with it,” said Adam Kujawa, Head of Malware Intelligence, Malwarebytes. “Most surprising is the lack of concern from the transportation industry.  According to our SMB and ransomware survey they are the least concerned, when in reality they should be the most concerned. The connected infrastructure within a transportation environment is growing along with the number of attack surfaces. Combine that with an increase in attacks on public transportation entities over the last year and the potential for disaster is massive. Industries of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

To view the full global “Second Annual State of Ransomware” report for more detailed findings and analysis, visit https://go.malwarebytes.com/OstermanRansomware2017_PRSocial.html.

The post Malwarebytes international ransomware study reveals UK most likely to pay the ransom appeared first on IT SECURITY GURU.



from Malwarebytes international ransomware study reveals UK most likely to pay the ransom

Friday, 28 July 2017

Mimecast Report: 45 Million Emails Passed by Incumbent Email Security Systems, Nearly 25% are “Unsafe”

Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the results of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems. This quarter’s assessment noted a continued challenge of securing organizations from malicious attachments, dangerous files types, impersonation attacks, as well as spam – with nearly a quarter of “unsafe” email being delivered to users’ inboxes. Among the email security services assessed, the tests found that using Mimecast in conjunction with prominent cloud-based email service providers, including Google G Suite and Microsoft Office 365, would substantially improve results by blocking thousands more email-borne attacks. The report indicates the need for organizations to enhance their cyber resilience strategies for email with a multi-layered approach that includes a third-party security service provider.

Malware Attachments, Impersonation Attacks and Dangerous File Types Still on the Rise

The risks to email remain whether delivered to a cloud-based, on-premises, or to a hybrid email environment. Email remains the top attack vector for delivering security threats such as ransomware, impersonation, and malicious files or URLs. Attackers motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds and in several recent cases, sabotage with data being permanently destroyed. To date, Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days. More than 45 million emails were inspected, all of which had passed through the incumbent email security system in use by each organization – of this, 31 percent were deemed “unsafe” by Mimecast. These assessments have uncovered more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments and 9,677 impersonation emails to date.

Top Cloud Email Service Providers Missing Advanced, But Very Common Threats

When the data was sliced by incumbent email security vendor the report found that even some of the top email cloud players were missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security. Notably these cloud vendors are leaving organizations vulnerable by missing millions of spam emails and thousands of threats and allowing them to be delivered to the users’ email inboxes. Many organizations have a false sense of security believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.  This quarterly ESRA report strongly indicates the need for organizations to consider third party email security services to more effectively secure their email and increase their overall cyber resilience.

Late last year, Mimecast commissioned Forrester Consulting to evaluate drivers of cloud-based email adoption and to evaluate their related business concerns and expectations. The report, titled Closing The Cloud Email Security Gap, revealed that only 5% of respondents are very confident in the overall security capabilities of their chosen email cloud provider. In fact, 44% of respondents said they would review the security implications of their cloud provider more thoroughly if they were to deploy a cloud-based email platform again. In this report, Forrester Consulting recommended that to enhance their cyber resilience, these organizations should leverage a third-party security services provider to defend against all forms of email-borne threats.

“To achieve a comprehensive cyber resilience strategy, organizations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” said Ed Jennings, chief operating officer at Mimecast. “These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.”

The post Mimecast Report: 45 Million Emails Passed by Incumbent Email Security Systems, Nearly 25% are “Unsafe” appeared first on IT SECURITY GURU.



from Mimecast Report: 45 Million Emails Passed by Incumbent Email Security Systems, Nearly 25% are “Unsafe”

What are universities doing to defend their cyberspace?

Hacking is a growing problem globally and attacks on all organisations, UK universities included, continue to increase. So, what is the higher education sector doing to combat the problem?

A new survey* indicates that universities’ cyber security budgets are increasing rapidly, but investment alone is not enough to tackle the problem.

Raising awareness of threats, what they look like and what to do about them is a key defence in the fight to protect cyber space, and the higher education sector is making good progress on this point. However, there are other difficulties to overcome, too.

Latest research shows that although most universities have information security awareness training for staff, fewer than half train students. Meanwhile, some universities report difficulties in recruiting staff with the right skills and complain there is not enough support for cyber security from senior decision-makers.

These findings are from a survey by Jisc, which operates the UK’s education and research network, supporting up to 18 million users. While individual universities are responsible for their own cyber defence, Jisc’s specialist security team monitors the Janet network and provides services, advice and training to help protect it.

The threat level and how to tackle it
To put the issue into context, latest Jisc figures show that, since October 2016, there were 770 Distributed Denial of Service (DDoS) attacks against 176 different organisations connected to Janet. The unluckiest has been attacked on 59 separate occasions.

Working on the principle that preparation is the key to effective defence, 82% of respondents use outside expertise to test their systems for vulnerabilities, although fewer (51%) use third-party services to gain intelligence about current or emerging threats.

Jisc’s cyber security compliance manager, John Chapman, said: “With the increasing threat landscape, it is becoming more important to identify where vulnerabilities are, keep technology up to date and to apply the latest security patches as they’re made available.”

Social engineering, especially phishing emails, (which may, for example, trick someone into a particular action, or into revealing confidential information), are the most common threats mentioned by survey respondents, all driven by a lack of awareness.

It’s hardly surprising, therefore, that the top cyber security priorities are protection and prevention – and end-user training. The Jisc research found that 83% of universities provide training for staff, which is compulsory in 46% of cases, but only 40% train students and only 8% insist that students take a course.

John Chapman added: “Being more aware of specific threats and improving user awareness can benefit institutions by reducing their exposure to attacks that can have serious implications.”

Why invest in protection measures?
Respondents who felt their university was well protected against cyber-attacks said the issue was taken seriously by management, with the right investment, processes, technology and training in place. They felt able to react quickly to problems, undertook regular audits and, as a result, recorded a low number of incidents.

By contrast, those HEIs who felt they weren’t well protected said cyber security was low on management’s priority list, there was a lack of investment and they had trouble recruiting the right staff.

Using a real example, John Chapman explains how not investing in the cyber security area can be a false economy. He said: “We recently came across a university that had invested in a Jisc automated approach to vulnerability assessment, which meant it was able to understand within a few minutes if any of the systems were at risk to the recent WannaCry attack.

“In turn, this allowed all the IT staff to be stood down from the alert on a Friday afternoon, saving the expense and disruption of working through the weekend to manually check that all systems across the estate had been correctly patched.”

The survey found that 72% of universities had staff dedicated to cyber security and 40% set aside money specifically for cyber security in 2015/2016, which is projected to rise to 58% in 2017/2018.  Compared to the level of spending on cyber security during 2016/17, the mean amount is expected to rise by 132% in 2017/2018.

To help universities gauge where they are on the scale of protection, there are several recognised cyber security standards. Cyber Essentials is the most popular certification and 20% of universities have achieved this accreditation already, while 38% are working towards it and a further 29% are considering.

In response to 94% of respondents agreeing this would be useful, Jisc is exploring the possibility of producing a cyber security ranking system for its members (universities, colleges and research establishments). Jisc has already committed to helping members better assess their cyber security position by developing a security audit service.

*The survey was conducted by Jisc between 30 March and 6 June 2017 and received 65 responses from 51 universities.

About Jisc
Jisc is the UK higher, further education and skills sectors’ not-for-profit organisation for digital services and solutions.  We:

  • operate shared digital infrastructure and services
  • negotiate sector-wide deals with IT vendors and commercial publishers and
  • provide trusted advice and practical assistance for universities, colleges and learning providers.

For more information, contact the press team: press@jisc.ac.uk

 

The post What are universities doing to defend their cyberspace? appeared first on IT SECURITY GURU.



from What are universities doing to defend their cyberspace?

Most Companies Worldwide Failing to Measure Cybersecurity Effectiveness and Performance

Thycotic, a provider of privileged account management (PAM) and endpoint privilege management solutions for more than 7,500 organizations worldwide, today announced the release of its first annual 2017 State of Cybersecurity Metrics Report which analyzes key findings from a Security Measurement Index (SMI) benchmark Survey of more than 400 global business and security executives around the world. Based on internationally accepted standards for security embodied in ISO 27001, as well as best practices from industry experts and professional associations, the Security Measurement Index benchmark survey provides a comprehensive way to define how well an organization is measuring the effectiveness of its IT security.

According to the findings, more than half of the 400 respondents in the survey, 58 percent, scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

“It’s really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices,” said Joe Carson, Chief Security Scientist at Thycotic. “This report needed to be conducted to bring to light the reality of what is truly taking place so that companies can remedy their errors and protect their businesses.”

With global companies and governments spending more than $100 billion a year on cybersecurity defenses, a substantial number, 32 percent, of companies are making business decisions and purchasing cyber security technology blindly. Even more disturbing, more than 80 percent of respondents fail to include business users in making cyber security purchase decisions, nor have they established a steering committee to evaluate the business impact and risks associated with cybersecurity investments.

Additional key findings from the report include:

  • One in three companies invest in cybersecurity technologies without any way to measure their value or effectiveness.
  • Four out of five companies don’t know where their sensitive data is located, and how to secure it.
  • Four out of five fail to communicate effectively with business stakeholders and include them in cybersecurity investment decisions.
  • Two out of three companies don’t fully measure whether their disaster recovery will work as planned.
  • Four out of five never measure the success of security training investments.
  • While 80 percent of breaches involve stolen or weak credentials, 60 percent of companies still do not adequately protect privileged accounts—their keys to the kingdom.
  • Small businesses are targeted in two out of three cyberattacks.
  • Sixty percent of small businesses go out of business six months after a breach.

“We put out this report not only to show the errors that are being made, but also to educate those who need it on how to improve in each of the areas that are lacking,” added Carson. “Our report provides recommendations associated with better ways to educate, protect, monitor and measure so that improvements can be implemented.”

To download the full 2017 State of Cybersecurity Metrics Report and view all the findings from the Security Measurement Index benchmark survey, visit: https://thycotic.com/resources/cybersecurity-metrics-report-2017/.

The post Most Companies Worldwide Failing to Measure Cybersecurity Effectiveness and Performance appeared first on IT SECURITY GURU.



from Most Companies Worldwide Failing to Measure Cybersecurity Effectiveness and Performance

Police chief Hamilton’s Twitter may have been hacked

The PSNI has said that Chief Constable George Hamilton’s Twitter account may have been “maliciously hacked”. The incident happened yesterday, with a number of other Twitter users asking why a tweet had been removed from his account. It is unclear what it referred to, but other tweets indicated it included a series of numbers. Detective Chief Inspector Michael Harvey, the head of the PSNI’s Cyber Crime Centre, said: “At this time we believe there is a possibility the account was maliciously hacked.”Enquiries are currently ongoing. There are no further details at this time.” One Twitter user called Mark wrote after seeing the tweet: “@ChiefConPSNI Was that a wee data protection slip up earlier George?”

Read Full Story 

ORIGINAL SOURCE: Belfast Telegraph

The post Police chief Hamilton’s Twitter may have been hacked appeared first on IT SECURITY GURU.



from Police chief Hamilton’s Twitter may have been hacked

Three Vendors Decline to Patch Vulnerabilities in Nuclear Radiation Monitors

Ruben Santamarta, a security researcher for IOActive, has found various vulnerabilities in nuclear radiation monitoring equipment from three vendors, who when contacted by the researcher, declined to fix the reported flaws, each for various reasons. The vulnerabilities were found in multiple product models sold by Digi, Ludlum, and Mirion.

View Full Story 

ORIGINAL SOURCE: Bleeping Computer

The post Three Vendors Decline to Patch Vulnerabilities in Nuclear Radiation Monitors appeared first on IT SECURITY GURU.



from Three Vendors Decline to Patch Vulnerabilities in Nuclear Radiation Monitors

Security Flaws In “Smart” Car Wash Can Be Exploited to Cause Physical Injuries

Two US security researchers have found vulnerabilities in smart car wash solutions sold by PDQ, a US-based vendor of Internet-connected car wash equipment and software. According to the research team, the security flaws could be exploited to cause damages to cars or physical harm to passengers or car wash employees. The vulnerabilities were discovered back in January 2015, but PDQ ignored the research team for almost two years, even after the researchers published some of their findings two years ago.

View Full Story 

ORIGINAL SOURCE: Bleeping Computer

 

The post Security Flaws In “Smart” Car Wash Can Be Exploited to Cause Physical Injuries appeared first on IT SECURITY GURU.



from Security Flaws In “Smart” Car Wash Can Be Exploited to Cause Physical Injuries

Virgin America Hacked, Employee Passwords and Personal Information Compromised

Virgin America has confirmed in a letter sent to employees that its network was compromised by hackers, with data belonging to thousands of workers compromised and possibly stolen by the attackers. While an investigation is already under way, the airline did not provide any specifics about the hackers, saying instead that it’s working with law enforcement on determining how the breach took place.

Read Full Story 

ORIGINAL SOURCE: Softpedia

The post Virgin America Hacked, Employee Passwords and Personal Information Compromised appeared first on IT SECURITY GURU.



from Virgin America Hacked, Employee Passwords and Personal Information Compromised

WikiLeaks new dump Imperial exposes 3 CIA hacking tools targeting Macs and Linux

WikiLeaks has published three new alleged CIA hacking tools as part of its new Vault 7 dump. The alleged CIA project dubbed “Imperial” includes three hacking tools named Achilles, Aeris and SeaPea that target Mac and Linux operating systems (OS). While Achilles and SeaPea target Mac OS, Aeris targets Linux.According to WikiLeaks’ documents, Achilles allows CIA’s agents to “trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution”.

Read Full Story 

ORIGINAL SOURCE: IB Times

The post WikiLeaks new dump Imperial exposes 3 CIA hacking tools targeting Macs and Linux appeared first on IT SECURITY GURU.



from WikiLeaks new dump Imperial exposes 3 CIA hacking tools targeting Macs and Linux

Thursday, 27 July 2017

Over 28,000 devices decrypted and 100+ global partners – No More Ransom celebrates its first year

One year ago, on 25 July 2016, the No More Ransom initiative was launched by the Dutch National Police, Europol, McAfee and Kaspersky Lab. Today there are more than 100 partners, as major ransomware attacks continue to dominate the news, hitting businesses, governments and individuals all over the world.

The threat of ransomware is escalating

The number of ransomware incidents has soared since 2012, with criminals lured by the promise of profit and ease of implementation.  The threat continues to evolve, becoming stealthier and more destructive, increasingly targeting businesses more than individuals because the potential returns are much higher.

The indiscriminate WannaCry attack in mid-May claimed more than 300,000 business victims across 150 countries in its first few days, crippling critical infrastructure and businesses. Some organizations are still struggling to recover from ExPetya attacks of 27 June.

According to Kaspersky Lab’s ransomware report published last month, the total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4 per cent compared to the previous 12 months, from 2,315,931 to 2,581,026 users around the world.

No More Ransom’s first year in numbers

The site now carries 54 decryption tools, provided by nine partners and covering 104 kinds (families) of ransomware. So far, these tools have managed to decrypt more than 28,000 devices, depriving cybercriminals of an estimated £6.5 million in ransoms.

The portal has counted over 1.3 million unique visitors. On 14 May alone, during the WannaCry crisis, 150,000 people visited the website.

The No More Ransom platform is now available in 26 languages, with the most recent additions Bulgarian, Chinese, Czech, Greek, Hungarian, Indonesian, Malay, Norwegian, Romanian, Swedish, Tamil and Thai.

More than 100 partners: no boundaries between private, public or competitors

No More Ransom now boasts 109 partners. The most recent additions include, from the private sector: Abelssoft, Ascora GmbH, Barclays, Bitsight, Bournemouth University (BU), CERT.BE, Claranet, CSA Singapore, ESTSecurity, Fortinet, Global Forum on Cyber Expertise (GFCE), InterWorks, IPA, KISA (Korean Internet & Security Agency), TWCERT/CC, LLC, University of Porto and vpnMentor. Four new law enforcement agencies have also joined from Czech Republic, Greece, Hong Kong and Iran.

The success of the No More Ransom initiative is a shared success, one that cannot be achieved by law enforcement or private industry alone. By joining forces, we enhance our ability to take on the criminals and stop them from harming people, businesses and critical infrastructure, once and for all.

No better cure than prevention

Law enforcement globally, in close cooperation with private partners, has ongoing investigations into ransomware criminals and infrastructure. However, prevention is no doubt better than cure. Internet users need to avoid becoming a victim in the first place. Many up to date prevention tips are available on www.nomoreransom.org. If you do become a victim, it is important not to pay the ransom and report your infection to the police.

The post Over 28,000 devices decrypted and 100+ global partners – No More Ransom celebrates its first year appeared first on IT SECURITY GURU.



from Over 28,000 devices decrypted and 100+ global partners – No More Ransom celebrates its first year

Cyber awareness training within the legal industry must be the first-line of defence against online scammers, warns Databarracks

For the legal industry to effectively address the rising threat of online scams, cyber awareness training amongst staff must act as its first-line of defence, according to business continuity and disaster recovery service provider Databarracks. This follows recent findings from the Law Society, which revealed that more than a quarter of law firms in England and Wales were targeted by fraudsters last year, with most of the attempted scams taking place online.

Peter Groucutt, managing director for Databarracks comments: “It’s unsurprising to hear that the legal sector is vulnerable to online attacks. The fast-paced nature of the industry combined with the high-volume of email traffic means that it only takes one person to open an unsolicited email and attachment to compromise an entire organisation.

“The Law Society is right to highlight this growing threat and also encourage firms to review risk management practices, but importantly, senior management teams within these firms shouldn’t make the mistake of assuming that this is solely a technology issue that needs to be addressed. For any organisation, the first-line of defence against cyber threats starts with your staff and this must be supported with effective cyber awareness training.”

Groucutt continues: “In practice, make sure that your team is able to identify potential phishing emails as well as the recommended procedures to follow in the case of a breach or infection. This can help to get incidents under control quickly, reducing the amount of damage caused. For smaller practices, which typically might not have the necessary infrastructure or personnel in place, schemes such as the government’s Cyber Essentials Scheme (CES) provides advice and guidance for those looking to take their first steps into cyber-security and also supports those who are simply looking to improve existing processes.

“A lot of IT departments handle incidents in the background with only key senior individuals being informed, but if threats aren’t communicated internally to employees then how will they understand the dangers facing the business? Because of this, an effective line-of-dialogue between the IT department and the rest of the business is needed. This not only serves to alert an entire organisation to threats, but allows the IT team to understand whether security processes are too restrictive or unintuitive, hindering the staff’s ability to do their jobs competently. Asking these questions to the right people will go a long way to improving adherence to IT security practices.

“Additionally, this needs to be supported with effective backup capabilities. The fallible nature of people means that in the event of an incident an organisation needs to know that its data can be retrieved, but often this is hindered by the technology in place and also how thinly the IT teams are spread. A firm’s IT team might have priorities elsewhere for example, handling hardware upgrades or managing new software installations. Because of this, backup can become an afterthought and often this is where a firm’s downfall can lie.

“You need to ensure backup works for you when you need it to, and because of this it needs to be managed, monitored and tested regularly,” Groucutt concludes.

The post Cyber awareness training within the legal industry must be the first-line of defence against online scammers, warns Databarracks appeared first on IT SECURITY GURU.



from Cyber awareness training within the legal industry must be the first-line of defence against online scammers, warns Databarracks

Ransomware on the rise: how to prevent an attack

If the last few months have taught us anything, it’s that enterprises clearly need to take a long hard look at the cyber security they have in place.  One thing is clear – cyber threats now present a bigger risk to organisations than ever before.  Considering the huge growth in the number of new ransomware families (an increase of 752% since 2015), online extortion has become a major issue and one that businesses must address.

When it comes to measuring up the country’s worst hit by ransomware, the UK does not appear to be faring well.  According to a recent report by Malwarebytes, 54% of UK companies have been hit by a ransomware attack compared to 47% of US companies.  It is a common misconception that hackers are only targeting financial institutions, but this year’s attacks on UK parliament and health trusts highlights the reality of the situation – no business or organisation is safe.

It is becoming increasingly easy for hackers to disrupt business operations and extort money with the availability of open source ransomware and ransomware as a service (RaaS).  Organisations are rightly concerned about the loss of productivity over anything else. It is estimated that it takes 33 man hours (on average) to fix the problem, with the financial impact potentially much larger than the demanded ransom.

In addition, companies are increasingly concerned about data protection legislation and the potential for significant fines from governing bodies, as well as damage to reputation, resulting from data loss. This comes sharply in to focus now with the EU General Data Protection Regulation coming into force from May 2018.

So what is Ransomware?

In short, it is a type of malicious software that attempts to obtain money from a computer user or organisation by infecting systems and blocking access. This is typically done through encryption of the files and documents on the victim’s machine, then demanding a sum of money to provide the keys to decrypy the files.

There are a number of ways a hacker can initiate an attack, with the most common being a phishing email. This is where the victim is tricked into clicking on a link, or opening an attachment in what appears to be a legitimate email message.  The malicious software is then covertly installed on a computer, without knowledge or intention of the user.  It can then either stay dormant or spread without user interaction, depending on the type of attack, until it receives a command from the hackers systems to encrypt the files or lock the computer.  As soon as the data is encrypted, the user receives the ransom notification and the clock starts ticking.

Once your data is locked you face a difficult choice, whether to pay or not to pay. If you pay, will you really receive the key to decrypt and get your data back?  You are dealing with criminals after all!

How can you prevent an attack?

Unfortunately, there is no silver bullet.  Cyber criminals are constantly innovating and every cyber-attack is constructed using well-defined phases, which are completed sequentially.  Rendering a cyber-attack unsuccessful is all about blocking one or more of these stages.

You therefore need to look at a layered approach to protection. This means:

  • Securing your entry points.
  • Filtering web traffic and blocking malicious sites.
  • Blocking users from certain websites of which they should have no access.
  • Blocking macro’s and ActiveX along with not allowing external content from running inside office applications.
  • Scanning all emails and attachments for phishing.
  • Educating your employees to increase their awareness of phishing techniques and general vigilance.
  • Ensuring USB devices are scanned or even restricted in some parts, with auto play disabled at the very least.
  • Locking down users’ own (BYOD) devices on secured separate networks from production systems.
  • Deploying ransom behavioural tools and scanning your network traffic.

With this layered approach, research has shown that most ransomware attacks can be stopped at the gateway level, through email and URL blocking. The last line of defence is endpoint anti-ransomware behavioural monitoring, designed to proactively detect and block ransomware execution.  However, you want to stop this at the gateway and so ensure that your intrusion prevention, email and web scanning solutions are suitably robust to protect your edge networks.

Ultimately, you need to improve your security posture, research and follow best practices for technology and solutions that you already have in place. Where possible, looking to complement these with new and improved technology and services.

But what if it still gets through?

Even with all these tools and techniques in place sophisticated malware can still get through your defences.  Cyber criminals are evasive and clever and find new weak points all the time.  If the ransomware gets in, it will begin infecting disks and mapped network shares.  You therefore need plans in place to contain and respond to an infection and ultimately restore your data.  Paying the ransom should not be an option.

Backups are key to protecting your data.  However, for a lot of organisations, restoring the previous night’s backup to recover from a ransomware incident is simply not acceptable, due to the data loss and downtime incurred.  Organisations may leverage snapshots, be they storage based or at the  virtual machine level, to provide more granular restore capabilities.  But these too will likely mean accepting several hours’ worth of data loss.  This may also not be palatable to some companies, and thus we need to go further in terms of our restore capabilities.  We need to look at journaling technologies to be able to quickly roll systems back to a specific point in time, minutes or even seconds before the infection.

Once recovered, it is key that you conduct root cause analysis to help prevent reoccurrence.  There are always lessons to be learned and weak points can then be highlighted and addressed accordingly.  After the issue is resolved, the question should always be why did this happen?  Management will want to see a plan detailing how you will stop this in future.

Vigilance is key

Organisations and their employees need to be educated to be vigilant to avoid losing data and money.  You need to be implementing a multi-layered approach to cyber security, implementing solutions that utilise behavioural monitoring and machine learning whilst protecting your gateways, networks, servers and endpoints to help prevent ransomware infections.  There is no silver bullet, you need to employ a layered approach – defence in depth.

Prevent, contain and respond – you need plans in place for each. It is time to beef up your defence and recover options against the ever-increasing threat of ransomware.

The post Ransomware on the rise: how to prevent an attack appeared first on IT SECURITY GURU.



from Ransomware on the rise: how to prevent an attack

Google Detects Android Spyware in Play Store, Removes It Before It’s Too Late

Android malware reaching the Google Play Store is not really something new, as infected apps are being detected on a regular basis, but search giant Google highlights one particular case that it managed to deal with thanks to the recently-released Google Play Protect security feature.

Specifically, Google says it came across a new form of Android spyware called Lipizzan which the company says is somehow linked to an Israeli company working with governments and intelligence agencies across the world.

View Full Story 

ORIGINAL SOURCE: Softpedia

The post Google Detects Android Spyware in Play Store, Removes It Before It’s Too Late appeared first on IT SECURITY GURU.



from Google Detects Android Spyware in Play Store, Removes It Before It’s Too Late

Crooks Reused Passwords on the Dark Web, so Dutch Police Hijacked Their Accounts

Dutch Police are aggressively going after Dark Web vendors using data they collected from the recently seized Hansa Market.

Currently, the infosec community and former Hansa vendors themselves have spotted two ways in which Dutch authorities are going after former Hansa vendors.

View Full Story 

ORIGINAL SOURCE: Bleeping Computer

The post Crooks Reused Passwords on the Dark Web, so Dutch Police Hijacked Their Accounts appeared first on IT SECURITY GURU.



from Crooks Reused Passwords on the Dark Web, so Dutch Police Hijacked Their Accounts

Ransomware ‘here to stay’, warns Google study

Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google. The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type. Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat. Two types of ransomware made most of the money, it said, but other variants are starting to emerge.

View Full Story 

ORIGINAL SOURCE: BBC

The post Ransomware ‘here to stay’, warns Google study appeared first on IT SECURITY GURU.



from Ransomware ‘here to stay’, warns Google study

Facebook will spend over $500,000 to help Harvard fight election hacking

Facebook will reportedly help Harvard fight election hacking. The social media giant will reportedly spend $500,000 (£380,000) , as initial funding to a non-profit organisation that aims at protecting political parties and voting systems from hacking and propaganda attacks.

The project, dubbed Defending Digital Democracy is also a bipartisan initiative and will reportedly be based at Harvard University’s Kennedy School of Government. Speaking at the BlackHat event in Las Vegas on Wednesday, Facebook cybersecurity boss Alex Stamos said the tech giant hopes that the initiative to fend off attacks from hackers will be joined by others as well, Reuters reported.

Read Full Story 

ORIGINAL SOURCE: IB Times

The post Facebook will spend over $500,000 to help Harvard fight election hacking appeared first on IT SECURITY GURU.



from Facebook will spend over $500,000 to help Harvard fight election hacking

Hackers can now spy and track locations of phones using flaw in 3G and 4G LTE networks

New vulnerabilities recently found in 3G and 4G networks can reportedly allow hackers to spy, monitor and track locations of phones. Security researchers also reportedly believe that the flaw could pave the way for next-gen low-cost stingray devices. According to security experts Ravishankar Borgaonkar and Lucca Hirschi, who discussed their research at the BlackHat event in Las Vegas, the flaw was reportedly found in the authentication and key agreement of high-speed networks – which allows a phone to securely communicate with a user’s network.

Read Full Story 

Original Source: IB Times

The post Hackers can now spy and track locations of phones using flaw in 3G and 4G LTE networks appeared first on IT SECURITY GURU.



from Hackers can now spy and track locations of phones using flaw in 3G and 4G LTE networks

Wednesday, 26 July 2017

IT teams and the C-suite must work together to deliver comprehensive cyber-security, says EACS

Cyber-security is rarely out of the news these days, with large businesses and organisation under attack. This is now increasingly moving to medium-sized organisations, who are also seeing their capital, reputation and intellectual property challenged by new and insidious threats. However, according to IT solutions and managed services provider (MSP) EACS, while many IT teams are taking steps to improve their organisations’ security posture, their efforts are being hampered by an indifference to the topic within the broader C-suite.

A report by the Economist Intelligence Unit reveals a disconnect between the C-suite and IT teams when it comes to prioritising cyber prevention. Although cyber security ranked as the number one priority for IT teams, it languished in ninth place for the C-suite, far behind things like business growth and new customer acquisition.

For Kevin Timms, CEO of EACS, cyber-security can no longer just be seen as an issue for the IT department to sort out and senior management needs to become fluent in the language of security if they are to improve the way that their companies deal with threats.

Timms comments: “Cyber-attacks are rapidly growing in both number and severity and while that is broadly recognised at all levels of the organisations we speak to, there’s still a bit of a disconnect in the C-suite and a lack of responsibility, a gap which seems to be more distinct in medium-sized businesses. It is of course to be expected that the C-suite is focused on the business growth and to an extent it is understandable that there’s less focus on cyber-security because this is a primary area of focus for IT teams, but the fact is that the success of a business is increasingly contingent on its ability to protect itself from cyber threats and maintain the integrity of its data. The two need to go hand-in-hand and without sufficient support at the highest levels of a business, strong cyber-security measures will struggle to take hold.”

“It’s also important to remember that IT security is not just about building a bigger firewall, but the processes of the company and a shift in attitude. Everyone within a business needs to think about what they do on a day-to-day basis to make sure they behave in a way that is beneficial to the company as a whole; from the top down and vice versa.

“With the C-suite and the IT teams working collaboratively to understand the full impact of a cyber-attack on the business and outlining a full programme for prevention, there will be a greater recognition of the potential threats the business faces. Businesses need to dedicate time and resources to the issue, which can be achieved by enlisting the help of third parties like Managed Service Providers (MSP). By partnering with MSPs with the experience and expertise to deliver a comprehensive cyber-security programme, the C-suite can rest assure that their business has room to grow while the IT teams can focus on business development rather than worrying about security,” concluded Timms. 

 

The post IT teams and the C-suite must work together to deliver comprehensive cyber-security, says EACS appeared first on IT SECURITY GURU.



from IT teams and the C-suite must work together to deliver comprehensive cyber-security, says EACS

NETSCOUT enters the advanced threat Market

NETSCOUT, a provider of business assurance – combining service assurance, cybersecurity and business intelligence – today announced integration between the company’s next-generation, real-time information platform, ISNG, and network threat analysis solution, Arbor Networks Spectrum.

This solution brings NETSCOUT’s patented smart data technology to advanced threat detection, delivering pervasive visibility for the entire enterprise. Using a common, shared data source promotes smooth collaboration between the network and security teams. The result is faster time to detection and investigation of advanced threats.

For the first time, network and security teams have access to both real-time and historical network traffic from a single dashboard, giving them the Smart Data needed for rapid detection and investigation of advanced threats hidden on the network.

“NETSCOUT’s approach enables greater collaboration between network and security teams, helping to ensure that key network data is accessible and actionable,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group (ESG). “The Company is leveraging pervasive instrumentation of enterprise networks to deliver end-to-end visibility across users, applications, protocols and network data. Together with Arbor Networks Spectrum security analytics and integrated threat intelligence – NETSCOUT can help orchestrate and automate key network and security workflows, helping customers detect and investigate threats faster than traditional approaches.”

Automate and orchestrate key service assurance and security threat detection workflows with smart data from NETSCOUT

Smart data is comprised of NETSCOUT patented Adaptive Service Intelligence (ASI) technology, which provides unprecedented intranet traffic visibility, and Arbor Networks Active Threat Level Analysis System (ATLAS), a global threat intelligence infrastructure, which provides unprecedented internet traffic visibility. This smart data provides actionable intelligence vital to resolving security threats quickly and efficiently.

Arbor Networks ATLAS monitors over one-third of all internet traffic providing near-real-time visibility into today’s emerging threats, fueling Arbor’s mission to help keep the internet stable and secure. This dynamic intelligence empowers security and network teams with relevant, actionable information on the threats facing them within the increasingly connected world.

NETSCOUT ISNG with ASI technology efficiently analyzes real-time wire data for a contextual view of service, network and application performance. It delivers unprecedented scalability and flexibility in multiple form factors and deployment options: virtual, software and hardware appliances. NETSCOUT’s technology converts high-volume network traffic into high value, multi-dimensional metadata in real time – effectively creating “smart data.”

NETSCOUT smart data is collected, organized, analyzed and contextualized to provide real-time insight into service performance degradations across physical, virtual and hybrid cloud environments. With this integration, ISNG becomes the data source for Arbor Networks Spectrum, “mining” IP traffic intelligence pervasively and passively across the network.

Now NETSCOUT customers can use Arbor Networks Spectrum with ISNG to:

Leverage common service delivery infrastructure in physical, virtual and cloud environments that gives security teams pervasive visibility across users, applications, protocols, and network flow data.

Provide security teams with superior intelligence based on the high-resolution wire data using either dedicated or shared ISNG collectors.

Take advantage of smart data from the combined solution to expose and extract the key potential threat activity across the network, reducing mean time to resolution of critical security threats.

“With ISNG, we are now delivering what IT, network and security teams have been craving during a time of profound technology disruption –  a greater level of simplicity along with more visibility and control over their distributed environments,” said Anil Singhal, president and chief executive officer, NETSCOUT. “With the integration of Arbor Networks Spectrum advanced threat capabilities, ISNG customers can leverage their investment in NETSCOUT solutions to encompass all aspects of IT and security operations across the enterprise, public sector, and service provider markets.”

Only NETSCOUT solutions can deliver this powerful combination of smart data from within the internal network and across the internet with the context required to make informed decisions quickly across critical network and security functions.

About NETSCOUT

NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) is a leading provider of business assurance, a powerful combination of service assurance, cybersecurity, and business intelligence solutions for today’s most demanding service provider, enterprise and government networks. NETSCOUT’s Adaptive Service Intelligence (ASI) technology continuously monitors the service delivery environment to identify performance issues and provides insight into network-based security threats, helping teams to quickly resolve issues that can cause business disruptions or impact user experience. Arbor Networks’ suite of visibility, DDoS protection and advanced threat solutions provide customers with a micro view of their network enhanced by a macro view of global internet traffic and emerging threats through its ATLAS infrastructure and security and response teams.

 

##

The post NETSCOUT enters the advanced threat Market appeared first on IT SECURITY GURU.



from NETSCOUT enters the advanced threat Market

Saturday, 22 July 2017

Lastline Unveils Unprecedented Breach Protection Capabilities

Malware protection firm Lastline has introduced Lastline Breach Defender™, the industry’s only solution that provides a dynamic blueprint of a breach as it unfolds and moves laterally across a network. Informed by unprecedented understanding of malware behaviours, Lastline Breach Defender provides the visibility, context, threat intelligence, and integration enterprise security teams need to remediate breaches faster, with fewer resources, and at lower cost.

“When malware strikes, it is imperative that security teams see and understand all the malicious activity taking place across a compromised network,” said Christopher Kruegel, Lastline CEO. “Lastline Breach Defender provides this information, accelerating the team’s ability to respond to a breach before data exfiltration can occur by identifying all the applications, systems, and data affected by the malware.”

Features of Lastline Breach Defender includes:

  • Malware Detection: Lastline Deep Content Inspection™ detects attacks that evade sandboxes, firewalls, and other “next-gen” tools by uncovering malicious behaviour engineered into a piece of malware with unique fidelity not possible with other technologies.
  • Network Analysis: Monitors events and network activity, including low-level events and seemingly benign activity, to uncover all malicious network activity.
  • Global Threat Intelligence: Provides context by linking activity within a network with global information about threats previously detected by Lastline’s global customer base.
  • Integrations: Proven integration with third-party security products further inform breach analysis and improve effectiveness of existing controls.
  • Data Correlation: Applies machine learning and AI techniques to connect collected data and identify relationships among seemingly unrelated aspects of the breach activity, spotting elements of a breach that otherwise would have been missed with limited security staffing and other tools.
  • Anomaly Detection: Builds a profile of normal network activity using machine learning, and correlates anomalies in the context of detected breaches, providing improved threat analytics without overwhelming analysts with benign anomalies.
  • Manual or automated response enables an organization to implement mitigating controls to help secure their organization
  • Integrations with existing security infrastructure improve the effectiveness of current security products, staff, and processes
  • Cloud-based architecture and flexible deployment options reduce the cost and complexity of eliminating advanced threats

“Lastline provides unmatched breach detection with a single product that correlates network anomalies, threat intelligence, and our deep visibility of malware behavior,” said Brian Laing, Lastline VP of business development and products. “Lastline Breach Defender provides all the capabilities enterprises need to detect breaches quickly with minimal false positives, remediate them more efficiently and effectively, and do so with fewer resources, protecting the organization from costly and damaging data breaches.”

The post Lastline Unveils Unprecedented Breach Protection Capabilities appeared first on IT SECURITY GURU.



from Lastline Unveils Unprecedented Breach Protection Capabilities

UK uni warns students of phishers trying to nick their tuition fees

Foreign students looking to experience the stochastic joys of a year at Newcastle University in England are being warned that phishers are after their cash – using an unusually well-crafted attack. The raiders set up a very realistic-looking fake website proclaiming itself to be Newcastle International University, complete with pages of well-laid-out information. The URL isn’t that of the actual university site, but if you’re a student unfamiliar with the center of learning, it would be easy to be fooled.
View Full Story

ORIGINAL SOURCE: The Register

The post UK uni warns students of phishers trying to nick their tuition fees appeared first on IT SECURITY GURU.



from UK uni warns students of phishers trying to nick their tuition fees

BEC Attacks Far More Lucrative than Ransomware over Past 3 Years

Despite all the recent attention paid to ransomware, cybercriminals walked away with $5.3 billion from business email compromise (BEC) attacks compared with $1 billion for ransomware over a three-year stretch, according to Cisco’s 2017 Midyear Cybersecurity Report released today. Cybercriminals are increasingly taking a practical approach to their pilfering, going for the fastest method that they can steal a buck, or in this case, billions, says Steve Martino, Cisco’s chief information security officer. “What we are looking at is the continual commercialization of cyberattacks,” Martino says, pointing out that is a major theme in the report.

View Full Story

ORIGINAL SOURCE: Dark Reading

The post BEC Attacks Far More Lucrative than Ransomware over Past 3 Years appeared first on IT SECURITY GURU.



from BEC Attacks Far More Lucrative than Ransomware over Past 3 Years

Donald Trump in talks with Russia over ‘creating cyber security group’

Moscow and Washington are in talks to create a joint cyber security working group, a Russian news agency has reported. In its report, RIA news agency cited Russia’s special envoy on cyber security, Andrey Krutskikh. “Different proposals are being exchanged and are being studied, nobody is avoiding the need for negotiations and contacts,” Mr Krutskikh said, according to the agency. “There is no need to overdramatise the working process, it is underway without doubts, it is difficult taking into account the US realities, but this is more of the issue of the US administration, not ours.” Last week, Russia said Donald Trump and Vladimir Putin had discussed forming a group on cyber security.
View Full Story

ORIGINAL SOURCE: The Independent

The post Donald Trump in talks with Russia over ‘creating cyber security group’ appeared first on IT SECURITY GURU.



from Donald Trump in talks with Russia over ‘creating cyber security group’

Valve Patches Security Flaw That Allows Installation of Malware via Steam Games

A vulnerability in Valve’s Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user’s computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others. The issue came to light today when security researcher Justin Taft of One Up Security published a report detailing his findings. The vulnerability is a simple buffer overflow in the Source SDK. The buffer overflow can be exploited by an attacker to append a piece of malicious code and execute it on a targeted machine.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Valve Patches Security Flaw That Allows Installation of Malware via Steam Games appeared first on IT SECURITY GURU.



from Valve Patches Security Flaw That Allows Installation of Malware via Steam Games

Friday, 21 July 2017

DarkHotel hackers are going after political targets instead of CEOs with new Inexsmar malware

A highly sophisticated cyberespionage group called DarkHotel, which has been around for decades, is back in business.The hacker group is known for going after targets in the business sector, using luxury hotel’s Wi-Fi to hack and spy on victims. However, DarkHotel hackers have now changed their strategy and are targeting political figures instead of CEO’s, according to security experts. Although DarkHotel hackers previously typically used zero-day exploits in their campaigns, the cyberespionage group’s new multi-pronged attack vector includes a combination of whaling (advanced phishing), a new malware called Inexsmar as well as other complex attack methods.

View Full Story

ORIGINAL SOURCE: IB Times UK

The post DarkHotel hackers are going after political targets instead of CEOs with new Inexsmar malware appeared first on IT SECURITY GURU.



from DarkHotel hackers are going after political targets instead of CEOs with new Inexsmar malware

In an Evil Internet Minute, £656,393 is Lost to Cybercrime, Reveals RiskIQ

With cybercriminals costing the global economy £345 billion last year alone[1], Digital threat management leader RiskIQ has examined the growing volume of malicious activity on the Internet to reveal the inaugural ‘Evil Internet Minute’. In a single evil internet minute, close to £656,393 is lost to cybercrime and 1,080 people fall victim. Despite businesses’ best efforts to guard against external cyber threats, spending up to £109,942[2] in 60 seconds, bad actors continue to proliferate online.

Colin Verrall, VP EMEA, RiskIQ comments, “As the Internet and its community continues to grow at pace, some people have been trying to make the vast numbers associated with it more accessible by framing them in the context of an ‘Internet Minute’. As the same growth applies to cybercrime, similarly, we have framed malicious Internet activity, leveraging the latest research as well as our own intelligence to define the darker happenings across the web in 60 seconds.”

The threats are complex with tactics ranging from malware to phishing, and intentions including monetary gain, inflicting large scale reputational damage or perhaps even to entertain. Cyber criminals continue to find success deploying tactics from 818 pieces of unique malware, 1214 ransomware attacks and over 100,000 phishing emails in just one evil internet minute.

RiskIQ’s research has also uncovered additional malicious activity, ranging from blacklisted mobile apps to malvertising:

  • New blacklisted mobile apps: 0.3 per minute
  • New phishing pages: 100 per minute
  • Malvertising: 14.5 incidents per minute
  • Pirate content: 4,300 people globally exposed to malware from content theft sites per minute

Colin Verrall, VP EMEA, RiskIQ comments, “Sophisticated cyber criminals continue to expand their digital armoury, lurking behind more online activity than we might expect. Websites, emails, mobile apps, online videos or even digital advertisements; all have become regular methods of entry for malicious online activity. The digital footprint of a business is always larger than perceived and with such happenings, control is often relinquished. It is crucial then for organisations to be aware of their entire digital footprint and make it a priority to close any critical security gaps. It is only way to adequately secure a business, its employees and customers.”

For the Evil Internet Minute infographic, please click here.

[1] Hiscox Cyber Readiness Report 2017

[2] https://www.forbes.com/sites/stevemorgan/2016/03/09/worldwide-cybersecurity-spending-increasing-to-170-billion-by-2020/#397cfbcf6832

 

The post In an Evil Internet Minute, £656,393 is Lost to Cybercrime, Reveals RiskIQ appeared first on IT SECURITY GURU.



from In an Evil Internet Minute, £656,393 is Lost to Cybercrime, Reveals RiskIQ

Employees regarded as an organisation’s greatest asset but also one of the biggest data security risks

IT professionals believe that compliance and regulation and the unpredictable behaviour of employees will have the biggest impact on data security according to a new Concensus survey* commissioned by independent global data security specialist, HANDD Business Solutions (HANDD).

 

The findings are launched alongside HANDD’s new Advisory Paper – ‘Securing the Journey of Your Data’ – which tackles the issue of data protection and provides organisations with an insight into the challenges and solutions associated with securing data on its journey through the enterprise.

 

The survey of 304 IT professionals in the UK shows that 21 per cent of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

 

HANDD CEO and Co-Founder Ian Davin commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

 

Worryingly, 41 per cent of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.

 

“Many organisations have no insight into the data that they hold and so don’t understand which data is worth heavy investment and which isn’t so the reality is that they could be spending as much on securing the lunch menu as they are on securing their customers’ data,” explains Danny Maher, CTO at HANDD.

 

While 43 per cent of those surveyed think that employees are an organisation’s greatest asset, more than a fifth (21 per cent) believe that the behaviour of employees and their reactions to social engineering attacks, which can trick them into sharing user credentials and sensitive data, also poses a big challenge to data security.  “Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” adds Danny Maher.

 

Storage is also a key problem area, with more than a third (35 per cent) citing that ensuring data is stored securely, and whether it’s on premise or in the cloud, as their biggest challenge and most likely to keep them awake at night. A data record’s classification will enable a company to make these decisions, automatically and definitively dictating its location and whether an encryption policy should apply.

 

Having stored data to comply with its security policy a company must ensure that an access management system is in place, which understands roles and responsibilities and allows users to see only the information that they need. In HANDD’s survey less than half (45 per cent) of IT professionals are confident that they have an identity access management process in place that dictates that users must have different privileges depending on their roles and responsibilities, while 15 per cent have no access management system in place at all.

 

HANDD’s Advisory Paper, Securing the Journey of Your Data is available to download now http://www.handd.co.uk/advisory-paper

The post Employees regarded as an organisation’s greatest asset but also one of the biggest data security risks appeared first on IT SECURITY GURU.



from Employees regarded as an organisation’s greatest asset but also one of the biggest data security risks

Cisco 2017 Midyear Cybersecurity Report predicts new “Destruction of Service” attacks; scale and impact of threats grow

The Cisco® 2017 Midyear Cybersecurity Report (MCR) uncovers the rapid evolution of threats and the increasing magnitude of attacks, and forecasts potential “destruction of service” (DeOS) attacks. These could eliminate organizations’ backups and safety nets, required to restore systems and data after an attack. Also, with the advent of the Internet of Things (IoT), key industries are bringing more operations online, increasing attack surfaces and the potential scale and impact of these threats.

 

Recent cyber incidents such as WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like traditional ransomware, but are much more destructive. These events foreshadow what Cisco is calling destruction of service attacks, which can be far more damaging, leaving businesses with no way to recover.

 

The Internet of Things continues to offer new opportunities for cybercriminals, and its security weaknesses, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact. Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself.

 

Measuring effectiveness of security practices in the face of these attacks is critical. Cisco tracks progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat. Faster time to detection is critical to constrain attackers’ operational space and minimize damage from intrusions.  Since November 2015, Cisco decreased its median time-to-detection (TTD) from just over 39 hours to about 3.5 hours for the period from November 2016 to May 2017. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.

 

Threat Landscape: What’s Hot and What’s Not

Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw they increasingly require victims to activate threats by clicking on links or opening files. They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. Finally adversaries are relying on anonymized and decentralized infrastructure, such as a Tor proxy service, to obscure command and control activities.

 

While Cisco has seen a striking decline in exploit kits, other traditional attacks are seeing a resurgence:

 

  • Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue. Cisco threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux.
  • Spyware and adware, often dismissed by security professionals as more nuisance than harm, are forms of malware that persist and bring risks to the enterprise. Cisco research sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20 percent of the sample. In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.
  • Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of skill set, to carry out these attacks. Ransomware has been grabbing headlines and reportedly brought in more than $1 billion in 2016, but this may be misdirecting some organizations, who face an even greater, underreported threat. Business email compromise (BEC), a social engineering attack in which an email is designed to trick organizations into transferring money to attackers, is becoming highly lucrative. Between October 2013 and December 2016, $5.3 billion was stolen via BEC, according to the Internet Crime Complaint Center.

 

Unique Industries Face Common Challenges

As criminals continue to increase the sophistication and intensity of attacks, businesses across industries are challenged to keep up with even foundational cybersecurity requirements. As Information Technology and Operational Technology converge in the Internet of Things, organizations struggle with visibility and complexity. As part of its Security Capabilities Benchmark Study, Cisco surveyed close to 3,000 security leaders across 13 countries and found that across industries, security teams are increasingly overwhelmed by the volume of attacks. This leads many to become more reactive in their protection efforts.

  • No more than two-thirds of organizations are investigating security alerts. In certain industries (such as healthcare and transportation), this number is closer to 50 percent.
  • Even in the most responsive industries (such as finance and healthcare), businesses are mitigating less than 50 percent of attacks they know are legitimate.
  • Breaches are a wake-up call. Across most industries, breaches drove at least modest security improvements in at least 90 percent of organizations. Some industries (such as transportation) are less responsive, falling just above 80 percent.

 

Important findings per industry include:

  • Public Sector – Of threats investigated, 32 percent are identified as legitimate threats, but only 47 percent of those legitimate threats are eventually remediated.
  • Retail – Thirty-two percent said they’d lost revenue due to attacks in the past year with about one-fourth losing customers or business opportunities.
  • Manufacturing – Forty percent of the manufacturing security professionals said they do not have a formal security strategy, nor do they follow standardized information security policy practices such as ISO 27001 or NIST 800-53.
  • Utilities – Security professionals said targeted attacks (42 percent) and advanced persistent threats, or APTs (40 percent), were the most critical security risks to their organizations.
  • Healthcare – Thirty-seven percent of the healthcare organizations said that targeted attacks are high-security risks to their organizations.

 

Cisco’s Advice for Organizations

To combat today’s increasingly sophisticated attackers, organizations must take a proactive stance in their protection efforts. Cisco Security advises:

  • Keeping infrastructure and applications up to date, so that attackers can’t exploit publicly known weaknesses.
  • Battle complexity through an integrated defense. Limit siloed investments.
  • Engage executive leadership early to ensure complete understanding of risks, rewards and budgetary constraints.
  • Establish clear metrics. Use them to validate and improve security practices.
  • Examine employee security training with role-based training versus one-size-fits-all.
  • Balance defense with an active response. Don’t “set and forget” security controls or processes.

 

For the 2017 MCR, a diverse group of 10 security technology partners were invited to share data from which to jointly draw threat landscape conclusions. Partners that contributed to the report include Anomali, Flashpoint, Lumeta, Qualys, Radware, Rapid7, RSA, SAINT Corporation, ThreatConnect and TrapX. Cisco’s security technology partner ecosystem is a key component of the company’s vision to bring security that is simple, open and automated to customers.

 

Supporting Quotes

“As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”

Steve Martino, Vice President and Chief Information Security Officer, Cisco

 

“Complexity continues to hinder many organziations’ security efforts. It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts. To effectively reduce Time to Detection and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”

‑ David Ulevitch, Senior Vice President and General Manager, Security Business Group, Cisco

 

About the Report

The Cisco 2017 Midyear Cybersecurity Report examines the latest threat intelligence gathered by Cisco Collective Security Intelligence. The report provides data-driven industry insights and cybersecurity trends from the first half of the year, along with actionable recommendations to improve security posture. It is based on data from a vast footprint, amounting to a daily ingest of over 40 billion points of telemetry. Cisco researchers translate intelligence into real-time protections for our products and service offerings that are immediately delivered globally to Cisco customers.

The post Cisco 2017 Midyear Cybersecurity Report predicts new “Destruction of Service” attacks; scale and impact of threats grow appeared first on IT SECURITY GURU.



from Cisco 2017 Midyear Cybersecurity Report predicts new “Destruction of Service” attacks; scale and impact of threats grow