Category Archives: Expert Comments

SunTrust Bank Employee Steals Critical Data On 1.5 Million Customers

The ISBuzz Post: This Post SunTrust Bank Employee Steals Critical Data On 1.5 Million Customers appeared first on Information Security Buzz.

SunTrust Banks Inc. has revealed that a former employee stolen the personal information of more than a 1.5 million clients. It is thought the individual had access to critical data including customer names, addresses, phone numbers, and certain account balances. Javvad Malik, Security Advocate at AlienVault commented below.

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“While the focus of many companies is on detecting external threats, companies should not overlook the danger posed by insiders. It is therefore important for companies to have an all-encompassing threat detection and response strategy that can not only alert where external attacks are attempted, but where insiders misuse their legitimate access by monitoring network traffic, endpoints, and behavioural analysis.”

The ISBuzz Post: This Post SunTrust Bank Employee Steals Critical Data On 1.5 Million Customers appeared first on Information Security Buzz.

More Than 80 UK Manufacturing Plants Hit By Cyber Attacks

The ISBuzz Post: This Post More Than 80 UK Manufacturing Plants Hit By Cyber Attacks appeared first on Information Security Buzz.

The UK has already suffered stealth cyber attacks on more than 80 manufacturing plants, with criminals deploying tactics that could put critical national infrastructure at risk. In an anonymous survey of manufacturers, almost half admitted that they have fallen prey to cyber warfare, according to trade group EEF. IT security experts commented below.

Tim Erlin, VP at Tripwire:

“It’s important to distinguish between cyberattacks on manufacturers and cyberattacks on industrial control systems. While they may be related, they’re not the same thing. Any organization with connected computer systems may fall victim to cyberattacks across a broad spectrum of technologies, but attacks on the systems that control a manufacturing plant floor are much more specific. Of course, manufacturing isn’t the only industry using industrial control systems.

We have seen a rise in attack on control systems themselves, and the impact to the business of these attacks can be very direct. At the same time, cyberattacks in general continue to plague organizations around the globe.”

David Emm, Principal Security Researcher at Kaspersky Lab:

“The world isn’t ready for cyber-attacks against critical infrastructure, but attackers are clearly ready and able to launch attacks on these facilities – as this trend towards attacks on the manufacturing sector shows.

We’ve seen attacks on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals – cases where organisations have spotted attacks and acknowledged them. However, many more companies do neither, and the lack of reporting of these attacks hampers risk assessment and response to the threat. Security must be tailored to the specific needs of each organisation and be seen as an ongoing process. This is true also of the human dimension – tricking people into taking action that launches the initial exploit is as common in attacks on such facilities as it is in any other attack.”

The ISBuzz Post: This Post More Than 80 UK Manufacturing Plants Hit By Cyber Attacks appeared first on Information Security Buzz.

UK And US Issue Warning About Russia Hacking CNI

The ISBuzz Post: This Post UK And US Issue Warning About Russia Hacking CNI appeared first on Information Security Buzz.

Following news that the US and UK have issued a joint warning about sustained attacks to critical national infrastructure and internet service providers by Russian government agencies, ex-GCHQ security researcher turned entrepreneur, James Hadley, CEO at Immersive Labs commented below.

James Hadley, CEO at Immersive Labs:

“The UK is reaching a crucial point where cyber-attacks are constant. However it still struggles to provide a consistent level of capabilities to repeal attacks on a diverse supply chain, from the bottom upwards. Instead, the focus has been on a top down approach.

“For instance, the NCSC is one of the best in its field – but, of course, not everyone can be so elite. So, to some extent, the UK workforce is going to have to become that extra bit more cyber-aware to secure the entire supply chain. Indeed, there is no point having such high security for the crown jewels if the backdoor is left unlocked.

“This is why we have to get better at identifying those with potential for developing cyber security skills. Companies need to reach from within using advanced training platforms to discover who these people are, while universities can also unearth students with a knack for security through initiatives like the Digital Cyber Academy.  Even military veterans make ideal candidates for cyber security professionals as they are already trained to operate in highly secure and secretive environments. Not-for-profit, TechVets, offers veterans a route into the cyber security sector so organisations can tap into a whole new talent pool.

“By breaking with convention and recognising cyber talent for what it is – which may not always be the formal route – we can start building this cyber support system that will ultimately strengthen the country as a whole.”

The ISBuzz Post: This Post UK And US Issue Warning About Russia Hacking CNI appeared first on Information Security Buzz.

Teen Charged In Nova Scotia Government Breach

The ISBuzz Post: This Post Teen Charged In Nova Scotia Government Breach appeared first on Information Security Buzz.

In response to the news that a 19-year-old is facing a criminal charge for downloading files from Nova Scotia’s freedom-of-information portal, Aaron Zander, IT Engineer at HackerOne commented below.

Aaron Zander, IT Engineer at HackerOne:

“There are two issues at hand. The first, a teen was able to possess large swaths of Personally Identifiable Information (PII) that he shouldn’t. He was only able to possess this after Nova Scotia had incorrectly been populating these from an un-redacted database and never thought to check the information itself. They then posted all of these documents on the web publicly for anyone to grab, again un-redacted. The Nova Scotian government noticed a large amount of documents being downloaded by the teen, and then decided that he was in fact in the wrong, when it was the government who facilitated the download furnished with data they provided. There was no way for the teen to know what the contents of all of those documents contained when he initiated the download.”

When does/doesn’t a bug bounty make sense for a company?

“Organizations should at the very least implement a channel for responsible disclosure so that should a vulnerability like this exist, it’s reported to the people that can fix it and resolved before being exploited by a criminal. It doesn’t make sense for a company to always offer monetary incentives or bounties from the start. The key to successful vulnerability disclosure and bug bounty programs is being able to manage the volume of reports that come with them. Internal security teams must have a clear and proven process for validating and resolving vulnerabilities efficiently before they allow contributions from outside their organization.”

Are they fairly common now? Are you aware of any governments that use them?

“HackerOne has over 1,000 customer programs currently who have paid out over $27 million to hackers for helping resolve more than 65,000 vulnerabilities to-date. More and more companies are adopting vulnerability disclosure and bug bounty programs, especially following the launch of Hack the Pentagon in 2016. The U.S. Department of Defense, Singapore Ministry of Defense and European Commission all have programs on HackerOne.”

Does it make sense for a government to use this technique?

“Because government agencies are so targeted and house so much sensitive information, it’s absolutely important for them to at least have a channel for hackers to disclose vulnerabilities whether they reward bounties or not. The U.S. Department of Defense has run several time-bound bug bounty programs like Hack the Pentagon, Hack the Air Force and Hack the Army, while also maintaining a vulnerability disclosure program in the background, which welcomes submissions for anyone all over the world and does not offer monetary incentives. In the first year, the U.S. Department of Defense resolved nearly 3,000 vulnerabilities.”

The ISBuzz Post: This Post Teen Charged In Nova Scotia Government Breach appeared first on Information Security Buzz.

Asia And Middle East Are Hotbeds For Malicious Cyber Activity

The ISBuzz Post: This Post Asia And Middle East Are Hotbeds For Malicious Cyber Activity appeared first on Information Security Buzz.

The Middle East and Asia have become the new hunting ground for malicious APT activity, with hackers using new techniques to target organisations according to new research. It was revealed that there had been a surge in the activities of Chinese-speaking hackers targeting government entities mainly in Taiwan and Malaysia, and CardinalLizard, which in 2018 increased its interest in Malaysia alongside an existing focus on the Philippines, Russia, and Mongolia. Chris Doman, Security Researcher at AlienVault commented below.

Chris Doman, Security Researcher at AlienVault: 

“Asia is certainly a heavily targeted region, but this has been the case for a number of years. It may be that as targeted activity in the West drops off somewhat, by contrast Asian activity seems higher.

By AlienVault’s metrics, we’ve seen North Korean attackers as the most reported on this year in terms of individual campaigns that have been analysed.

We’ve seen both North Korean and some Chinese groups move from primarily espionage based attacks to additionally executing financially motivated attacks, such as crypto-currency mining.

It’s difficult to imagine hackers from North Korea not being directed in some form by the state, even though many now operate outside of the country itself.

In the case of Chinese attackers, it may be that they are trying to supplement income that they used to receive from the state but no longer do.

It’s interesting seeing an uptick in activity from China on Asia. That seems to have been a continuing trend over the past couple of years, as targeting of the West by Chinese hackers has decreased and they have looked to move onto other targets.”

The ISBuzz Post: This Post Asia And Middle East Are Hotbeds For Malicious Cyber Activity appeared first on Information Security Buzz.

Data Firm Left 48 Million Data Profiles Exposed On AWS Server

The ISBuzz Post: This Post Data Firm Left 48 Million Data Profiles Exposed On AWS Server appeared first on Information Security Buzz.

LocalBlox, a company that scrapes data from public web profiles, has left the details of over 48 million users on a publicly accessible Amazon Web Services (AWS) S3 bucket. IT security experts commented below.

Christopher Littlejohns, EMEA Engineer at Synopsys:

“Whilst this data breach has strong similarities to multiple other AWS misconfiguration issues that resulted in data breaches, and the data was “publicly available”, the data captured was interesting in that it consolidated personal information scraped from thousands of web sites. The net result is that it made it easy for an attacker to gain access to a pool of data that would be valuable for subsequent social engineering attacks, account hacking and identity fraud. Any company that collects, consolidates, but does not adequately secure such data is essentially exposing people to higher risk of being targeted. They therefore have an even stronger duty of care as they are effectively creating developed intelligence on people that can be used for criminal purposes.”

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“Massive breaches through unsecured AWS S3 buckets continues to be a troubling trend. While cloud providers take care of certain aspects of security, it is imperative that organisations ensure they are doing their part to ensure the security of data that is uploaded. As with other aspects of security, cloud environments need to be continually monitored and the security assessed. Otherwise organizations have no assurance as to whether the data is secure or not, and can be left exposed for long periods of time.”

The ISBuzz Post: This Post Data Firm Left 48 Million Data Profiles Exposed On AWS Server appeared first on Information Security Buzz.

Grenfell Data Breach

The ISBuzz Post: This Post Grenfell Data Breach appeared first on Information Security Buzz.

In light of the news surrounding the UK Data Watchdog fine for Kensington and Chelsea council following the Grenfell data breach, Jon Fielding, Managing Director, EMEA at Apricorn commented below.

 

Jon Fielding, Managing Director, EMEA at Apricorn:

 

“This was obviously an honest mistake compounded by the tragic circumstances surrounding it.  However, it does serve as a reminder that both public and private sector organisations must get a handle on both their data and the processes around it in advanced of GDPR compliance being enforced next month. GDPR broadens the definition of personal data whilst extending the rights that the citizens have over it and all enterprise should ensure they are ready and able to comply.” 

The ISBuzz Post: This Post Grenfell Data Breach appeared first on Information Security Buzz.

Organisations Preventing 87% Of Focused Cyber Attacks Globally

The ISBuzz Post: This Post Organisations Preventing 87% Of Focused Cyber Attacks Globally appeared first on Information Security Buzz.

Organisations are getting much better at stopping cyber-attacks, but still suffered on average 30 security breaches last year, causing damage or data loss, according to Accenture. It found that 87% are now preventing “focused” attacks, up from 70% last year, but that still leaves 13% of online raids penetrating defenses. Dr Anton Grashion, Managing Director, Security Practice at Cylance commented below. 

Dr Anton Grashion, Managing Director, Security Practice at Cylance:

Q.What surprises you the most about the findings from this research?

A.The most surprising finding is the increase in detection rates. We routinely find malicious code residing in organisations that has had a dwell time in hundreds of days and indeed data in the latest Verizon DBIR points to discovery being closer to months rather than under a month. Having said that, organisations are probably getting better at detection but unfortunately often at the expense of at first preventing them. It is often a case of too little too late to rely on a detect and respond strategy in today’s threat landscape. The report also points out that investment in new technologies is lagging behind the assumed improvements they can deliver. Now this isn’t surprising as AI and machine learning have created a bandwagon effect that has seen vendors scrambling to claim that they have AI/ML. Checking out the claims can be time consuming and often descends into arguments about the sematic use of terminology rather than an examination of fundamental data science credentials or even testing the claims for themselves.

Q.What advice would you give to organisations to avoid being breached?

A.Start with a robust predictive prevention strategy. The more you can stop before you need to start looking for indicators of compromise fundamentally changes the economics of cybersecurity. Detection and response is undeniably necessary but never has it been more true that an ounce of prevention is worth a pound of cure.

The ISBuzz Post: This Post Organisations Preventing 87% Of Focused Cyber Attacks Globally appeared first on Information Security Buzz.

New Report Reveals Record Levels Of Identity Fraud In 2017

The ISBuzz Post: This Post New Report Reveals Record Levels Of Identity Fraud In 2017 appeared first on Information Security Buzz.

Identity fraud hit an all-time high, with almost 175,000 cases in 2017, according to a new report from Cifas that was released today. Lisa Baergen, Director at NuData Security, a Mastercard Company commented below.

Lisa Baergen, Director at NuData Security:

“Financial fraud offers a lucrative source of income for cybercriminals, with 4.7 million fraud incidents last year. With such tempting promise of high reward and low prosecution rates, emboldened cybercriminals and have grown in their sophistication, exploiting the human-interest factor by posing as banks or suppliers and then duping consumers into revealing their personal details. These scams have also proved effective in targeting commercial organisations, as senior executives have been tricked into revealing sensitive information which enables access to a company network.

All forms of identity fraud are appallingly high in the UK and the damage inflicted on the public continues to grow. Unless the UK wants to see these rates climb ever higher, institutions, governments, and private companies must take these threats as seriously as other forms of crime. Multi-layered solutions are available now in the marketplace that can help mitigate much of this type of cyber fraud. Organisations that transact online, such as banks, eCommerce stores, travel agencies and other vendors can take a more nuanced approach to authentication by evaluating as much contextual information about customer’s interactions as possible to determine if it truly is the right user. Multi-layered technology that includes passive biometrics and behavioural analytics can distinguish good from bad users even when new devices and correct credentials are used because they rely on a different set of data – the customer’s behaviour. Removing the value of stolen credentials from the hands of criminals can re-balance the online identity proofing environment for consumers and organisations.

The increasing volume of attacks globally has also been attributed to more fraudsters willing to commit the crime, more data available on the black market, and more financial institutions and merchants that are vulnerable to attacks. To combat these types of attacks, consumers should always report emails to their banking provider. No legitimate organisation will ask for security or banking details through email, so consumers need to be suspicious of any email that requests this information.

Meanwhile, there are steps that consumers can take to help secure themselves:

  • Shop with well-known companies online or use safe payment systems to avoid providing your payment details directly to an unknown merchant.
  • Use a strong, unique password at every site and make sure to change your passwords regularly.
  • Don’t use public computers or free, unencrypted Wi-Fi to conduct financial or retail transactions or interactions.
  • Don’t fall victim to email and phone scams; where a consumer receives a call from “their bank” asking for personal or financial account information. If it looks too good to be true, it most likely is. When I doubt, call the bank directly, based on the number printed on the back of your card, or on a recent statement.

The ISBuzz Post: This Post New Report Reveals Record Levels Of Identity Fraud In 2017 appeared first on Information Security Buzz.

TaskRabbit Takes Down App And Website After Getting Hacked

The ISBuzz Post: This Post TaskRabbit Takes Down App And Website After Getting Hacked appeared first on Information Security Buzz.

TaskRabbit, a web-based service that connects freelance handymen with clients in various local US markets, has emailed customers admitting it suffered a security breach. The company has taken down its app and website while law enforcement and a private cyber-security firm are investigating the incident. IT security experts commented below.

Tim Helming, Director of Product Management at DomainTools: 

“This is an indication of how comprehensively nefarious actors can interfere with business functions–and potentially harm users. To take control of a website and expose such trusted resources as TaskRabbit’s GitHub repository, as well as daily transaction volumes and information regarding employees, the threat actors must have had comprehensive access to the network. While we don’t yet know the specifics of how this attack unfolded, it is a good reminder of the importance of practices such as least-privilege access controls, robust network segmentation, and strong phishing controls. Organizations need to take cybersecurity seriously, particularly when it could affect the livelihood, reputation and privacy of both employees and service users.

Bob Egner, VP at Outpost 24:

“This attack happened because the TaskRabbit data is an interesting and valuable asset.  Attacks of this nature are attempted when there is a potential gain for the attacker in this case, to monitize any personal information that can be obtained.  All web applications are vulnerable, it’s only a matter of how much effort the attacker is required to expend.  It’s really an economic problem where the payback has to be larger than the expended effort.

Any public facing web application that holds large amounts of personal information should have a comprehensive application security testing program in place to assess the application, it’s data stores, the infrastructure on which it runs, and the users assigned to manage and operate the overall system.  Any weaknesses should be remediated in a prioritized way so that the potential for attack is reduced to the lowest possible level and maintained there.  The focus should be on the economic equation, where the effort required to compromise the system is much greater than the value of any stolen information.”

Paul Edon, Director at Tripwire:

The TaskRabbit hack is an unfortunate reminder of why phishing is a popular attack method as it targets human naivety. Individuals must show extreme caution to all links and attachments sent to them and have the mindset that if it looks too good to be true, then avoid it at all costs. Organisations also have a role to play in reducing the threat posed by such attacks. Take a proactive step by implementing security services that offer anti-phishing services as well as introduce training for employees to understand the consequences of clicking unknown emails. Hackers are constantly developing new tricks to dupe unsuspecting users, so organisations must adopt a pro-active stance to help reduce the threat.

Rob Tate, Security Researcher at WhiteHat Security:

“TaskRabbit is a great example of how small businesses can thrive thanks to the popularity and widespread use of apps in today’s modern world, and consumers can find services in just a few clicks. To stay ahead of the game in terms of usability and enhanced features, apps are continuously being updated. Although this is beneficial to both businesses and consumers, security must not be an afterthought and needs to be an integral part of the build process.

At WhiteHat, we are seeing practices such as DevSecOps become increasingly popular as organizations and businesses of all sizes look to focus efforts on securing their applications, but a lot more still needs to be done to achieve the security required. Because a security breach could reflect poorly on the acquiring company, there are key areas that could make your organization vulnerable to a breach, and they are often overlooked.

For example, it’s critical that the company being acquired take the proper measures to build security into their development practice, and that due diligence on the security of acquisitions of big software programs or cloud services be done. The same holds true for open source software or libraries that are being brought into your company’s development organization.

Companies should always first assume the service/application is not secure, and then apply security best practices to make sure it becomes secure as they use it to build apps or services.

Security is also important for consumers. There are some simple steps they can take to help secure themselves online:

  1. Don’t use the same password for all sites and apps. If one site or app is breached, all of your accounts are effectively breached. At the very least, use a variety of passwords to minimize the impact.
  2. Turn on two-factor authentication for any app that supports it. It can be a pain, yes, but it’s also one of the best ways to protect your accounts,”

The ISBuzz Post: This Post TaskRabbit Takes Down App And Website After Getting Hacked appeared first on Information Security Buzz.

Russian Cyber Threat

The ISBuzz Post: This Post Russian Cyber Threat appeared first on Information Security Buzz.

Days after the missile strike on Syria, GCHQ and the FBI have warned of a potential retaliation by Russia– in the form of a cyber attack. The NCSC is on high alert and concern is growing among executives who fear severe disruption of critical infrastructure. IT security experts commented below.

Bill Conner, CEO at SonicWall:

“Cyber attacks like WannaCry and Not-Petya demonstrate governments can and will, use nefarious means to target critical national infrastructure of nation states. There is no doubt that Russia has the ability and the motive to deploy this kind of attack on the West. Many other nation states have this ability too. That said, it is not just national infrastructure at risk. For many state-sponsored hackers, business and governmental department disruption is top of the agenda, much like the NHS attack.”

“As the cyber-arms race continues to escalate, there is increasing pressure on the US and UK governments to truly understand the nature of malware cocktails – the process of mixing threats to concoct brand new, destructive attacks. The risks to businesses and even everyday citizen’s data grow each day. Governments and businesses need to deploy a layered security approach utilizing next generation firewalls, deep packet inspection for encrypted communication, cloud-based multi-engine cloud sandboxing, advanced real-time deep memory inspection, and next generation end-point security with rollback capability.”

Matt Walmsley, EMEA Director at Vectra:

“With stories reporting routers in the USA and UK being compromised by foreign nation states, and a recent increase in security preparation for possible large scale cyber-attacks, enterprises should take another look at how they’re securing their network infrastructure.

Don’t leave the door wide open – No software is perfect so make sure you’re up-to-date with software updates and patches for your network infrastructure. Then make sure you’re not exposing your equipment’s management interfaces and ensure you have changed the default admin credentials. For perimeter devices with internet connectivity this is doubly important.  This may seem like “cybersecurity 101” advice but, only last month, default settings in some Cisco switches allowed over 168,000 devices exposed to the internet to be identified as vulnerable to illicit remote command execution via an admin protocol.

Your firmware may not be that firm – Advance attackers will seek to compromise the underlying firmware of their target platform. Even if you have robust OS level security controls, threats such as Sub-OS rootkits will remain undetected. However, with recent advances in AI-based behaviour threat detection we can now spot in real-time the very subtle signals attackers use to perform command & control (C2) orchestration to devices that have compromised firmware by looking for the attacker’s “knocking” signals hidden within legitimate communications.  With that actionable insight, platforms can be completely reset and their firmware, OS images, and configs reloaded from known good sources.”

The ISBuzz Post: This Post Russian Cyber Threat appeared first on Information Security Buzz.

NHS Criticised For Not Improving Security A Year On From WannaCry

The ISBuzz Post: This Post NHS Criticised For Not Improving Security A Year On From WannaCry appeared first on Information Security Buzz.

The UK government and NHS are facing criticism from MPs for failing to implement security measures a year on from WannaCry. Tony Pepper, CEO at Egress commented below. 

Tony Pepper, CEO at Egress: 

Tony Pepper“It is deeply concerning that little progress has been made to improve security in healthcare in the past year. WannaCry was, quite literally, a big shock to the system but given the state that the NHS’s security was in, an incident on that scale was inevitable. WannaCry was not the most sophisticated attack – it was just the first at that level – and, given today’s statements, I’d bet that cyber criminals are working on developing new malicious tactics to outpace safeguards. The NHS cannot afford to drag its feet. Not only is the healthcare industry at risk of becoming a big bullseye for cyber criminals but on a more fundamental level, poor data practices can put the public’s sensitive information at risk day-to-day of misuse, employee errors, and accidental leaks.”

The ISBuzz Post: This Post NHS Criticised For Not Improving Security A Year On From WannaCry appeared first on Information Security Buzz.

‘Lazy Hackers’ Turn To Automated Attack Tools

The ISBuzz Post: This Post ‘Lazy Hackers’ Turn To Automated Attack Tools appeared first on Information Security Buzz.

The BBC today ran a story covering how cyber-attackers are now turning to tools that automate the process of finding and hijacking vulnerable servers.The study used a fake server known as a honeypot to log everything done to it by digital intruders. Put online by security firm Cybereason, the server was quickly found and hijacked in seconds by a bot that broke through its digital defences.

To make the fake server look more convincing, Cybereason thought up a company name, generated staff identities and spoofed network traffic. This helped it pass the “sniff test” and convince bots it was a target that was worth their attention. About two hours after the server for the fake finance firm was put online it was found by a bot which then aggressively set about taking it over. Passwords to protect some of the server’s functions were left intentionally weak to tempt the bot which duly cracked them and then went on to plunder information on the machine. IT security experts commented below.

Oliver Pinson-Roxburgh, EMEA Director at Alert Logic:

“Alert Logic did some research on autosploit, a new tool that automatically looks for assets to hack on the internet, and then automatically hacks the systems. Our research was to see if this new tool generated interest in the hacker community. We would have expected to see an increase in attacks against our customers generally due to its release, and while we haven’t quantified what impact this might have had, we have at least a supposition that it would increase attacks.

I am not surprised that organisations are starting to see this behaviour It’s likely due to attackers using miners more and more as a way to monetise attacks. We see the miner malware automatically looking to identify other miners in the environment and shut the current hackers down in order to spin up their own systems. They are also looking to stay persistent for as long as possible in an asset, as controls on the cryptocurrency side starts to improve ways to detect what a valid miner looks like.”

Sammy Migues, Principal Scientist at Synopsys:

 “In my day, a “hacker” was someone who would spend two hours coding up some elegant script so that they wouldn’t ever have to do 10 minutes of tedious labour ever again. Even though “hacker” is “attacker” now, the mindset hasn’t changed. Only a person incapable of actual hacking (such as writing clever scripts) would ever do all those steps manually and that person is probably not an attacker to be feared.

In theory, time is on the organisation’s side and their brilliant and comprehensive logging and attack management would catch the breach by the second or third step. When it’s automated, the entire attack might occur within the window that their logging and SIEM can turn data into knowledge into calls to action.

If your electronic “attack surface” has one or more vulnerabilities that are known long enough for someone to string together multiple exploits into one bot that still works, then you’ve made an error in how you prioritize repairs, or in asset management, or something like that.

So, yes, someone “weaponised” a set of attacks into something a great many less capable “attackers” can use. Hello, 1988 called and they want their Morris Worm back. Zero-days aside, by the time this happens, you probably should have patched. Considering the chain of exploits required here (for this purposely vulnerable honeypot), when that exists for real, it’s almost always because someone isn’t keeping up with the risk management, which would drive their patching, firewalling, WAFing, and so on. This is not victim blaming. There’s a reason why we inspect cars and keep the unsafe ones off the road…haven’t quite figured out how to do that with a lot drivers, however.

So, why do attackers lick their chops and run their bots? Because they can…”

Kelvin Murray, Senior Threat Research Analyst at Webroo

“Hackers always look at the latest technology. Automation technologies are changing the game for attackers, allowing them to mount more complex and sophisticated attacks at scale in seconds. Although it will take many years before hackers employ powerful AI to inflict damage upon systems and services autonomously, smart programming and even machine learning can be more readily weaponised in the medium term. These attackers appear to have successfully removed the human labour required to complete a successful breach, using a bot to identify and attack a decoy – which is worrying news.

“Cyber criminals largely operate a numbers game. More attempts to access data or capture information fundamentally translates to an increased likelihood of successfully making money. It really is no surprise that the more tedious aspects of stealing from a business have been automated. Completely taking over a business without secured RDP is very easy to do and to implement this in code wouldn’t be tough. We recommend securing your endpoints against RDP breaches immediately. Proper password policy is of course something that would also protect against these kind of attacks. A combination of an intelligent approach to security and the latest defence technologies will help organisations stay one step ahead of the bad guys – even if they are automating their attacks.”

The ISBuzz Post: This Post ‘Lazy Hackers’ Turn To Automated Attack Tools appeared first on Information Security Buzz.

UK Could Become A Leader In AI But Not At The Price Of Data Rights Or Privacy Of Individuals

The ISBuzz Post: This Post UK Could Become A Leader In AI But Not At The Price Of Data Rights Or Privacy Of Individuals appeared first on Information Security Buzz.

The report issued today by the House of Lords Committee, warns that the UK has what it takes to become a world leader in the development of artificial intelligence, but such new technologies should not come at the price of data rights or privacy of individuals, families or communities, David Emm, Principal Security Researcher at Kaspersky Lab commented below.

David Emm, Principal Security Researcher at Kaspersky Lab:

“The use of technology brings great benefits – especially so in the case of artificial intelligence and the opportunities this presents. Consumers are clearly prepared to trade their data for the convenience of access to a free product or service.  Moreover, the proliferation of smart devices in the home and elsewhere means that more and more personal data can be casually captured and used.  However, this shouldn’t come at the expense of people’s privacy or security.

Consent is a key factor here – ensuring that people offer informed consent before their data is captured, used or passed to third parties.  It’s to be hoped that GDPR and its application by the ICO (and similar bodies in other countries) will ensure that this is done. Ethics in AI shouldn’t be an afterthought, regardless of how ‘smart’ a system is.  It’s also important to remember that the same data is valuable to cybercriminals.  So, it’s also essential that companies that hold data, of whatever kind, take the necessary steps to secure it.”

The ISBuzz Post: This Post UK Could Become A Leader In AI But Not At The Price Of Data Rights Or Privacy Of Individuals appeared first on Information Security Buzz.

Pub Giants Wetherspoon Have Shut Down Their Facebook, Instagram And Twitter Pages

The ISBuzz Post: This Post Pub Giants Wetherspoon Have Shut Down Their Facebook, Instagram And Twitter Pages appeared first on Information Security Buzz.

Following the news reports that UK pub giant J D Wetherspoon has shut down down their Facebook, Twitter and Instagram pages for all 904 of their pubs and their head office. The move comes after the ongoing controversy over data leaks at Facebook. Evgeny Chereshnev, CEO and Founder at Biolink.Tech commented below.

Evgeny Chereshnev, CEO and Founder at Biolink.Tech:

“One of today’s modern misconceptions is that social media (SM) is essential for business. The truth is, most companies totally mix cause and effect; they invest lots of money in SM as if those channels were a business goal in itself, but in reality SM is just a tool for talking and listening to your clients. Is social media the only way to perform those two tasks? Definitely not. There are numerous examples of companies being weak or absent across social media and still remaining insanely successful at the same time. Apple, for example, has never run contests or produced a huge amount of content for Facebook and it is still able to sell billions of devices. Same with Google, Tesla or SpaceX…and the list goes on.

“The reason for such behaviour is very simple to explain: Most companies prefer to talk (whilst not really having anything important or valuable to say). As a result, a huge amount of content is being produced every day by tens of thousands of Facebook business pages and, in most cases, this is a total waste of money and time. Seriously – every human being has a cap on how much information he or she a) can handle during the day b) wants to read to start with! Most content produced by businesses is never even read. Even when you as a company seem to have likes and shares for a promoted post, those are often just bots. The truth is , when you are a company that has something truly unique and valuable to say, people will always find a way to get in touch with you. They either will come to your blog or get information from a traditional source like a well-known and trusted media outlet. On the SM front, people may subscribe to a CEO’s private channels, which is way more credible. If a CEO puts their name on something, they rarely put out bad content so as not to be associated with it! Elon Musk’s account is a pretty good illustration of my point.

“Put simply, organisations need to have the guts to cut all the BS from their working and communication strategy. Every time a company wants to say something, they should ask themselves whether this content has real value for the readers (not the company’s PR department!). Then businesses have to remember that at the end of the day it’s not about them, but about people. Focus on the quality of the product, do not lie, do not have hidden fees, reply to your clients on your website, blog or mobile app to show that you care. So, focus on what you do and how you do it; not where.

“The way most companies run SM is a total waste of time and money. They post content that has zero value to the readers, produced by the teams who do not care about hitting the right MBOs. But, don’t get me wrong, SM can be a very productive activity for business. But unfortunately creativity is not scalable. Great SM managers and leaders are a rare breed, but a lot of them get exhausted over time and stop being quite so great. The SM ecosystem is actually a very complex thing to set up and maintain, and there is literally only a handful of people who can lead global SM teams effectively. That’s why most of the SM activities are compensated with paid ads. Content quality is irrelevant; when you pay Facebook, you’ll get your views, but are those views good for business? In most cases the value is close to zero.

“Is Instagram popular by being active in Instagram itself?  Is Tesla’s $50 billion valuation the result of having an amazing Facebook page? Are people eating McDonald’s food because they do an amazing job promoting themselves via YouTube? The answer is no. Even with no SM channels, or limited activity on SM channels, every business can be popular. All it needs is the right digital strategy based on true values, not tools of execution.”

The ISBuzz Post: This Post Pub Giants Wetherspoon Have Shut Down Their Facebook, Instagram And Twitter Pages appeared first on Information Security Buzz.

Cyber Security Skills Shortage Blamed For Halt In Cloud Adoption

The ISBuzz Post: This Post Cyber Security Skills Shortage Blamed For Halt In Cloud Adoption appeared first on Information Security Buzz.

Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to the third annual report on cloud security from cybersecurity firm McAfee. Craig Young, computer security researcher at Tripwire commented below.

Craig Young, Computer Security Researcher at Tripwire: 

“Cloud is just a fancy way of saying you rely on someone else’s hardware. This is not a decision which should be made lightly and while there are many firms advertising turn-key cloud solutions, I don’t think organizations should rush into the cloud without understanding enough to have confidence in the security model. This data is demonstrating that enterprises are rightly concerned about the risks of putting their customer data on systems they do not physically control.

There are however some things organizations can do to improve the situation. Penetration testing is always a good first step but it is crucial to engage the cloud provider in this process to avoid legal trouble. Penetration tests of a cloud environment could inadvertently affect the provider’s other customers. Businesses serious about moving into the cloud will also want to build up internal skills to better assess concerns about cloud security. Hacker conferences like Black Hat and DEF CON are a great place to learn about offensive and defensive security techniques related to the cloud.

The ISBuzz Post: This Post Cyber Security Skills Shortage Blamed For Halt In Cloud Adoption appeared first on Information Security Buzz.

Threat Of Russian Cyber Attack

The ISBuzz Post: This Post Threat Of Russian Cyber Attack appeared first on Information Security Buzz.

Russian hackers are targeting millions of devices around the world to spy, steal information and build networks for potentially devastating future cyberattacks. IT security experts commented below.

Gavin Millard, Technical Director at Tenable:

“Irrelevant of who the threat actors are or their motivations, the existence of an easily exploited vulnerability on critical infrastructure connected to the internet should be addressed immediately. As stated in the technical alert, if a threat actor can gain privileged access to a router, the options for further exploitation are endless.

“It’s important to note, even though the recently disclosed Cisco Smart Install vulnerability doesn’t affect routers, unfortunately there are over 100,000 switches that could be vulnerable currently exposed to the internet. Similar to MS17-10, the vulnerability in SMBv1 leveraged for the global Wannacry attack, these flaws affect protocols that should never be exposed to the internet but frequently are due to a lack of basic security hygiene.

“Owners and operators of MOXA EDR-810 industrial routers, frequently deployed to secure highly critical environments, should take particular note of this advisory as a slew of recently disclosed vulnerabilities could lead to many of the issues outlined.

“The guide from the joint task force includes some good best practices that should be enforced to reduce the chance of a router falling under the control of an attacker, irrelevant of their country of origin or motivation. Continuous visibility of what corporate systems are exposed to the internet, how well they are configured against security best practices (CIS or NIST for example), and whether they are affected by any known vulnerabilities should be part of every robust security program.”

Anthony Chadd, Senior Director, EMEA at Neustar:

“Today’s warnings regarding the Russian hacking offensive, which highlight the probability of Kremlin-backed cyber-experts sitting invisibly on networks with the hope of collecting information, should come as no surprise.

“We are already aware that the Russians are armed with the vast capabilities, resources and motives to steal classified information from governments, and are able to unleash disruption to key industries globally. But today’s news highlights the increasing intensity of the Russian offensive, as it has been revealed that Kremlin cyber-experts have been proactively targeting routers in British homes, scanning for weaknesses such as obvious passwords and expired anti-virus software.

“With such an obvious imposition on US and UK security, it is of the greatest importance that the push for key industries to strengthen their cyber-defences are put in place – fast. This includes deploying efficient technologies and ensuring key processes are up to scratch. However, these marching orders should not just apply to the government, but also society as whole. Every citizen should be proactive in their own cyber-defence, but US and UK governments must make educating the general public a priority, reinforcing the necessity for effective usernames and passwords to prevent their data getting into the wrong hands.

“Beyond that, in order to be proactive in their cyber defences, both citizens and businesses should be aware of the importance of securing any IoT technologies, which is considered to be a crucial first point of defence. This involves ensuring that the proper procedures are in place and that anti-virus software in every device is updated frequently.”

Ross Rustici, Senior Director of Intelligence Services at Cybereason:

“Although tensions with Russia are at an all-time high, the threat of retaliatory cyber-attacks against the UK and its allies is overblown.

“We are likely to see increased disinformation campaigns and some low-level activity by apparently independent groups, but nothing that breaks Russia’s usual plausible deniability. We may also see some cyber activity within the Syrian theatre, such as jamming communications, but nothing which targets nations directly.

An unconcealed, high-level attack on UK infrastructure such as a powerplant would cross a red line into open warfare. Russia’s failure to interfere with the airstrike itself indicates that Putin is not yet ready to escalate and risk a war breaking out. Nobody wants to see these nuclear powers go toe-to-toe in a real conflict.”

The ISBuzz Post: This Post Threat Of Russian Cyber Attack appeared first on Information Security Buzz.

McAfee Cloud Report

The ISBuzz Post: This Post McAfee Cloud Report appeared first on Information Security Buzz.

Today McAfee releases its annual report examining the current state of cloud adoption, with in-depth analysis exploring how organizations are using cloud services today, where they plan to take their services next, how quickly they think they can get there and their methods for dealing with critical obstacles. McAfee uncovered that the lack of trained cybersecurity professionals is causing forty percent of IT leaders to slow cloud adoption.

To make up the difference, businesses and governments are partnering with consultants, managed service providers, and their cloud providers to augment and magnify in-house capabilities to better position themselves against attacks when short-staffed.

Timed with this report, McAfee will also be announcing cloud-centered updates to its solutions portfolio. Through these solutions, organizations  are able to reduce the number of technologies deployed to protect cloud environments.

Key Findings:

  • Ninety-seven perfect of organizations use cloud services (public, private, or a combination of both), up from ninety-three percent one year ago
  • Sixty-five percent have a cloud-first strategy, down from eighty two percent one year ago
  • Eighty-three percent store sensitive data in the public cloud but only sixty nine percent trust the public cloud to keep their sensitive data secure
  • Forty percent of IT leaders are slowing cloud adoption due to a shortage of cybersecurity skills
  • One-in-four respondents have experienced data theft from the public cloud (found for both Software-as-a-Service and Infrastructure-as-a-Service)
  • One-in-five respondents have experienced an advanced attack against their public cloud infrastructure

Nigel Hawthorn, Data Privacy Expert at McAfee commented below. 

Nigel Hawthorn, Data Privacy Expert at McAfee:

“The implementation of the incoming GDPR, due to come into force in just over a months’ time, will affect cloud users around the world. Becoming GDPR compliant requires a combination of knowledge, processes, policies, technology and training, as well as detailed understanding of data flows to and from third parties and cloud services. With this in mind, it is concerning that only half of the respondents stated that all of their cloud providers have a plan in place for GDPR compliance.

“Businesses must confidently understand GDPR compliance gaps and implement necessary controls to address them across all cloud services – including the likes of Office 365, Box, Salesforce and Slack, as well as custom applications running in public infrastructure-as-a-service platforms. The extensive requirements it will introduce will be a welcome addition to those 56% of professionals surveyed who had tracked a malware infection back to a cloud application. Whether intentional or accidental, one of the biggest cyber threats is from those inside the organisation. However, data can be effectively protected by restricting sensitive information to only managed devices, using behavioural analytics to detect any unusual activity, and having plans in place to react quickly to correct any threats in the event of a breach in the cloud.”

The ISBuzz Post: This Post McAfee Cloud Report appeared first on Information Security Buzz.

2.6 Billion Records Were Stolen, Lost Or Exposed Worldwide In 2017, An Increase Of 88% From 2016

The ISBuzz Post: This Post 2.6 Billion Records Were Stolen, Lost Or Exposed Worldwide In 2017, An Increase Of 88% From 2016 appeared first on Information Security Buzz.

Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013. Chris Doman, Security Researcher at AlienVault commented below.

Chris Doman, Security Researcher at AlienVault:

“I’d take the high level numbers in the report with a pinch of salt. The yearly trends depend primarily upon large breaches, like Yahoo, that can distort the numbers.And these total numbers don’t include non-public breaches – which still make up the majority of breaches. Nor is it a complete account of all the public breaches, with multiple breaches identified every day.

Often smaller breaches of sensitive data are far more damaging than breaches of large amounts of typically non sensitive data such as email addresses. To be fair, Gemalto do go on to break down individual breaches based on the severity of the data lost.”

The ISBuzz Post: This Post 2.6 Billion Records Were Stolen, Lost Or Exposed Worldwide In 2017, An Increase Of 88% From 2016 appeared first on Information Security Buzz.

Telegram Banned In Russia After Refusing To Hand Over Encryption Keys

The ISBuzz Post: This Post Telegram Banned In Russia After Refusing To Hand Over Encryption Keys appeared first on Information Security Buzz.

It has been reported that Telegram has been banned in Russia, after they refused to hand over encryption keys. Russia’s main security agency, the FSB, has said Telegram is the messenger of choice for “international terrorist organisations in Russia”. A suicide bomber who killed 15 people on a subway train in St Petersburg last April used the app to communicate with accomplices, the FSB said last year. The app is also widely used by the Russian authorities, Reuters news agency reports. Lee Munson, Security Researcher at Comparitech.com commented below.

Lee Munson, Security Researcher at Comparitech.com: 

“Even though only a miniscule proportion of Telegrams 200 million or so users would ever dream of doing anything wrong, let alone committing terrorist atrocities, the Russian government has successfully trampled what appears to be a constitutional right to privacy and free speech for its citizens by blocking the app.

Though its request for encryption keys was unlikely to have a meaningful impact on crime or terrorism anyway, the county’s media regulator took its legal bull into the china shop of secure communications in a way that British home secretaries can only dream about.

The upshot of this move, of course, is that many innocent civilians will lose the ability to secure their online chats while the bad guys will just choose an alternative app or create their own.

Given the fact that Russian officials also use Telegram, it is hard to see who, if anyone, actually wins or gains anything following this ruling.”

The ISBuzz Post: This Post Telegram Banned In Russia After Refusing To Hand Over Encryption Keys appeared first on Information Security Buzz.

Hackers’ Ability To Steal Credentials Through A Microsoft Outlook Flaw

The ISBuzz Post: This Post Hackers’ Ability To Steal Credentials Through A Microsoft Outlook Flaw appeared first on Information Security Buzz.

Hackers could steal credentials through a Microsoft Outlook vulnerability (CVE-2018-0950) just by having victims preview an email in Microsoft Outlook. This vulnerability was discovered by Will Dormann of the Cert Coordination Center.* Justin Jett, Director of Audit and Compliance at Plixer  commented below.

Justin Jett, Director of Audit and Compliance at Plixer:

“With phishing attacks and flaws in software like the recent Microsoft Outlook vulnerability, users’ credentials are being stolen and collected by malicious actors at an alarming rate. Cybercriminals obtain these credentials and then gain a foothold on a corporate network by trying to access servers and computers. Because they know the credentials, they don’t try to brute force their way into a system. They simply try to connect once and move on, and they do this slowly over days, weeks, or even months. If they get in, they continue laterally trying to collect data from the system. Because there isn’t a brute force attempt to gain access, most alerting systems won’t detect these connections. By using network traffic analytics, security professionals can baseline normal credential use and detect when a user’s credentials have been used to try to gain access to a system that they normally don’t access.”

The ISBuzz Post: This Post Hackers’ Ability To Steal Credentials Through A Microsoft Outlook Flaw appeared first on Information Security Buzz.

Google Chrome And Mozilla Firefox Will Ship With Password-Less WebAuthn

The ISBuzz Post: This Post Google Chrome And Mozilla Firefox Will Ship With Password-Less WebAuthn appeared first on Information Security Buzz.

Following recent news that Google Chrome and Mozilla Firefox will ship with password-less WebAuthn enabled as their default identity authentication, Duo Security R&D Engineer Nick Steele, one of the leading researchers in the WebAuthn space, commented below.

Nick Steele, R&D Engineer at Duo Security:

“WebAuthn is the emerging standard pushing us towards a password-free world. One of the core components to the WebAuthn spec is the support of biometric authenticators, like smart phones with fingerprint readers, for registering and logging into sites on the web.  As biometrics become more widely used and normalized by the general public, WebAuthn will allow vendors to provide a safer and more secure method for login than passwords. This could help lead to a reduction in password-associated phishing, the effectiveness of password database breaches, and make users safer online.”

The ISBuzz Post: This Post Google Chrome And Mozilla Firefox Will Ship With Password-Less WebAuthn appeared first on Information Security Buzz.

Cybercriminal Use Of UPnP

The ISBuzz Post: This Post Cybercriminal Use Of UPnP appeared first on Information Security Buzz.

Cyber criminals are leveraging the Universal Plug and Play (UPnP) protocol found in all routers for various criminal activities. The latest report from Akamai* reveals that about 65,000 devices have already been compromised through the UPnProxy which can be used to redirect traffic to another IP address and the flaw can also be used to create a network of proxies that redirect traffic through tens or hundreds of IPs before reaching a final destination. Ashley Stephenson, CEO at Corero Network Security commented below.

Ashley Stephenson, CEO at Corero Network Security:

“Millions of vulnerable systems exposing the uPnP service to the Internet have been leveraged as a common DDoS amplification vector for years using the SSDP protocol. The recent finding by Akamai that a subset of these vulnerable systems, specifically home routers, are also being hacked to provide malicious proxy services is not surprising. This new finding is likely to result in the operator of the vulnerable home router being leveraged as part of a hack in addition to being a potential participant in a DDoS attack. Yet another example of the challenges involved in securing your Internet access”

The ISBuzz Post: This Post Cybercriminal Use Of UPnP appeared first on Information Security Buzz.

NHS Struggling To Preapre For GDPR

The ISBuzz Post: This Post NHS Struggling To Preapre For GDPR appeared first on Information Security Buzz.

NHS is struggling to prepare for GDPR despite spending £1m. Matt Lock, Director of Sales Engineers at Varonis commented below.

Matt Lock, Director of Sales Engineers at Varonis:

“GDPR aside, the NHS will remain a high-value target for attackers due to the highly sensitive nature and the number of the patient healthcare records it holds. It must quickly get their house in order – not only to meet the GDPR but also to guard against the next ransomware attack. The WannaCry ransomware attack hit the NHS less than one year ago and its effects were devastating.

The challenges are real. Like many large healthcare systems, the NHS must deal with legacy infrastructure that was not designed to handle the volume of data and operating systems in use today. They’ve got to address and replace outdated and unsupported systems as a first step, and this costs money.

Spending £1m seems like a large investment, but after this funding is distributed across hundreds of facilities throughout the UK, the amount is likely to be far than adequate given the challenges facing the NHS. Organisations must stand accountable, address these issues and move forward quickly, perhaps faster than they may be accustomed to. Today’s technology and threats demand nothing less.”

The ISBuzz Post: This Post NHS Struggling To Preapre For GDPR appeared first on Information Security Buzz.

Crypto-Mining Corporate Networks

The ISBuzz Post: This Post Crypto-Mining Corporate Networks appeared first on Information Security Buzz.

The volume of crypto-mining transactions has grown, spiking almost 500% on corporate networks. Zscaler has blocked more than 2.5 billion crypto-mining attempts in the last six months. The spike, the firm said, is likely tied to the sharp increase in value of cryptocurrency (Bitcoin hit highs above $19,000 in December) and the fact that legitimate sites are adopting crypto-mining as a source of revenue instead of online advertisements. IT security experts commented below.

Itsik Mantin, Lead Scientist at Imperva:

“The impact of the crypto-madness on cybersecurity has two faces. The first is specific to the crypto-finance industry, which turned into a very tempting target for penetration, wallet hijacking and fake transactions. However, the impact of the second – using hijacked hosts of all kinds as platforms for crypto-mining – reaches practically everywhere. From web browsers unknowingly mining coins for the site they’re visiting, to websites that suffer code injection attempts due to attackers looking for powerful hosts for digging their gold. The cyber-monetization – the path from hack to money, is shorter today than ever before.”

Bob Noel, Director of Strategic Relationships and Marketing at Plixer:

“Cryptocurrency mining is a theft of CPU resources from the business. Web site response times are critical to customer satisfaction and retention, and companies spend millions of dollars on robust infrastructure to achieve that goal. Cryptocurrency mining steals CPU cycles from that infrastructure, negatively affecting the customer experience, potentially costing the business millions of dollars. It is important that organizations implement mechanisms to know when they have been infected. One way to do that is with software agents looking for unusual processes that consume CPU cycles. Another is to utilize network traffic analysis (NTA). CPU cycles are being used to answer math problems, and for the cybercriminals to monetize this, data must be sent across the internet to their servers. NTA provides a mechanism to scrutinize this traffic, looking for data, even a single packet, being sent to cybercriminal domains. If any of this traffic is seen, an immediate notification is sent to the security operations team alerting them to the crypto-mining in progress. They are able to remove it, and protect the business and more importantly, the customer experience.”

Nadav Avital, Security Researcher at Imperva:

“The latest research we conducted at Imperva, shows a clear bias towards crypto-mining attacks. In fact, 90% off all remote code execution attacks towards servers involve illegal crypto-mining activities. Also, since the reward is immediate, i.e. the money goes straight into the attacker wallet, we have seen a development in crypto-mining attacks – from simple scripts, to state sponsored exploits like eternal blue that are weaponized with crypto-mining payloads.”

.

Andy Norton, Director of Threat Intelligence at Lastline:

“The spike in traffic has nothing to do with Bitcoin’s value. It has everything to do with Monero, a general CPU friendly fungible currency creating a market for services like Coinhive to be injected onto websites, and usurp visiting browsers to mine XMR currency. The fact is that exploits are much harder to develop these days, so cryptojacking payloads offer a greater return on investment.”

The ISBuzz Post: This Post Crypto-Mining Corporate Networks appeared first on Information Security Buzz.

British Organisations Hit By ‘More Online Attacks Than Ever Before’

The ISBuzz Post: This Post British Organisations Hit By ‘More Online Attacks Than Ever Before’ appeared first on Information Security Buzz.

In light of the news today regarding a report from NCSC and NCA that found British organisations have been hit by ‘more online attacks than ever before’, Paul Farrington, Manager: EMEA Solution Architects at CA Veracode commented below.

Paul Farrington, Manager: EMEA Solution Architects at CA Veracode:

“As our dependency on software continues to grow, this creates a greater surface for hackers to attack and so it is no surprise that cybercriminals are targeting businesses at a higher rate than ever before.

If businesses want to reduce the risk from hackers, ensuring that their software is secure will be crucial. With research revealing that 77% of all software applications have at least one vulnerability when first scanned, businesses still have a long way to go in prioritising cyber security.

An effective way of keeping software secure is to test for vulnerabilities in web and software applications early and often. In this way vulnerabilities can be discovered and fixed before they can be exploited by hackers.”

The ISBuzz Post: This Post British Organisations Hit By ‘More Online Attacks Than Ever Before’ appeared first on Information Security Buzz.

Ransomware Still A Top Cybersecurity Threat

The ISBuzz Post: This Post Ransomware Still A Top Cybersecurity Threat appeared first on Information Security Buzz.

new report by Verizon revealed that ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR – and accounts for over 700 incidents. What’s more, Verizon’s analysis show that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests. IT security experts commented below.

Chris Day, Chief Cybersecurity Officer at Cyxtera:

“Cybercrime is profitable and hard to prosecute. Potential pay-outs can reach millions of dollars yet criminals operate in near anonymity. Even if a cybercriminal is prosecuted, which is rare, extradition is even less common. For criminally-minded groups, there is far less chance of getting ‘caught’ in the cyber realm and then in traditional criminal pursuits.

“Ransomware attacks will likely continue to plague us for some time because they require little effort. Cyber criminals only need access to pedestrian tools to carry out an attack. Cryptomining, on the other hand, requires enormous amounts of expensive compute power to pull off. That’s why we see rising numbers of attacks where the target is processing power. “

Ricardo Villadiego, CEO at Cyxtera Business:

“The reason why we are seeing more phishing than ever before is simple: they still work very well. Because they appeal to the curiosity of the human, using clever social engineer tactics, they are still very successful. In addition, attackers use more advanced techniques, making it harder for humans to spot the attacks, which is why security standards like DMARC, can make a big difference.

“Organizations will not be able to mitigate phishing attacks if they focus on fraud losses exclusively. Their protection strategy needs to be comprehensive in nature and phishing is the beginning of many fraud schemes and data breaches. Fraud losses are the consequence. As we work with more than 3,500 organizations around the world, we see that relentless and comprehensive monitoring of internet threats becomes very effective. You don’t need to make it impossible for cybercriminals to impersonate you – just expensive, inefficient and unprofitable, as they normally go for easy targets. “

Sean Newman, Director at Corero Network Security: 

“Whilst other vendors offer different perspectives on the DDoS threat landscape, Verizon’s most recent Data Breach Investigation Report closely aligns with what we are seeing at Corero – DDoS attacks are not diminishing in quantity and they are not generally as large as most might expect.  However, they are equally as damaging!

“Although DDoS is not in the news every day, Verizon reported 21,409 attacks over the past year – almost 60 a day. Corero DDoS research, looking at a larger sample size of more than 100,000 attacks per year, observed similar patterns. In fact, many attacks are now coming from cybercriminals who are financially motivated. Therefore, it’s no surprise that most attacks are reported against the Finance, Insurance and Retail industries. For online companies where it is critical to have 100% uptime, DDoS technology which can detect and automatically mitigate attacks, in real-time, should now be a must-have requirement.”

The ISBuzz Post: This Post Ransomware Still A Top Cybersecurity Threat appeared first on Information Security Buzz.

Government Launches New Cybersecurity Centre At London’s Olympic Park

The ISBuzz Post: This Post Government Launches New Cybersecurity Centre At London’s Olympic Park appeared first on Information Security Buzz.

Following news that the Government are launching a new cybersecurity centre at London’s Olympic park. They hope the new centre will be a catalyst for growing tech cluster and could help create 2,000 UK jobs in cybersecurity. IT security experts commented below.

Paul Farrington, Director, EMEA Solution Architects at CA Veracode:

“We are pleased to see the Government continuing to invest in cybersecurity skills in the UK. With news today that cyberattacks against UK organisations are at an all-time high, the need for greater expertise will be crucial in securing the nation’s data and services. However, it is important that industry doesn’t see the cyber skills gap as the Government’s problem to solve – especially as we see security becoming an increasingly prominent part of other technology roles.

In software development, for example, in 44% of organisations, the development team are responsible for the maintenance of third-party commercial and open source components. This suggests a move in responsibility for the ongoing management of security vulnerabilities, such as the Apache Struts2 vulnerability that lead to the Equifax mega-breach.  Even as we’re seeing this shift, our research has also shown that 70% of developers were not required to complete any courses focused on security when getting their degree. It is crucial that organisations invest in improving the skills of their employees to assure their security of their services and solutions. Providing eLearning can improve security standards by an average of 19%, for example. Improving the nation’s cyber hygiene is a collaborative effort, and those companies that rely solely on the Government’s investment will find themselves burnt.”

Neil Thacker, CISO EMEA at Netskope:

“This move from the British government shines a spotlight on the dangers of the digital underworld today.  Cracking down on the dark web is the right step forward, however criminals are smart and the dark web is not the only hiding ground for them.  There are many access points and techniques used by criminals to conceal their activities, including the public web, where stolen personal data and financial information can be traded.  Policy will help to some extent, but the onus is on businesses and individuals to look at their practices and implement intelligent controls that can lead to identifying these illegal activities.”

André Stewart, VP EMEA at Netskope:

“Cybersecurity is big business and as we all now know it can have huge consequences, which is why cyber criminals and governments take it so seriously. While it’s great to see cybersecurity is front of mind, the amount of investment is a bit like buying a spud gun to battle a bazooka. Much more needs to be done as businesses continue to fall short of the mark in protecting themselves, often rooted in legacy and traditional security practices that fail to fully protect them and their data. The announcement of this new cyber-innovation centre should spur businesses into reviewing their practices and cybersecurity resources, stripping away antiquated practices and making sure they are up to the challenges and the risks of today’s digital world.”

The ISBuzz Post: This Post Government Launches New Cybersecurity Centre At London’s Olympic Park appeared first on Information Security Buzz.

How Businesses Can Stay Protected In Light Of NCSC’s Findings

The ISBuzz Post: This Post How Businesses Can Stay Protected In Light Of NCSC’s Findings appeared first on Information Security Buzz.

The findings from the annual report of the National Cyber Security Centre today revealed that UK businesses are facing a growing threat from cyber-attacks. In response to this, please see comment below from David Emm, Principal Security Researcher at Kaspersky Lab commented below. 

David Emm, Principal Security Researcher at Kaspersky Lab:

“Businesses come in all shapes and sizes, but in today’s world, no organisation, large or small, can afford to ignore online security. Whether you’re a team operating out of an office, or an individual working from home, cybersecurity is an issue that every business should prioritise. In light of the recent findings from the National Cyber Security Centre, it simply comes down to being prepared – and there are several steps that businesses should take to arm themselves against threats. Although businesses have no direct control over the growth of cybercrime, by taking simple steps to secure their internal systems, they can reduce their exposure to attack.”

Kaspersky Lab recommends the following advice for businesses to stay prepared:

  • Conduct a security audit– Identifying your business’s security strengths, weaknesses and opportunities for improvements will provide a good foundation for your future decision-making process on appropriate technology and other measures
  • Choose the right anti-malware protection– Choosing the right security software will allow you to feel relaxed and comfortable that your business is adequately protected, without the hassle of managing an expensive or overly elaborate security solution.
  • Keep your software up to date– Apply updates to your operating systems and applications as soon as they become available (switch on automatic updates where this is available). Remember, programs that haven’t been updated are one of the key means that cybercriminals use to hack businesses
  • Back up– Plan for the worst-case scenario: infection. It’s vital to back up your files – so that, if your documents are compromised, you can restore your files with minimal disruption
  • Educate your staff about browsing behaviours– The starting point for most attacks is tricking people into doing something that allows attackers to get a foothold. Therefore, proactively educating your staff about the impact their online activity can have on the business will help to reduce your exposure to online threats significantly.

The ISBuzz Post: This Post How Businesses Can Stay Protected In Light Of NCSC’s Findings appeared first on Information Security Buzz.

Thieves Are Now Hacking Keyless Cars

The ISBuzz Post: This Post Thieves Are Now Hacking Keyless Cars appeared first on Information Security Buzz.

A number of cars have been identified as the most vulnerable to have their key fobs hacked in ‘keyless’ car thefts. The method involves using two relatively-cheap devices to ‘trick’ a vehicle into thinking its entry fob is nearby. Art Dahnert, Managing Consultant at Synopsys commented below.

Art Dahnert, Managing Consultant at Synopsys:

“A relay box is used to capture and re-transmit the radio signals of a modern vehicle key in order to fool the vehicle into thinking that the key is in near proximity to the vehicle.  Often the key is far enough away from the vehicle when the owner parks it and goes inside a building, such as his house, that the vehicle can’t be opened or started. What a relay box does is make it seem to the vehicle that the key is near enough or next to the vehicle in order to open the driver’s door. On some new models,  the RKE (Remote Keyless Entry) system that the vehicle uses for entry and vehicle starting only require the key to be within a small radius of the car, usually only a few feet.

“Typically,  two parts of the “Relay Box” are required, the component that captures and transmit the signals from the key and it’s corresponding component that works within the vehicle’s RKE entry radius. An individual will try to get close to the key in the building or house, usually by the front door or window, since most owners keep their keys by the front door or hall way. Another individual will remain close to the vehicle trying to get as close to the RKE controller’s antenna. A lot of the specifics for the attack will depend on how powerful the “relay box” is, which means that a powerful transmitter/antenna combination in the  two components will allow more flexibility in the distances involved during the theft. This attack allows you to enter and drive off with the vehicle, however depending on the design of the vehicles system it may not allow you to restart it. Unfortunately, the vast majority of models allow a restart to happen.

“The best way to prevent this type of attack is to use a steering wheel lock or an additional type of immobiliser, usually found in aftermarket alarm systems. Another way to prevent this attack is to block the key signals using a Faraday bag or box. This is where you’d store your keys when they are not in use. In reality any metal container that prevents the radio signals from being captured will work, some people even suggest the family freezer. “

The ISBuzz Post: This Post Thieves Are Now Hacking Keyless Cars appeared first on Information Security Buzz.

Passwords Sold For Pittance Most Popular Attack

The ISBuzz Post: This Post Passwords Sold For Pittance Most Popular Attack appeared first on Information Security Buzz.

Verizon’s latest Data Breach Investigation Report was made public earlier this week. This report contains a number of topline observations regarding the growth in ransomware, the fact that many security breaches are driven by organised crime, etc.

Rashmi Knowles, Field CTO for RSA Security, commented below focusing specifically on this access and ID element of the story.

Rashmi Knowles, Field CTO, EME at RSA Security:

“The use of stolen credentials has been the most successful attack method according to this year’s DBIR, which suggests the biggest struggle for enterprise is still identity and access management. Caches of credentials are available for pittance on the dark web, and provide an easy attack vector for hackers, who know that users rarely change their passwords. This is why two-factor authentication is a must-have for businesses. Passwords by themselves are clearly not a strong enough defence. However, the key is to balance convenience with security, to ensure that users behave securely – for instance, using proximity-based identity solutions that connect to a user’s mobile, or biometrics such as iris and fingerprint scanning, users can easily demonstrate that they are who they say they are without having to jump through too many hoops, while still reducing risk for the business.”

The ISBuzz Post: This Post Passwords Sold For Pittance Most Popular Attack appeared first on Information Security Buzz.

Amber Rudd Announces Dark Web Crackdown

The ISBuzz Post: This Post Amber Rudd Announces Dark Web Crackdown appeared first on Information Security Buzz.

Ahead of UK home secretary Amber Rudd’s speech this afternoon on a planned crackdown criminals using the dark web, Ross Rustici, Senior Director, Intelligence Services at Cybereason commented below.

Ross Rustici, Senior Director, Intelligence Services at Cybereason:

“The UK is a little different than the US in the fact that GCHQ has a mandate to address child pornography in addition to national security concerns, so the headlines are a little misleading. It isn’t 14 million to start dealing with this issue, it is 14 million to focus on a very specific task. Is it enough? No. Is it better than what they have now? Yes. There is no amount of money that will solve this issue. It is transnational and ever evolving. Getting more beat police officers involved will help with the low level cyber crime, which, in turn will free up resources to go after harder problems.

“Black markets on the dark web is less of a hydra problem than one might expect. Fundamentally, the market places have to operate on a basis of trust. If criminals don’t believe that they are anonymous while conducting the illegal activity they are unlikely to conduct it in that forum. The take down of Alpha Bay shook this trust quite a lot. If Interpol/Europol can take down a few more of the major markets, the ones that replace them will be less robust and trafficked. This doesn’t solve the problem, but it increases the cost of conducting the illegal activity which will hopefully serve as another deterrent.”

The ISBuzz Post: This Post Amber Rudd Announces Dark Web Crackdown appeared first on Information Security Buzz.

Hackers Access Great Western Railway Customer Accounts

The ISBuzz Post: This Post Hackers Access Great Western Railway Customer Accounts appeared first on Information Security Buzz.

Yesterday, Great Western Railway sent a number of password reset email notifications to its customers, in response to it becoming aware of “unauthorised attempts to gain access to a small number of GWR.com accounts over the past week”. GWR customers have shared screen grabs of the email notification on Twitter.

GWR has since confirmed in interview that circa 1,000 accounts were affected.

Rashmi Knowles, EMEA Field CTO at RSA Security and expert in data protection and end-user security, implores customers to take heed of the advice from companies like GWR and reset their passwords – commented below.

Rashmi Knowles, Field CTO, EMEA at RSA Security:

“It is good to see Great Western Railway taking a proactive approach to helping customers stay safe online by flagging that some accounts have been accessed, even though GWR itself has not been hacked. In the wake of large data breaches, we often see large caches of credentials go on sale on the dark web. Hackers know that consumers use the same passwords for multiple accounts, and that these credentials will open doors into emails, banks, or in this case railway accounts – I would suspect that is what is happening here, and that GWR accounts have been accessed by people trying their luck with stolen credentials.

“This is why everyone should practice good cyber hygiene. If you know that one of your accounts has been compromised, and use the same username and password elsewhere, then update your other accounts immediately. More generally, with consumer breaches of this kind on the rise, you should never be using the same passwords for business and personal use. Targeting consumers is often a gateway into their place of work for hackers. By having separate passwords, you can minimise the chances of your employers being affected. Finally, users should opt in to two-factor authentication, where possible. For example, often you will see your bank asking for a fingerprint, voice scan or secondary password because we regularly see passwords failing to protect us adequately. By adding an extra layer of defence you can make things much harder for the bad guys.”

The ISBuzz Post: This Post Hackers Access Great Western Railway Customer Accounts appeared first on Information Security Buzz.

YouTube Hacked

The ISBuzz Post: This Post YouTube Hacked appeared first on Information Security Buzz.

It has been reported that popular streaming service YouTube has been hacked. More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo. Despacito has been removed, but its cover image had shown a group of people wearing masks and pointing guns. The hackers, calling themselves Prosox and Kuroi’sh, had written “Free Palestine” underneath the videos. Several of the clips remain live at time of writing. IT security experts commented below.

Mark James, Security Specialist at ESET:

“The details currently are sparse so trying to figure out what they did or how they did it is not something that’s easily done. The problem with these types of hacks is the potential for damage caused. For YouTube it’s a brand and PR issue.  For the artists it’s the personal damage of their brand being used for nefarious purposes.

Some YouTube videos collect hundreds of thousands or indeed millions of views. The ability to push information to all those viewers is massive and in some cases we could even see actions to trick the user into going to websites or following link.

For the end user it’s about having the security measures in place in case you are involved in a phishing attack or online scam. Utilising a good multi-layered internet security product and applying awareness when browsing web pages or clicking any links associated with the internet. The end user may be influenced by the information they see, if they trust the digital persona like a pop star or “Youtuber” they may be more likely to be scammed or tricked into going somewhere that may be malicious.”

Lee Munson, Security Researcher at Comparitech:

“The recent hack of popular music clips on YouTube seems to be relatively benign in nature, featuring a fairly tame political message and motivated by the ‘fun’ of the challenge.

In that respect then, it is in itself, nothing much to worry about for the video hosting site, though it does suggest that the defacement of videos is not technically difficult to achieve, given the number of high profile artists that have been targeted.

What exactly YouTube is doing to prevent content like this appearing via Vevo is unclear but it will be interesting to see whether other hacktivists jump on the bandwagon and use such sites to make their points in the future.”

The ISBuzz Post: This Post YouTube Hacked appeared first on Information Security Buzz.

Remote Desktop Services Hacked

The ISBuzz Post: This Post Remote Desktop Services Hacked appeared first on Information Security Buzz.

Cybercriminals are hacking into remote desktop services with two new matrix ransomware variants that encrypt computer files and one can even debug messages and can use a cipher to wipe free space. These new pieces of ransomware were discovered by the MalwareHunterTeam. Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below.

Bob Noel, Director of Strategic Relationships and Marketing at Plixer:

“Remote desktop services are a useful tool often used by the helpdesk to remotely access a PC for the purposes of troubleshooting problems. It should only be used for internal sessions, or across VPN tunnels for remote employees. Organizations should immediately inspect all network traffic to ensure that no RDP sessions (TCP port 3389) are open to the internet. Most IT teams will say they have configured their firewalls to block RDP, but using network traffic analysis to ensure that firewall rules are behaving as expected, and to look for any traffic that is circumventing policy is paramount to reducing risk from Matrix Ransomware attacks.”

The ISBuzz Post: This Post Remote Desktop Services Hacked appeared first on Information Security Buzz.

Hacked Accounts Sold For Just £1

The ISBuzz Post: This Post Hacked Accounts Sold For Just £1 appeared first on Information Security Buzz.

News is breaking that hacked social media accounts are being sold online, sometimes to promote hate speech, for menial sums. One site is selling UK-based Facebook accounts “with real Sim cards, birthday and location information included”, according to The Sunday Telegraph. On another, a single UK account is on sale for $1.50 (£1.07), discounted from $5. Ryan Wilk, Vice President at NuData Security, a Mastercard Company commented below.

Ryan Wilk, Vice President at NuData Security:

“Among all the personally identifiable information available on the web, the most valuable one is your complete online identity, as it includes data to access all your online accounts. It’s not surprising that each account, each type of data, or the whole package are sold online as if they were a pair of sneakers. Fraudsters work hard to get that information, and by reselling it, they are increasing its value, just like any other industry would do.”

“To fight this wave of exposed data, many forward-thinking retailers and other major organizations are adopting a multi-layered approach to verifying their users online – such as passive biometrics and behavioral analytics. This approach makes online accounts more secure as they can’t be accessed by bad actors, even if they present the right credentials.

Because these technologies don’t rely on static data, they are devaluing it and, ultimately, they can affect the value of stolen data on the dark market.”

“This approach to online verification that uses behavioral data signals to verify a user is allowing companies to avoid account takeover with stolen credentials and focus on their good customers.”

“This report is a good reminder of the importance of having a multi-layered security and also underscores that fraudsters are highly evolved and sophisticated criminal enterprises.”

The ISBuzz Post: This Post Hacked Accounts Sold For Just £1 appeared first on Information Security Buzz.

Vulnerability In The Cisco Smart Install

The ISBuzz Post: This Post Vulnerability In The Cisco Smart Install appeared first on Information Security Buzz.

Cisco has revealed in its blog that they are aware of specific advanced attackers  targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Sean Newman, Director of Product Management at Corero Network Security commented below.

Sean Newman, Director of Product Management at Corero Network Security:

“Recent reports from Cisco’s Talos team* of a vulnerability enabling attackers to potentially gain remote control of switch devices for nefarious purposes, is just another example of how many IT system features there are exposed to the Internet which were originally developed to make IT team’s lives easier but, are now resulting in security headaches. This report follows closely on the heels of recent DDoS attacks powered by the exploitation of the commonly deployed memcached system tool, which was also found to be exposed directly to the Internet in tens of thousands of cases. These examples demonstrate why organisations need to not only be more diligent about what systems and services they expose to the Internet themselves, but also have the right solutions in place to protect from attacks which are continually being developed to abuse these exposed services for nefarious purposes.  And, having dedicated, real-time, automatic, DDoS protection in place is a prime example of where many organisations are still deficient in their defences.”

The ISBuzz Post: This Post Vulnerability In The Cisco Smart Install appeared first on Information Security Buzz.

Pyongyang Hackers Could Be Major Threat In The Future, Parliament Says

The ISBuzz Post: This Post Pyongyang Hackers Could Be Major Threat In The Future, Parliament Says appeared first on Information Security Buzz.

News broke today that despite the North Korean cyber-threat to the UK remaining below that of Russia and China, a new parliamentary Defence Committee report has claimed that in the future this may not be the case. It reiterated the view that the WannaCry ransomware attack which decimated large parts of the NHS was carried out by the Kim Jong-Un regime, but that the UK was not its intended target. Andy Norton, Director of Threat Intelligence at Lastline commented below.

Andy Norton, Director of Threat Intelligence at Lastline:

“It’s encouraging to see the UK Government acknowledge the need for ever-improving cyber defences as cyberspace becomes increasingly critical to the UK and the range of cyber-threats intensify, regardless of who may be the perpetrator.  They highlight the lack of sufficient numbers of skilled cyber-staff as a concern for the UK’s cyber-capability development.

This is the challenge ahead; We need to protect more, with less people. This will drive the adoption of behavioural intelligence and automation as core components of defence in depth.”

The ISBuzz Post: This Post Pyongyang Hackers Could Be Major Threat In The Future, Parliament Says appeared first on Information Security Buzz.

Best Buy Breach

The ISBuzz Post: This Post Best Buy Breach appeared first on Information Security Buzz.

Best Buy has now been added to the list of companies like Delta, Sears and Kmart who have been hit by a payment card breach. Hackers were able to get to Best Buy’s customers Payment data through an attack on their online services provider [24]7.ai. Best Buy used [24]7.ai for online chat/support services. Chris Olson, CEO at The Media Trust commented below.

Chris Olson, CEO at The Media Trust:

Chris Olson“This latest breach is a classic example of the challenges in securing today’s digital environment. More than 70% of the Best Buy website is provided by third parties, a typical composition for today’s websites which rely on third parties to provide the engaging and interactive functionality consumers expect. As belatedly realized by many enterprises, if not continuously monitored, these third parties can be compromised damaging consumer trust and brand reputation, all without their knowledge. Even worse, this situation represents significant PCI DSS compliance and data privacy failures. Unless security professionals have a true digital risk management program in place to monitor all code executing on their website using multiple user profile combinations, there really is no other way to defend their websites against breaches. This preventative stance is especially valuable for ecommerce website security, where there is a direct impact on revenue and sensitive customer information.”

The ISBuzz Post: This Post Best Buy Breach appeared first on Information Security Buzz.

Medical Devices Found Vulnerable

The ISBuzz Post: This Post Medical Devices Found Vulnerable appeared first on Information Security Buzz.

Following the news that vulnerabilities have been found in Natus Medical devices, Leon Lerman, Co-Founder and CEO at Cynerio commented below. 

Leon Lerman, Co-Founder and CEO at Cynerio:

“Healthcare organizations need to be aware that connected medical devices are probably the most vulnerable entities on a hospital’s network, as they were not built with security in mind and it’s extremely challenging to regularly keep them up to date.

Health providers cannot rely on device manufacturers to protect their patients’ data and safety.

Providers first need to make sure they have complete visibility to the medical device ecosystem, understanding the right medical context of the communications and the associated risk. This will enable them to better understand the risks on their clinical environment and will enable them to take proactive actions to ensure their patient safety and data protection.”

The ISBuzz Post: This Post Medical Devices Found Vulnerable appeared first on Information Security Buzz.

Facebook Won’t Apply GDPR Regulations Globally – What It Means For You

The ISBuzz Post: This Post Facebook Won’t Apply GDPR Regulations Globally – What It Means For You appeared first on Information Security Buzz.

Even given the recent Facebook/Cambridge Analytica scandal, Mark Zuckerberg just announced that the social media platform won’t apply the stringent new European data privacy law regulations globally — for now, at least. Francis Dinha, CEO and Co-Founder at OpenVPN commented below.

Francis Dinha, CEO and Co-Founder at OpenVPN:

“As a CEO, I understand Zuckerberg’s hesitation to immediately accept the GDPR. At this point, no one knows how the regulation will impact their business. For a company like Facebook, the regulation will likely impact revenue as advertising may be more limited due to personal data restrictions. However, looking at it from the consumer perspective, the GPR increases data privacy and gives them more control over how their data is used. While it’s a good start, it’s not enough to provide full data protection.

With high profile hacks happening on a recurring basis, consumers are more aware and concerns about cyber and data security. After the recent Cambridge Analytica fallout at Facebook, consumers more so than ever are questioning what exactly corporations are doing with their personal information, and it’s encouraging them to take a proactive role in protecting their data.

The most common misconceptions around data privacy are users feeling as if they have nothing to hide, so data privacy does not apply to them, and that they don’t care if companies use their data. These are two misconceptions that need to be gone away with, and it starts with a shift in consumer mindset. Consumers need to be aware and take notice of when they’re accessing public cloud services without protection, especially when accessing bank information or supplying your credit card to an online merchant. When you’re using an unprotected connection, your data is in transit when accessing any web service and might be compromised by cybercriminals.”

The ISBuzz Post: This Post Facebook Won’t Apply GDPR Regulations Globally – What It Means For You appeared first on Information Security Buzz.

21 Percent Of Open Source Serverless Applications Have Critical Vulnerabilities

The ISBuzz Post: This Post 21 Percent Of Open Source Serverless Applications Have Critical Vulnerabilities appeared first on Information Security Buzz.

According to an audit by serverless security company PureSec, more than one in five serverless applications have critical security vulnerabilities. An evaluation of 1,000 open-source serverless projects found that 21 percent of them contain one or more critical vulnerabilities or misconfigurations, which could allow attackers to manipulate the application and perform malicious actions. Tim Mackey, Technical Evangelist for Black Duck by Synopsys commented below.

Tim Mackey, Technical Evangelist for Black Duck:

“What was disclosed

  1. PureSec have defined an equivalent of the “OWASP Top 10” and are targeting it at the Functions as a Service (FaaS) market – also known as “serverless”
  2. To vet their definition, they’ve collected a sampling of roughly 1000 functions deployable within AWS Lambda. These functions were written in a variety of languages and their findings showed, in the aggregate, 21% contained at least one of the security risks identified by their “FaaS top 10” taxonomy
  3. PureSec have created an offering around their “FaaS top 10” and made it available in beta form with the report as supporting material

Why security in the FaaS ecosystem matters

The core concept of FaaS, or serverless functions, is to define an API for consumption. These APIs can provide basic services intended for integration into a larger application. By decoupling the API from the core business logic, security paradigms which would normally apply to a discrete application at a higher level now need to be implemented in the API function. For example, a discrete user facing application will often implement its input sanitisation routines at the point of user input. The sanitised data is then freely manipulated within the application to return a result to the end user. If those internal data manipulation routines are broken out to become discrete API services, the input sanitisation rules could easily be omitted when the API was refactored. The net result being unexpected data could be presented to the function – with correspondingly unexpected results. If that API function proves valuable to others, those new consumers may not be aware of the lack of input sanitisation and the associated security risks.

While PureSec highlight in their announcement the results of their analysis of Open Source projects, this risk potentially exists in any API – regardless of whether it’s considered “serverless”. Application owners should pay attention to any API they consume and assume that without independent validation any number of security issues may be present. In addition to the security nature of API execution, recent media coverage of data breaches also demonstrates that anyone consuming an API should be aware of how any data presented will be used and potentially stored.

I personally support PureSec’s attempts to increase awareness of the security risks associated with API usage and the role they are playing security education for serverless/FaaS developers.”

The ISBuzz Post: This Post 21 Percent Of Open Source Serverless Applications Have Critical Vulnerabilities appeared first on Information Security Buzz.

Just 1% Of Media Companies Feel Confident In Their Cyber Policies

The ISBuzz Post: This Post Just 1% Of Media Companies Feel Confident In Their Cyber Policies appeared first on Information Security Buzz.

According to an Akamai survey, only 1% of media organizations are happy with their current cybersecurity measures. Slow site performance and downtime are the industry’s top security-related concerns, according to 26% of the 200 US media technology decision makers surveyed in the report. Protecting premium video content (23%), enterprise application security (20%), managing the impact of bot traffic (15%), and DDoS mitigation (13%) were other concerns, the report found. Tim Helming, Director of Product Management at DomainTools commented below.

Tim Helming, Director of Product Management at DomainTools: 

“In an industry no stranger to scary statistics, this one is particularly worrying for media organizations. As media organizations attempt to play catch-up with the new kids on the block such as Netflix and Hulu, more and more of them will engage with customers in online portals which, if not adequately protected, present a serious risk to both the organization and their customers. We already seen Netflix users hit by a highly sophisticated phishing scam in 2017, which should serve as a warning to media organizations that cybersecurity concerns can affect their reputation as well as their bottom lines.In an increasingly diverse and competitive marketplace, prioritizing cybersecurity might not be the most immediately appealing idea, but failing to do so could have dire consequences.”

The ISBuzz Post: This Post Just 1% Of Media Companies Feel Confident In Their Cyber Policies appeared first on Information Security Buzz.

Over 1.5bn Sensitive Files Are Left Unprotected On The Internet

The ISBuzz Post: This Post Over 1.5bn Sensitive Files Are Left Unprotected On The Internet appeared first on Information Security Buzz.

More than 1.5 billion sensitive files – ranging from payslips to medical scans – are visible on the open internet, according to a new report. Security researchers have warned the documents are “freely available” to anyone with minimal technical knowhow, and 36% of the exposed files were located in the European Union. Confidential corporate data – including details of yet-to-be-released products – were also out in the open. In one case, a point of sale terminal was leaking data on customer transactions, times, places, and even partial credit card numbers. Javvad Malik, Security Advocate at AlienVault  commented below.

Javvad Malik, Security Advocate at AlienVault: 

Javvad Malik“Cloud brings many benefits to organisations of all sizes. Data is easy to store and always available. However, with this convenience there is the temptation to store more data than is necessary. Secondly, due to the ease of use, many companies can overlook their responsibilities in the security of the data. While cloud providers are responsible for some parts of security, the organisations have their own obligations to ensure the protection of data in the cloud.

A lack of cloud expertise is another potential contributor – failure to secure cloud environments can largely be put down to human error.

Organisations should always look to gain assurance that cloud environments are secured as intended and deploy cloud security tools that can monitor and detect threats.”

The ISBuzz Post: This Post Over 1.5bn Sensitive Files Are Left Unprotected On The Internet appeared first on Information Security Buzz.

Delta Cyberattack Exposes Customer Credit Card Details

The ISBuzz Post: This Post Delta Cyberattack Exposes Customer Credit Card Details appeared first on Information Security Buzz.

It has been revealed that the cyberattack the American airline Delta suffered last year may have exposed customer payment information. The airline said the incident involved (24)7.ai, a chat-services provider used by Delta and other companies. Delta says only “a small subset” of customers were affected, with payment information exposed from Sept. 26 to Oct. Security experts commented below.

Martin Jartelius, CSO at Outpost24:

How should Delta handle to breach?

As this relates to a PCI certified environment, the task of foresic investigations is with the card brands. The important part now is to handle the customer relations with transparency, and also to review the trusts between their own organization and their service providers.

As there is a known period the breach occurred, it is of course of importance to find out how it was possible for it to occur and how to prevent it from recurring.

What should customers do?

The breach occurred last year and remain undetected until a week ago. Customers should always be attentive to their card transactions. Depending on the maturity of security delivered by issuing banks, it is for example possible to block cards for card-not-present transactions without further authorization from the cardholder – however this does not hold true for all banks of geographical regions. As a customer, demand to be either be protected from damage, or provided adequate technical protection by your card issuer.

Do you have any comments around the payment platform that exposed the details?

Delta, as any other organization hosting web content, must consider that any instance when logic flows from one application to another, there is a transfer of trust – trust you have with your clients which is based on your brand and your relationship with your customers. This breach had its primary incident not with Delta, but with their partner – Yet it is stated as an issue affecting Delta. This is the reason understanding your entire digital eco-system ranging from outsourced processes to “cross domain” included scripts, including ad-networks, allows someone else to interact with your customers based on the trust those invest in you. And that also means, a good part of the negative impact of a breach with a partner will reflect back on that trust.

One should also note that this is a certified organization which have been through reviews and testing – Security is a continuous process, and compliance is not a guarantee of security. As long as banks hold their clients damage free, we can accept the current level of security. If consumers are to shoulder the costs or responsibility, much is still to be done regarding rather basic security in the payment card industry.

Craig Young, Computer Security Researcher at Tripwire:

“There are some interesting questions to ask in response to this disclosure. Why was the breach window so short? Were the attackers discovered and booted back in October? If so, why is it that we are only learning of the breach nearly six months later? If not, how can (24)7.ai be so confident of the scope of the breach? Were payment card providers notified sooner? Time is a critical factor for preventing fraud whenever there is a breach of financial data. Delta has assured customers that they won’t be held responsible for fraudulent charges but it seems likely that if fraudulent charges related to this have not already been identified, there is little hope that they will ever be connected to this breach.”

Lee Munson, Security Researcher at Comparitech.com:

“The cyberattack experienced by Delta highlights the many different facets of a data breach, from the good to the bad, as well as the unknown.

Obviously the big negative here is the fact that customers have potentially had their payment card data swiped, though the unknown factor is whether or not that information was encrypted, or how.

From an incident response point of view, it is a shame to learn to the attack has only now come to light, having occurred and been spotted last year, though we are, of course, unaware of when affected customers were notified.

On a more positive note, no personal information was stolen and Delta was quick to examine the breach and learn lessons from it.

We can only hope that affected customers have been offered appropriate support and advice and are now changing passwords where appropriate and examining credit reports with a keen eye.”

Satya Gupta, Co-Founder and Chief Technology Officer at Virsec:

“Once again, another breach raises troubling questions about why current security defenses are failing, and why organizations are dragging their feet with public breach notification. The company says it was notified in mid-March, yet the breach occurred six months earlier and was “quickly resolved.” Whether it’s a company or sub-contractor, the first impulse when a breach is discovered seems to be stalling and hoping it will not go public.

More broadly, we continue to rely on an outdated security model – protecting a porous perimeter, while hackers are often already inside, waiting to exploit vulnerabilities that may dwell for months. The focus has to shift to directly protecting applications and critical data – not relying on perimeter protection which is rapidly disappearing.”

Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:

“Delta Air was not directly breached, it was affected by a third-party vendor breach. We saw this vector in play earlier this week with the Energy Transfer Partners third-party EDI breach.

It is no longer enough for large companies to only protect their own networks and internal systems from malware. Nowadays, business is conducted with the help of third-party service companies that provide savings by solving a piece of the puzzle for big companies, like online transaction support, for instance. In such cases, the third-party vendor increases the attack surface and the risk of a cybersecurity breach for the enterprise.

Third parties have been the vector of attack in many high-profile breaches and I anticipate this trend will continue. In recent years, 63 percent of breaches were traced to third-party vendors, according to the Soha System’s survey on third-party risk management. If a hacker can breach a company and pretend to be a legitimate vendor, they may have full access to a company’s network for months; plenty of time to monetize their attack.

A vendor often serves multiple customers, which can create complications and delays in incident response. It is crucial for companies to audit the security posture of their vendor just as rigorously as they do their own.

[24]7.ai operates global centers that outsource voice and chat agent services for sales and support, providing a channel of communication between their clients and customers. When such a channel is compromised, it can be quite damaging as the attackers can pose as support or sales managers and ask customers to provide sensitive information.”

Anthony James, Chief Marketing Officer at CipherCloud (San Jose, CA):

“It is an all too frequent headline – another high profile company breached with hundreds of thousands of customers’ personal information or credit card data stolen.  As with the Sears breach announced today, the 3rd party companies are the weakest link in the security chain.  The unfortunate realization that the largest brands are being impacted by their smaller partner companies should inform any organization when they establish their security practices and controls.

The question needs to be asked, who are our partners, what are their security practices, what data are we sharing, and what systems will they have access to?  In this example, [24]7.ai – the software service provider for Sears (and many other large retail and airline brands) – became the source for the breach exposing customer credit card data.

With data being the core asset cyber thieves are targeting, new approaches to data protection need to be implemented. There are plenty of new technology approaches to secure data when it is at rest, in flight and in use. These strategies need to be implemented when companies have access to critical customer data.” 

Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks:

“The fact that these two breaches have been discovered in September and March, respectively, means there may be a systemic issue that has been present for at least the past six months within the area of compromise.

It is important to understand that this breach is different from some past breaches, such as Target, where the third-party vendor was a vehicle for an intrusion into the final victim’s own network. In the case of SaaS offerings, a threat actor may not even need to breach your network, siphoning off your data directly from the third-party vendor that you do business with instead. In other words, it is just as important to assess the security posture of a vendor you allow into your network as a vendor you exchange information with to provide you with a service. At the end of the day, it’s companies like Delta Air and Sears that end up in the news, not so much the third-party vendor.”

The ISBuzz Post: This Post Delta Cyberattack Exposes Customer Credit Card Details appeared first on Information Security Buzz.

Mirai Variant Botnet Launches IoT DDoS Attack On Financial Sector

The ISBuzz Post: This Post Mirai Variant Botnet Launches IoT DDoS Attack On Financial Sector appeared first on Information Security Buzz.

In light of the news, that a Mirai variant botnet has launched IoT DDoS attack on the financial sector, Anthony Chadd, Senior Director, EMEA at Neustar commented below.

Anthony Chadd, Senior Director, EMEA at Neustar:

“It’s likely that the latest DNS amplification attack was not an isolated incident, and with Satori on the horizon, businesses must make it a priority to safeguard their IoT systems against severe disruption. But to achieve this requires a clear understanding of what data needs safeguarding, and the levels of security that need to be put in place. Organisations everywhere must be proactive with their defence strategies – rather than just sitting idly until the attack has happened and it’s time to fight fire in the midst of the chaos.

In order to do this, organisations must first build out an organised and cohesive security strategy. As a result, they can successfully focus in on their more vulnerable data, processes and models – protecting valuable information from similar DDoS attacks moving forward. On a more specific level, businesses must ensure the appropriate controls are in place for threat vulnerability and patch management. And the same time they must make it a priority to ensure that important data is identified and encrypted. In the end, this can only really be achieved by taking a holistic view of the threat landscape, rather than tackling each of these in isolation.”

The ISBuzz Post: This Post Mirai Variant Botnet Launches IoT DDoS Attack On Financial Sector appeared first on Information Security Buzz.

Reaper Botnet

The ISBuzz Post: This Post Reaper Botnet appeared first on Information Security Buzz.

Security Researchers from Future’s Insikt Threat Intelligence Research Group are reporting* that the DDoS attacks that targeted the Netherlands financial sector in January was the first known use of IoTroop – also known as the Reaper Botnet, a variant of Mirai. The initial attack was a DNS amplification attack with traffic volumes peaking at 30Gs according to Insikt. Andrew Lloyd, President of Corero commented below.

Andrew Lloyd, President at Corero:

“While the reported amplitude of the attack (at 30Gbps) was nowhere close to record-breaking, it is still higher than most of the DDoS attacks that we see. Corero’s latest DDoS Trends Report* found that 96% of DDoS attacks were less than 5Gbps and only 1% above 10Gbps. In our experience, even the largest banks and financial institutions often have a protection gap within their DDoS defenses where short-duration, modest amplitude attacks go undefended.”

The ISBuzz Post: This Post Reaper Botnet appeared first on Information Security Buzz.

Microsoft Patches Critical Flaw

The ISBuzz Post: This Post Microsoft Patches Critical Flaw appeared first on Information Security Buzz.

In response to the news that Microsoft has rolled-out security updates to fix a critical remote code execution flaw affecting Windows Defender and other anti-malware products, Aaron Zander, IT Engineer at HackerOne commented below.

Aaron Zander, IT Engineer at HackerOne:

“Criticality for Microsoft depends greatly on the individual product line. For the Windows Product, the most critical vulnerabilities are the ones that cause users to lose control of their computers in totality. In the case of this patched exploit, it offers a worse case scenario: the very tool Microsoft uses to protect their users turned against them. This is not the first time that AV has been targeted. Security vendors, especially, need to secure using all methods available to them as they run privileged processes by nature.

While it’s hard to say if CVE2018-0986 was ever exploited in the past, the difficulty in crafting this exploit leaves only the most elite capable of doing so. If tools were made available allowing others to make their own payloads, this would open up the attack surface to more users. All of that being said, always staying on-top of updates from your OS provider is a simple and easy step to mitigate risk from security flaws.”

The ISBuzz Post: This Post Microsoft Patches Critical Flaw appeared first on Information Security Buzz.

Intel Gives Up Patching Some Chips With Spectre Flaws

The ISBuzz Post: This Post Intel Gives Up Patching Some Chips With Spectre Flaws appeared first on Information Security Buzz.

In response to the news that Intel has announced it has dropped plans to patch certain older CPU families affected by the Meltdown and Spectre bugs, Ondrej Kubovic, Security Awareness Specialist at ESET commented below:

Ondrej Kubovic, Security Awareness Specialist at ESET:

“This approach by Intel is not completely new. End-of-support for legacy systems is a standard procedure usually triggered by the development of new and more advanced hardware and software, or changes in the way people interact with their devices. What’s interesting about this case is that it might be the first time when major bugs – such as Meltdown and Spectre – were the main accelerator for this process.

Non-patching of the mentioned vulnerabilities should affect mostly CPUs that were manufactured more than 5 years ago. We can only hope this will give Intel more space to concentrate on patching of the still widely-used systems and only isolated and sparsely used systems will be left out of the patching loop.

For those still using vulnerable components: These flaws enable attackers to harvest information, not to modify them. Therefore if the system contains no personal or sensitive data, or is used for other purposes but not for browsing, it should be relatively secure. Also users can improve their security by applying Meltdown and Spectre patches issued by OS, browser and other software developers. Of course, the safest thing to do is to replace the vulnerable hardware for newer non-vulnerable components. In case HW replacement or patching is not possible, users can also airgap their system to stay out of attacker’s reach.”

The ISBuzz Post: This Post Intel Gives Up Patching Some Chips With Spectre Flaws appeared first on Information Security Buzz.

Credit Cards Exposed In Sears, Delta Airlines Data Breach

The ISBuzz Post: This Post Credit Cards Exposed In Sears, Delta Airlines Data Breach appeared first on Information Security Buzz.

Overnight, news broke that Delta Airlines, Sears, Kmart and more were affected by a data breach at software service provider [24]7.ai. Despite the incident starting on Sept. 26, 2017 and being resolved by Oct. 12, Sears has said it was only notified of the incident a few weeks ago.

The incident led to unauthorised access to the credit card information of under 100,000 of its customers. Delta Airlines is currently uncertain if its information was accessed and compromised. Luke Brown, VP EMEA at WinMagic commented below.

Luke Brown, VP EMEA at WinMagic:

“Fortunately, the impact on Sears and Delta Air customers of this particular data breach appears to be minimal.  But any company that allows unauthorised access to its customers’ credit card data has some pretty serious security challenges.  We don’t know the details of this particular incident, but one thing is clear – the data accessed by these hackers can’t have been encrypted.  If was, they couldn’t have read it.   In the movies, they say something is encrypted and somebody can hack it in 5 minutes. That is not true. If something is encrypted with a strong password, nobody is going to unlock it.  Companies can implement all the security bells and whistles they want to protect their perimeter, but if they leave the crown jewels – i.e. data – unprotected, they’re leaving themselves wide open for a breach.”

The ISBuzz Post: This Post Credit Cards Exposed In Sears, Delta Airlines Data Breach appeared first on Information Security Buzz.

2.7m UK Businesses Vulnerable To Internet Of Things Hacks

The ISBuzz Post: This Post 2.7m UK Businesses Vulnerable To Internet Of Things Hacks appeared first on Information Security Buzz.

It has been reported that 2.7 million businesses in the UK are leaving their corporate networks vulnerable to Internet of Things (IoT) hacks. Forty seven percent admitted to not updating default passwords on IoT devices when they’re added to corporate networks, and 15% admitted to not keeping security patches up to date. Natan Bandler, CEO and Co-Founder at Cy-OT commented below.

Natan Bandler, CEO and Co-Founder at Cy-OT:

“It is not surprising that such a large number of businesses in the UK are leaving themselves vulnerable to IoT hacks; way more than 2.7 million organisations should be worried. IoT devices are the easiest way in and out of an organisation as they are the weakest link in a company’s cybersecurity chain. Organisations have zero visibility into these devices, and they are not protected adequately.

“Even though, according to this research, 85% of businesses are keeping patches up to date, it is basically irrelevant. You can’t expect all devices to be patched; in fact there are often not even relevant patches available for all IoT devices. Organisations should not trust the IoT device itself, patched or not. It needs to protect itself and put mechanisms in place to secure its data and sensitive assets, especially as some of the IoT devices may not belong to the organisation itself.

“Insecure devices are the easiest way to get into an organisation, enabling cybercriminals to scan your network, install malware, conduct reconnaissance and exfiltrate data by bypassing other security mechanisms.

“What is needed is a dedicated cybersecurity solution that is monitoring both the IoT device and its activity, 24 x 7. By doing this, an organisation will be able to detect when and which devices are at risk. The answer does not lie within the device itself, but with a solution that your Security Operations Team can control.”

The ISBuzz Post: This Post 2.7m UK Businesses Vulnerable To Internet Of Things Hacks appeared first on Information Security Buzz.

Facebook Scandal Hit 87 Million Users

The ISBuzz Post: This Post Facebook Scandal Hit 87 Million Users appeared first on Information Security Buzz.

News broke yesterday evening that Facebook now believes that the data of up to 87 million people was improperly shared with Cambridge Analytica – many more than previously disclosed – with around 1.1 million UK-based.

Despite this story being covered by every major media outlet, we are just scratching the surface. Thoughts such as “isn’t this total disrespect for our privacy?!” are now painfully visible and critically accurate. IT security experts commented below.

Evgeny Chereshnev, CEO at Biolink.Tech:

“It doesn’t matter what this data leakage would have proven or not proven. The point is that there was always the opportunity, and possibility, that certain data would be extracted from Facebook by hackers or third party providers that we, the users, were not aware of. It has been said that it’s data taken from Facebook without the users’ consent. This is both true and not true. If you read the licence agreement, when you sign up to Facebook, you would understand that you have absolutely no rights when it comes to your data; your information, what you post and how information is gathered about you. Facebook can analyse and use this data any way it wants.

I am actually very happy this has happened, as it shows just how severe and significant the problem is. Firstly, if there is a database, it only has two states – already hacked or will be hacked – that is simply the fate of all centralised user databases. We have to embrace blockchain and diversified, distributed way of dealing with data.

Secondly, we need to totally rethink the way we approach data – our digital trail and DDNA (digital DNA). Privacy of personal data MUST become a constitutional right that everyone has from birth. Data is there forever, and it should be illegal to take it from users. It goes back to the age old question – what is self? Who owns it and what needs to be co-owned by third parties for self to coexist in the society that we live in? For example, a healthcare system needs access to my vital health records in order to administer the right treatment, but they don’t need to own that data. We should own our own self.

In that sense, the EU is the closest to doing the right thing, but there is always room for improvement, even when GDPR comes into effect.”

Craig Young, Computer Security Researcher at Tripwire:

“This is one of those situations that should be an eye opener to people on the importance of reading before clicking OK. Unfortunately, data privacy is a lot like oral hygiene, everyone knows they should pay attention to it but in practice people tend to neglect it.

Many Facebook users are naturally upset about this situation, but in the end the moral of the story here is that people need to be more considerate about what data they are sharing and with whom.”

Travis Smith, Principle Security Researcher at Tripwire:

“There are a few areas of Facebook that people should be concerned with when trying to protect their privacy.  I would follow these steps in order, based off of the level of privacy you wish to have.

  1. Limit what you share on Facebook. There is no need to create a check in location at your house, where people can see your exact location, what valuables you have inside the house, and when you’re on vacation in Disneyland for a week.
  2. Make your profile private. I would recommend making anything you post on the social network be limited to the individuals you have accepted as friends.
  3. Limit what applications you give access to. When signing up for a new service, there’s a handy little “Join with Facebook” option many times. This can allow the creator of that website unfettered access to your profile. Similarly, clicking the various personality tests or similar apps gives the author a level of access that you may not even want your own family to have. The author of these games rarely, if ever, needs access to your profile. Be very wary about who you give access to, because once they have access once, the data can be taken and you cannot get it back.
  4. Monitor what applications have access to your profile currently.  Even though the applications already could have harvested everything from your profile, it’s wise to go through and make sure to keep the list clean.
  5. Don’t stop at Facebook. Every other service on the Internet has similar collection mechanisms about your private data. What you search for on Google, what YouTube videos you watch, what you search for and buy from Amazon; all of this is stored and can be used to profile you. Don’t assume that anything you do on the Internet is private, because it isn’t.

The ISBuzz Post: This Post Facebook Scandal Hit 87 Million Users appeared first on Information Security Buzz.

Charities Warned Of Phishing Threat

The ISBuzz Post: This Post Charities Warned Of Phishing Threat appeared first on Information Security Buzz.

The Charity Commission has issued a warning to be on the lookout for ‘phishing’ emails impersonating charity CEOs. The warning comes after Action Fraud UK, the UK’s national fraud reporting centre, reported an increase in this type of fraud. Charity trustees, employees and volunteers are being told to be aware of ‘requests to your finance department or staff with authority to transfer funds’ which claim to be from a charity’s CEO but are actually from a spoofed email address. Tim Helming, Director of Product Management at DomainTools commented below.

Tim Helming, Director of Product Management at DomainTools: 

“The fact that Action Fraud have picked out the charity sector as a potential target for phishing attack is no surprise. The shoestring budgets associated with most charitable organizations, and the understandable prioritization of frontline services over cybersecurity products and training is well known, meaning malicious actors can exploit their lack of funding. Our phishing detection solution, PhishEye, recently revealed a plethora of websites posing as well-known UK charities, which given their associated risk score, are undoubtedly engaging in phishing or malware campaigns, intending to exploit members of the public hoping to donate.

Organizations need to realize that while prioritizing cybersecurity may not be immediately obvious on a tight budget, failing to do so could cause more damage to frontline services in the long-run”

The ISBuzz Post: This Post Charities Warned Of Phishing Threat appeared first on Information Security Buzz.

UK Businesses Financially Unprepared For Cyber Attacks

The ISBuzz Post: This Post UK Businesses Financially Unprepared For Cyber Attacks appeared first on Information Security Buzz.

Only a third of British businesses have a financial plan in place in case of a cyber attack, according to a survey at Lloyds Bank. Meanwhile, only half of companies discuss the risk of cyber attacks at board level.

The survey found that, if attacked, over a third of firms would pay a ransom to get their data back, but only a quarter had dedicated cyber insurance. IT security experts commented below.

Bill Evans, Senior Director at One Identity: 

“Recently Lloyd’s Bank released some rather disturbing facts regarding UK business’ willingness and ability to respond to a cyberattack.  Notably, it claims that only 33% have a financial plan in place in case of a cyberattack and only half discuss cyber risk at the board level.

This is a real miss.  Security must be a board level discussion.  One need only look across any variety of news reporting agencies to understand why.  Reasons to make this a board level discussion include GPDR violations with their hefty fines, damage to brand in the court of public opinion, and loss of revenue as customer confidence wanes in the wake of a breach.

As we talk with customers, one of the reasons they oftentimes give for not making security a board level discussion is that it doesn’t drive revenue or margin.  It’s viewed as a “cost of doing business” and not worthy of being discussed in the rarified air of “mahogany row.”  As a response, we like to remind them that there are two types of businesses; those that have been breached and those that are about to be.  Then we follow on with, “if you think security is expensive, try being unsecure.”

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“When it comes to cyber attacks, calculating the potential financial impact is something that needs to be undertaken well in advance. Companies should implement threat detection controls based on critical assets and data. This will ensure that any attack is spotted in a timely manner.

The second aspect is the response that should be taken once an incident occurs. Again, the response steps should be planned in advance and based on the criticality of assets and data. For example, if an asset that contained personal information is compromised, the response plan would include notifying the relevant regulatory body. But if a test environment was attacked, the response could be as simple as re-imaging the servers.

By having a plan in advance based on business and information criticality, the cost of security controls can be managed, as well as response plans.”

Dr Anton Grashion, Managing Director, Security Practice at Cylance:

“This is a recurring theme in surveys of businesses. Cybersecurity insurance is just one of the measures organisations can deploy to deal with risk and is often associated with the irreducible amount of risk that is resistant to the other strategies of mitigation, sharing, and avoidance. Because a disproportionate share of the cost of a breach is concentrated in the business implications rather than in all the technical/OPEX heavy responses to a breach is seems to make perfect sense that a great deal of effort should be concentrated on a prevention strategy first and foremost. While this has proved problematical in the past utilising legacy security tools, new AI and ML technologies can be deployed to stop the first domino from falling and thus proving the adage that an ounce of prevention is worth a pound of cure.”

The ISBuzz Post: This Post UK Businesses Financially Unprepared For Cyber Attacks appeared first on Information Security Buzz.

Warnings Issued Over Contactless Bank Cards With Details Being “Skimmed”

The ISBuzz Post: This Post Warnings Issued Over Contactless Bank Cards With Details Being “Skimmed” appeared first on Information Security Buzz.

It has been reported that warnings have been issued over contactless bank cards with details being “skimmed” while the card is still in your pocket. Contactless fraud has overtaken cheque fraud, which totalled £9.8 million last year. In addition, the number of cards in circulation have increased from 59million to 119million from 2015 to 2017. Lisa Baergen, Director at NuData Security commented below.

Lisa Baergen, Director at NuData Security:

 “As contactless cards become more popular globally, it is critical for online companies to actually identify true customers from imposters to approve transactions. Just having credit card numbers, passcodes and credentials can be easily subverted by cyber criminals. It is imperative that authentication frameworks now include passive biometrics and behavioural analytics, along with a full stack of security solutions so that customers are identified by their behaviour such as how they hold a device, how hard they hit the keys and hundreds of other identifiers. This approach allows online companies to block fraudulent transactions even if the cyber criminal has skimmed or cloned credit card information, has credentials or even stolen a device.”

The ISBuzz Post: This Post Warnings Issued Over Contactless Bank Cards With Details Being “Skimmed” appeared first on Information Security Buzz.

The Panera Bread Website Breach

The ISBuzz Post: This Post The Panera Bread Website Breach appeared first on Information Security Buzz.

Panera Breads’ website leaked customer information including names, addresses, birthdays, and the last four digits of credit cards for almost eight months before being discovered. IT security experts commented below.

Chris Olson, CEO at The Media Trust:

Chris Olson“Website breaches have become an epidemic that hurts corporate reputation and brand identity . The Panera website leak is just another example that demonstrates the complexity of security in the digital age. Be it poorly configured databases or unmanaged vendors, enterprises have a responsibility to do a better job controlling their digital ecosystems, especially when it comes to protecting consumer data. The ensuing damage to a brand’s image is costly. In today’s changing regulatory environments, enterprises need to update their vendor risk management strategies to include the digital environment, with specific attention paid to identifying all parties executing in websites and mobile apps. For most enterprises, this knowledge is limited to the software and hardware they purchase or license for use. Identification and control of these external resources is critical to developing a comprehensive security strategy for digital assets.”

Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks:

“This kind of programming mistake is much more common than you would think. We highly advise website owners to perform penetration testing of their websites to identify these types of vulnerabilities as early as possible.

In the case of Panerabread.com, the site had an open API that anyone on the internet could query and did not require any type of authentication. This API discloses the following information about customers who have previously registered on the website: username, first and last name, email address, phone number, birthday, last four digits of the credit card number, home address, social account, user preferences and dietary restrictions. This information can be queried if you know the phone number of the customer, which one could easily obtain using a second API.

This second API can be queried using a customer ID number to retrieve the username chosen, email address, first and last name, loyalty card number, phone number, full birth date and other options like SMS preferences, corporate customer status, etc. This API was easier to mine because sequential numbers were used as customer IDs.”

Paul Bischoff, privacy advocate at Comparitech.com:

“The Panerabread.com leak is an inexcusable oversight that not only took far too long to fix, but should have never occurred in the first place. Customers’ names, email addresses, physical addresses, birthdays, and the last four digits of their credit cards were accessible for eight months. This was not a sophisticated breach by hackers. The unsecured database of millions of customers could easily be accessed via a web browser, and all the data was available in plain text, meaning thieves wouldn’t even have to both decrypting it.

This is a good example of why consumers need to be cautious about signing up for loyalty programs and similar promotional membership schemes. It’s very difficult or impossible to know whether a company takes your information security seriously and can competently handle it.”

The ISBuzz Post: This Post The Panera Bread Website Breach appeared first on Information Security Buzz.

US Gas Pipelines Hit By Cyberattacks

The ISBuzz Post: This Post US Gas Pipelines Hit By Cyberattacks appeared first on Information Security Buzz.

News broke that a  supply chain cyberattack has disrupted a chain of natural gas companies. It affected a software platform, developed by a company named Energy Services Group LLC, that is used to process customer transactions, according to Bloomberg News. Such data-exchange software is widely used in the gas industry, though the attack was limited to the Energy Services platform.

The attack on the billing platform impacted Texas-based Energy Transfer Partners LP, which owns more than 71,000 miles of pipelines containing natural gas, crude oil and other commodities. The Texas firm’s subsidiaries include the Panhandle Eastern Pipe Line Co., whose pipelines run from the Gulf Coast to the Midwest.  IT security experts commented below.

Andrea Carcano, Co-Founder and Chief Product Officer at Nozomi Networks:

“The supply chain cyberattack that disrupted a chain of natural gas companies serves as yet another reminder that oil and gas organizations are high-risk targets. Attacks against them are growing, as evidenced by the recent Ponemon study that shows that sixty-eight percent of oil and gas organizations have experienced at least one cyber compromise. In this case, operations were not ultimately impacted and it’s not immediately clear that they were the target – however, we know that attackers often use IT networks and third-party resources to gain entry to OT networks. That’s why organizations must ensure that IT and OT security efforts are effectively aligned to achieve the best possible protection.

Bob Noel, Director of Strategic Relationships and Marketing at Plixer:

“Critical infrastructure facilities should be on high alert that they are directly in the cross-hairs of bad actors and nation states. Legacy security approaches that have only focused on the perimeter have failed. It is imperative that these perimeter strategies be complimented with technologies like network traffic analysis (NTA) to scrutinize internal communications to strengthen their security posture. NTA collects data about every conversation on the network, runs advanced security algorithms to look for malicious activity in real-time, and provides historical forensic data to quickly identify the root cause in the event of a breach. Breaches are inevitable, so organizations must turn their focus to monitoring internal traffic and its behavior to protect themselves and the people who rely on their services.”

Tim Erlin, VP at Tripwire:

“Any doubt that critical energy infrastructure in the US is a target for cyber-attackers should be erased at this point. We’ve seen an increasing number of attacks, and increasingly successful attacks, across energy infrastructure.

Panic isn’t the answer to securing our critical infrastructure. Preparation and risk management are key.”

The ISBuzz Post: This Post US Gas Pipelines Hit By Cyberattacks appeared first on Information Security Buzz.

UK Businesses Are Not Financially Prepared For Cyber Attacks

The ISBuzz Post: This Post UK Businesses Are Not Financially Prepared For Cyber Attacks appeared first on Information Security Buzz.

In light of the news that two thirds of UK businesses are not financially prepared for cyber attacks, David Emm, Principal Security Researcher at Kaspersky Lab commented below.

David Emm, Principal Security Researcher at Kaspersky Lab:

“Robust IT security strategies should be implemented in a business from the ground up – it’s about prevention, rather than recovery. In today’s complex threat landscape, any company not implementing comprehensive security measures could struggle – or fail – to recover from a breach or attack.”

The ISBuzz Post: This Post UK Businesses Are Not Financially Prepared For Cyber Attacks appeared first on Information Security Buzz.

Grindr Sharing Users’ HIV Statuses With Third Parties

The ISBuzz Post: This Post Grindr Sharing Users’ HIV Statuses With Third Parties appeared first on Information Security Buzz.

It has been reported that data analysis conducted by an outside research firm shows that popular gay dating app, Grindr, has been sharing its users’ HIV status with two other companies. Additional reports from late yesterday say that Grindr has said that it will stop sharing this information. Evgeny Chereshnev, CEO and Founder at Biolink.Tech commented below.

Evgeny Chereshnev, CEO and Founder at Biolink.Tech:

“All practices where a company has access to confidential information such as HIV status, sexual orientation or even information on deadly allergies, should be illegal to share with other parties.

This type of highly personal information is like gold to hackers and can be used for blackmail, extortion or manipulation, where a lot of damage could be done to a person’s life. If this type of information was discovered by a prospective employer, for example, it could cost you the job. In some countries, simply being gay is enough to get you killed, let alone not employed or fired!

Our personal information needs to be owned by us; and only we should have visibility as to where and how this data is used, and on what basis.

We need to totally rethink the way we approach data – our digital trail and dDNA (digital DNA). Privacy of personal data MUST become a constitutional right that everyone has from birth. Data is there forever, and it should be illegal to take it from users. It goes back to the age old question – what is self? Who owns it and what needs to be co-owned by third parties for self to coexist in the society that we live in? For example, a healthcare system needs access to my vital health records in order to administer the right treatment, but they don’t need to own that data. We should own our own self.”

The ISBuzz Post: This Post Grindr Sharing Users’ HIV Statuses With Third Parties appeared first on Information Security Buzz.

Saks Breach Likely Stole 6 Mil pmt Cards

The ISBuzz Post: This Post Saks Breach Likely Stole 6 Mil pmt Cards appeared first on Information Security Buzz.

In response to news of the Saks/Lord & Taylor breach, a Juniper Networks threat analysis expert says it’s likely that 6 million customer payment cards were stolen, including another 1 million in EU/Asia that were not initially reported.  Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks commented below.

Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks:

“In addition to the five million US-based credit cards stolen, it seems that the perpetrators also siphoned off about one million additional credit cards from EU/Asia residents. A recent similar operation targeted national stores and stole about three million credit cards between May and December 2017. All of these breaches seem to have utilized a point-of-sale (PoS) malware that intercepts credit card transactions, records them onto a local file, encrypts them and then sends the encrypted information to its command-and-control (C&C) server.

“This breach continues to highlight a couple of things: A breach is only a matter of time for most organizations. As Gartner puts it, assume you have already been breached and work on detecting that breach. The second point being the length of time hackers are able to operate in an environment without being detected. This clearly calls for a very different security posture, one that emphasizes detection over prevention. Most breach prevention methods have to take a quasi-instantaneous decision on allowing or blocking traffic and there is just not enough time to make a bulletproof determination. Organizations have to allocate budget specific to detection, which utilizes all network assets to detect post-infection indicators, such as command-and-control communication as well as analytics-based solutions, which are more capable of identifying low and slow types of attacks spread over time.”

The ISBuzz Post: This Post Saks Breach Likely Stole 6 Mil pmt Cards appeared first on Information Security Buzz.

Panera Bread Website Leaks

The ISBuzz Post: This Post Panera Bread Website Leaks appeared first on Information Security Buzz.

It has been discovered that Panera Bread left the information of up to 37 million customers who signed up for delivery and other services including “names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number” in plain text format accessible via its web site.IT security experts commented below.

Tim Erlin, VP, Product Management and Strategy at Tripwire:

“Security is often as much about response as prevention, and that includes how organizations respond to incidents and breaches. The market isn’t particularly forgiving when it comes to public incident response.

Organizations that collect, store and transmit customer data need to have plans in place to deal with reported vulnerabilities. The time to plan is before an incident occurs, not during.

Every publicly disclosed incident is an opportunity for unaffected organizations to consider how they would respond. Don’t just criticize the response; use the incident as a model for how your own organization might respond, and take steps to improve before it’s your name in the headline.”

Anthony James, Chief Marketing Officer at CipherCloud:

“MIllions of Panera Bread customer records potentially leaked, and most amazing, this went on for at least eight months according to KrebsOnSecurity. This breach is not unusual, and mirrors many recent headlines where mis-configurations occur, procedures may be missed, default passwords may still get used, ports will remain open to the internet, and, in this case, serious issues will somehow not be tracked and resolved. On a larger scale, can you even imagine that the thousands of alerts pouring into the average security operations center on their SIEM display are properly vetted every day? The moral of the story? Mistakes will be made and eventually they will become disastrous unless they are corrected or the data is protected along its entire lifecycle. What can others do to ensure that don’t become tomorrow’s headline? Add the necessary security layers to build Zero Trust into the systems automatically – meaning whatever data is being stored/used, expect it will be compromised. Anticipate that people will make mistakes and build out your cyber defense and your security policies to protect from a breach – your overall security will be stronger for it.”

Lisa Baergen, Director at NuData Security:

“The company names change but the stories remain the same:  Customers have had their information leaked because of the poor security procedures of companies transacting online, who continue to rely solely on plain text identifiers and static data such as credit card numbers, passwords and even simple customer names and phone numbers.

“The most proven and effective solutions for protecting customer are readily available and increasingly widely implemented:  multi-layered security solutions that incorporate verification via passive biometrics, without adding friction, by evaluating a consumer’s inherent behaviour online during the transaction process.  This field-proven approach lets the company confirm that a consumer is legitimate or a would-be fraudster before loss to the company can occur, even if the correct data – perhaps stolen – was used.  And it also prevents the company’s reliance on the sort of personally identifiable customer data that’s once again been leaked.  Ultimately, the shift to more advanced multi-layered solutions will, over time, render stolen information valueless to cybercriminals, as passive biometric verification defies use by third parties.”

Travis Smith, Principal Security Researcher at Tripwire:

“A company can spend millions on the latest and greatest security technologies and have the most impenetrable defenses known to man. But when you leave the front door open, none of that will matter.

“Unfortunately, the general public has breach fatigue. It seems like every day there’s another story about a different hack and a different breach of privacy. The reality is that most people will be outraged about this today, but next week they won’t even remember that it happened. Even if there was some sort of litigation, those who were affected can really only count on adding another year of free credit monitoring.

“While this is personally identifiable information, the sad fact is that the only real new piece of information attackers have now is that you like sandwiches. They can correlate that with your healthcare records, credit score, and social media profile to get a more accurate picture of who the real you is.”

Terry Ray, CTO at Imperva:

“It’s never a good day for companies when there is a proven data breach or data made available long-term, as the Federal Trade Commission can easily get involved and ask simple questions to which you don’t have complete answers.

“Was personal and credit card data exposed to the internet? Was any of it taken? How much data was stolen? Where did it go?  When was it taken?

“Law enforcement will need to find proof that data was stolen before levying fines or requiring identity theft protection for consumers, but past situations have shown that the FTC doesn’t have to find every record on the web, they just have to find some, then it’s up to the victim company to prove how many records were taken.  Also, I expect PCI regulators will question any PCI audits done since August looking for passes on application security, code review and code correction.

“Panera appears to have had an application security practice in place, so any investigation will likely spend time understanding what Panera monitored of normal versus abnormal activity, did they have a regularly scheduled security assessment run against their public websites, and did they correct poor coding practices once found.

“It seems at a minimum, they failed to either believe and test the first finding of this breach in August and quickly rectified the issue once it went public here in April.  They certainly appear capable of fixing the issue as they did quickly today, so why didn’t it happen in August when they were first alerted.”

Willy Leichter, Vice President of Marketing at Virsec:

“As Yogi Berra said, “this feels like déjà vu all over again.” Once again we see a large organization not taking security seriously enough, not reacting immediately when notified of a possible leak, and not promptly notifying customers that there data was exposed. Ongoing events like this will only heighten calls for a national standard on breach notification laws.”

The ISBuzz Post: This Post Panera Bread Website Leaks appeared first on Information Security Buzz.

Cyber Criminals Prefer Targeting Microsoft Security Flaws Over Adobe

The ISBuzz Post: This Post Cyber Criminals Prefer Targeting Microsoft Security Flaws Over Adobe appeared first on Information Security Buzz.

A new report by Recorded Future has found in the latest annual report “The Top 10 Vulnerabilities Used by Cyber-criminals”, criminal exploit kits and phishing campaigns favoured Microsoft products in 2017, with seven of the top 10 vulnerabilities exploited by phishing attacks and exploit kits utilising Microsoft products.

Javvad Malik, Security Advocate at AlienVault: 

Javvad MalikFrom OTX, we observed similar trends with Microsoft Windows and Office being the most popular to exploit. Microsoft have exceptionally mature processes to prevent exploits. However, due to their software’s ubiquity, once an exploit does slip through and is discovered, it is used heavily.

The below table shows exploits in order of the number of times they have been referenced in vendor reports on OTX. (taken from a dataset of approximately 80 vendor reports from 2017).

CVE-2012-0158 comes in as the third most referenced vulnerability. Sophos described the exploit as “arguably one of the most exploited vulnerabilities of the last decade” – and it continues to be extremely popular despite being 5 years old. This isn’t a new phenomenon. Kaspersky reported that the Stuxnet vulnerability CVE-2010-2568 from 2010 was the exploit most seen by their users in 2015.

To protect against vulnerabilities being exploited, enterprises need to understand which vulnerabilities are the most important to patch quickly, and which ones are being actively exploited in the wild. Using this information, enterprises should prioritise which systems to patch, and what to look out for in threat detection controls. Using a product like Open Threat Exchange (OTX) can help enterprises answer both these questions and protect themselves better.

The ISBuzz Post: This Post Cyber Criminals Prefer Targeting Microsoft Security Flaws Over Adobe appeared first on Information Security Buzz.

WannaCry Ransomware

The ISBuzz Post: This Post WannaCry Ransomware appeared first on Information Security Buzz.

In a baffling turn of events, computers at Boeing have allegedly been infected with the WannaCry Ransomware. According to the Seattle Times, a memo was sent out by a Boeing employee that states that systems have been affected and that there were concerns the ransomware would “spread to airplane software”. Dan Matthews, Director of Engineering at Lastline commented below.

Dan Matthews, Director of Engineering at Lastline:

“The WannaCry core codebase has not changed, to the best of our knowledge. We continue to see outbreaks because of the built-in worm (self-propagation) behavior which the EternalBlue exploit allowed the malware creators to include. For comparison, Lastline continues to see a small number of variants of the Conficker worm from 2008-2009 across our customer base each month. This worm exploited the MS08-067 vulnerability, which also attacked the Microsoft SMB protocol.

Many vendors and security professionals published WannaCry prevention and remediation suggestions when the outbreak first appeared- these strategies are still valid, but can be difficult and risky to deploy in complex manufacturing environments such as Boeing’s. Healthcare environments are also particularly susceptible to malware worm infestations for similar reasons.

We are confident that, like Conficker, we will continue to see periodic WannaCry outbreaks because of its in-built worm spreading functions and a lack of consistent patching.”

The ISBuzz Post: This Post WannaCry Ransomware appeared first on Information Security Buzz.

Dark Web Price Index For Hacked Accounts

The ISBuzz Post: This Post Dark Web Price Index For Hacked Accounts appeared first on Information Security Buzz.

Cybersecurity experts with STEALTHbits, VASCO Data Security and NuData Security commented below on the recent Dark Web Market Price Index published by VPN ratings service Top10VPN.com’s consumer site “Privacy Central.” The index puts the price of a full online identity at $1,170, while hacked Uber, Airbnb and Netflix accounts go for $10 each, and hacked Grubhub, Walmart and Costco accounts go for between $5 and $10 each.

Ryan Wilk, Vice President of Customer Success at NuData Security: 

“Among all the personally identifiable information available on the web, the most valuable one is your complete online identity, as it includes data to access all your online accounts. It’s not surprising that each account, each type of data, or the whole package are sold online as if they were a pair of sneakers. Fraudsters work hard to get that information, and by reselling it, they are increasing its value, just like any other industry would do.”

“To fight this wave of exposed data, many forward-thinking retailers and other major organizations are adopting a multi-layered approach to verifying their users online – such as passive biometrics and behavioral analytics. This approach makes online accounts more secure as they can’t be accessed by bad actors, even if they present the right credentials.

Because these technologies don’t rely on static data, they are devaluing it and, ultimately, they can affect the value of stolen data on the dark market.”

“This approach to online verification that uses behavioral data signals to verify a user is allowing companies to avoid account takeover with stolen credentials and focus on their good customers.”

“This report is a good reminder of the importance of having a multi-layered security and also underscores that fraudsters are highly evolved and sophisticated criminal enterprises.”

David Vergara, Director – Security Product Marketing at VASCO Data Security:

“The key take-away from this report is that cybercriminals understand the business of monetizing stolen data along with the related level of effort and ROI. The level of sophistication is increasing rapidly. Phishing emails were once riddled with spelling errors and pop-ups that easily flagged them as un-professional and suspicious; This is no longer the case as even security aware individuals are falling prey to more “polished” schemes. Also, the volume of breached data, and number of individuals effected, means individuals should assume their personal information is exposed and proactively check credit reports and, for the strongest defensive measure, freeze credit with all the major credit bureaus. Lastly, consumers should take advantage of multi-factor authentication security when available and businesses should prioritize efforts to deploy this strong security.”

Jonathan Sander, CTO at STEALTHbits Technologies:

“People are often scared of bad guys getting their credit card numbers. The truth is that a small bit of awareness can protect you from nearly any credit card fraud. Most of the risk is actually on your credit card provider – as long as you monitor your bills and raise your hand when there is suspicious activity. If you use one of the higher end cards, they will do that for you. And you can also hook your credit cards up to services like Apple, Google, or Samsung payments and get alerts for each charge to ensure you see something off color right away.

“The bigger risk in these data black markets is the deadly combination of leaked passwords and lazy users. If someone gets your email password from a black market and you have never changed it, then they can use that “forgot your password” link on the credit card website to take over your account without ever paying a dime for your credit card number. Same for your bank account, Netflix, and just about everything else you use online that’s linked to your email. The bad guys who are really dangerous know that. Luckily, bad guys are about as lazy as the average person – because they are just people, too.”

The ISBuzz Post: This Post Dark Web Price Index For Hacked Accounts appeared first on Information Security Buzz.

US Proposal For Social Media

The ISBuzz Post: This Post US Proposal For Social Media appeared first on Information Security Buzz.

It has been reported that The State Department is proposing that all US visa applicants need to disclose their social media handles to the US government. It proposes that nearly every individual applying for a US visa be required to hand over any social media handles used on certain platforms in the past five years, as well as submit any telephone numbers and email addresses used during that same time period. Evgeny Chereshnev, CEO and Founder at Biolink.Tech commented below.

Evgeny Chereshnev, CEO and Founder at Biolink.Tech:

“An attempt to get access to social networks for visa purposes is insanely wrong, and is a clear step to a police state – think ‘1984’ by George Orwell. When the Government tries to access and control the past and present of certain people, they would also be able to control and forecast someone’s future. This is unconstitutional, inhuman, and is a total violation of human privacy and freedom.

When US citizens are providing data to their government using an American social network such as Facebook, this would be considered a domicile affair. However, a vast amount of social media users are foreign citizens, which means they have to follow their own local laws, such as the imminent GDPR in Europe. Other countries, such as Singapore, Israel, Japan, Russia and China also have their own laws, so when the United States requires private information from foreign citizens, it’s technically illegal as it is a violation of home policies from most countries.

Then you have countries like China and Russia, which have their own huge social networks. Citizens of these countries could potentially be required to share their details of those too. This proposal is a direct violation of international legislation and local data management laws, such as GDPR. Legally, a country can’t get access to this data as it doesn’t belong to their citizens.

What happens to those people who don’t use social media? They are being put in a position where they have to explain themselves to the Government, but why should they have to? It is their human right to choose to not have a digital trail. Some people are just very private, prefer paper books to digital ones, paying by cash etc. In this new proposal, they could automatically be considered a terrorist.

Terrorism is an absolutely awful thing, but it is not the problem here; it’s being used as an excuse. More people are killed in car accidents each year than in terrorist attacks, so the Government is using an excuse that, whilst truly bad at its core, few people would object to.

This is not just about people having to share their social media history; it’s giving the Government a set of tools to manipulate your behaviour.”

The ISBuzz Post: This Post US Proposal For Social Media appeared first on Information Security Buzz.

1/4 Of DDoS Attacks Hit Unintended Victims

The ISBuzz Post: This Post 1/4 Of DDoS Attacks Hit Unintended Victims appeared first on Information Security Buzz.

In response to today’s Kaspersky Labs’ research summary No Room for Cyber-Complacency: a Quarter of DDoS Attacks Claim Unintended Victims”, a cybersecurity expert with Corero Network Security, leaders in real-time, high-performance DDoS defense solutions commented below.

Andrew Lloyd, President at Corero Network Security:

“Naturally, we agree with Kaspersky’s recommendation that organizations invest in DDoS protection. However, in order for someone to ascertain that their organization is an unintended victim of an attack, they would need to know who the attacker was and – more tellingly – who had paid them to execute it.  Victims are often unlikely to know either identity.

“Since research indicates that targeted DDoS attacks are seldom executed for fun, this raises the question: why would an attacker invest the resources to knowingly attack the wrong target?”

The ISBuzz Post: This Post 1/4 Of DDoS Attacks Hit Unintended Victims appeared first on Information Security Buzz.

2018 Cloud Security Report Released Today

The ISBuzz Post: This Post 2018 Cloud Security Report Released Today appeared first on Information Security Buzz.

Crowd Research Partners today released the 2018 Cloud Security Report which includes the following takeaways:

  • Cloud Security Issues-The top three security control challenges security operations centers (SOCs) are struggling with are visibility into infrastructure security (43%), compliance (38%),and setting consistent security policies across cloud and on-premises environments (35%).
  • Effective cloud security solutions – Encryption of data at rest (64%) and data in motion (54%) tops the list of the most effective cloud security technologies, followed by Security Information and Event Management (SIEM) platforms (52%).
  • Biggest security threats – Misconfiguration of cloud platforms jumped to the number one spot in this year’s survey as the single biggest threat to cloud security (62%). This is followed by unauthorized access through misuse of employee credentials and improper access controls (55%), and insecure interfaces / APIs (50%).

According to Anthony James, Chief Marketing Officer at CipherCloud (San Jose, CA), a leader in data protection and cloud security:  


Biggest Threats to Cloud Security.

“Misconfiguration of cloud platforms, misuse of employee credentials, improper access controls and insecure interfaces (APIs) are known and visible issues. This is a problem if you use any major cloud provider such as Amazon, Google or Microsoft Azure. We saw this very recently with both the Walmart and the Fedex data exposure which in both cases was based on misconfiguration. These problems can be solved by using comprehensive encryption, which is a basic tool for cloud security. If the exposed data was encrypted, it would be effectively useless to potential cyberthieves and cyberattackers. Despite the known fact that end-to-end encryption can solve these problems, many commercial enterprises and governments still fail to use it.”

Effective Cloud Solutions

“Data is every company’s biggest asset, and of course the primary target of cyber-attackers. As businesses embrace cloud services, it becomes extremely important to secure access to these cloud services. The core issue, like any security approach, is that when tools and procedures break down, the data becomes vulnerable. For this reason it is of paramount importance that this data is secured and protected independent of the additional security controls offered by cloud providers.

Historically, encryption technology has proven to be absolutely the single most effective method that can be used to provide absolute data protection. With new emerging solutions, the ability to encrypt data before it is delivered to cloud services, is not only available, but completely transparent to the users, making it a no-brainer. This is part of a strategy that ties in with a Zero Trust model that must be embraced when utilizing cloud services. In 2009 Forrester Research coined the word Zero Trust to describe a strategy whereby no access to the network is to be trusted until thoroughly verified. Trust none – verify all. Not only must data be secured at rest, but it should be secured in flight and until the last possible moment in use, which transparent encryption solutions can provide. No indirect access through the network should be able to access application data.”

Cloud Security Concerns – Compliance.

“We agree that cloud security concerns are on the upswing with cybersecurity professionals. We speak both with cybersecurity professionals and the top levels of IT, cybersecurity and corporate management. For corporate management, compliance is also a top-of-mind issue for both cloud and on-premise based data. For example, the impact of the European Community’s GDPR to multinational corporations is absolutely massive. Many corporations are not in compliance at this time as the May 25th deadline looms large. Compliance challenges include custom applications developed by these multinationals for their own use, as well as vendor-provided, cloud-based applications which they use.

Most cloud-based application software vendors are telling their clients to put an instance of their application in every country – this reduces the functionality available for top-level reporting and management. It also likely increases cost and administrative overhead. By reducing the span of accessible summary data within the application, you reduce the function and utility of the application. Further, this solution doesn’t work for compliance in many instances unless the encryption keys are held by the customer, which, many of these vendors cannot accommodate. ”

The ISBuzz Post: This Post 2018 Cloud Security Report Released Today appeared first on Information Security Buzz.

150 Million Affected By Under Armour Data Breach

The ISBuzz Post: This Post 150 Million Affected By Under Armour Data Breach appeared first on Information Security Buzz.

In response to the news that Fitness Brand Under Armour has suffered a massive data breach affecting 150 million users, IT security experts commented below.

Terry Ray, CTO at Imperva:

“Most consumers are becoming a bit desensitized to data breaches, which have become common enough to barely make the news.  And if one breach makes news, there are ten that don’t.  In this case, it’s good that Under Armour detected the breach at all.  Many companies fail this first most important step.  Secondly, they at least used bcrypt for the passwords which is considerably more compute intensive than sha-1.  Unfortunately, using only sha-1 for usernames and email addresses is a problem.  For one, there are billions of already decrypted sha-1 hashes freely available on the web and cracking a new one doesn’t take too much effort.  This is why Under Armour took the appropriate steps to instruct users to change their passwords both on their site as well as any other site that uses those same usernames or email addresses.

I couldn’t agree more with the need for these users to change their passwords to something difficult to crack.  There are plenty of resources online that will help you create an effective password.   Anytime a leak of usernames or email addresses is made available, the anti-fraud technologies monitoring for fraudulent and failed logins see major activity spikes with large numbers of login attempts using known passwords and large password dictionaries.”

Evgeny Chereshnev, CEO and Founder at Biolink.Tech:

“150 million hacked accounts is hugely significant, especially because most users use the same pairs of logins and passwords across multiple sites. Hackers will break the weakest point; in this case a fitness tracker database, and they can use this information to access users’ emails, social networks and more.

When users are notified about changing passwords following a breach, more often than not they do so in a predictable way such as adding a 1 or a ! at the end, but these algorithms are known by hackers.They use machine learning and AI too – it’s not like that’s only available to the good guys, right?

Hackers can also match these stolen email addresses and passwords to other known databases of stolen credit card numbers, social security numbers, behavioural data bought from brokers etc. With this aggregated data, hackers can build up a pretty detailed profile of a user.

If these hackers were able to match these stolen login credentials to the users’ actual fitness data, just imagine what could happen. Having this level of data would allow hackers to know that Mr Smith has a very specific and predictable pattern of behaviour. Fitness trackers don’t only track calories and the number of steps a person walks in a day; it also knows where people are and at what time. For hackers wanting to specifically target a certain person, this data is a gold mine.”

Lisa Baergen, APR, MCC, Marketing Director at NuData Security:

“The re-use of passwords in situations like this may seem like short lapse in judgment, but this data that aligns names and email addresses with passwords is a potential disaster for anyone who reuses their passwords across multiple sites and accounts.

“On the other side, to combat online fraudulent transactions after the account data has been stolen, businesses offering services in the card-not-present (CNP) channel need to identify customers using multi-layered technologies that include passive biometrics. This technology monitors the user’s inherent behavior, making it impossible for hackers to replicate or steal. Leveraging a fully integrated multi-layered security approach that includes passive biometrics is an effective way to make stolen information valueless to the hacker and help stop fraud.”

“For now, anyone who thinks they may have reused their MyFitnessPal password on other sites needs to change each account password and track all account activity carefully.”

The ISBuzz Post: This Post 150 Million Affected By Under Armour Data Breach appeared first on Information Security Buzz.

Msoft Meltdown Patch & New Vulns

The ISBuzz Post: This Post Msoft Meltdown Patch & New Vulns appeared first on Information Security Buzz.

In response to reports that Microsoft’s meltdown patch has opened a new set of vulnerabilities, a cybersec expert with Juniper Networks offers perspective. Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks commented below.

Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks:

“The rush to quickly close vulnerabilities is often a treacherous path that can cause undesirable side-effects. The urgency is to respond to known issues in a timely manner. It is not unheard of that some new glitches are introduced with fixes. The good news in this case is that Microsoft has quickly fixed this issue and that any system up-to-date with March patches is no longer vulnerable.”

The ISBuzz Post: This Post Msoft Meltdown Patch & New Vulns appeared first on Information Security Buzz.

Beastiality Website Leaked Online

The ISBuzz Post: This Post Beastiality Website Leaked Online appeared first on Information Security Buzz.

Following the latest news that the private details of over 3,000 users of a bestiality website have been leaked online, David Emm, Principal Security Researcher at Kaspersky Lab commented below.

David Emm, Principal Security Researcher at Kaspersky Lab:

“The news that the private details of over 3,000 users of a bestiality website have been leaked online highlights the need for all companies to enact security measures to prevent cyberattacks and therefore protect their customers’ personal data. Users that are entrusting private information into the care of a website should be safe in the knowledge it is kept in a secure manner and all companies who handle private data have a duty to ensure it.

Any security breach resulting in a leakage of private data is equally bad – no matter if the website is considered unethical. What is important is that any online provider – whether or not their activity can be considered embarrassing – has a duty of care to its customers and understands that any data of any sort is valuable to cybercriminals. Thus, providers should take all measures possible in order to safeguard the personal details they hold. These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure. The best way to combat these types of cyberattacks is at the beginning; by having an effective cybersecurity strategy in place before the company becomes a target.”

The ISBuzz Post: This Post Beastiality Website Leaked Online appeared first on Information Security Buzz.

Northern Ireland Assembly

The ISBuzz Post: This Post Northern Ireland Assembly appeared first on Information Security Buzz.

It has been reported that the Northern Ireland Assembly has issued warnings to staff following cyber attacks on its IT system. External hackers e attempted to access staff email accounts by brute-forcing passwords. IT security experts commented below.

Richard Walters, Cheif Security Strategist at CensorNet:

“This attack shows that it doesn’t matter who people are or where they work, basic cyber security practices are still being ignored. For years now, the advice has been: don’t reuse passwords across different sites and regularly change those passwords, yet for some reason, it isn’t sinking in. Even after a similar attack on the UK Parliament last year, the Northern Ireland Assembly and its staff clearly haven’t heeded the warnings.

“Given most people cannot be trusted to undertake basic security hygiene practices themselves, organisations – whether public or private – need to take steps to make them. If the Northern Ireland Assembly had, for example, had multi-factor authentication in place then it could rest easy that, even if a hacker did try and get in, they would have an impossible task accessing any information.”

Tony Pepper, CEO at Egress:

Tony Pepper“This attack against the Northern Ireland Assembly comes less than a year after a very similar attack on the Houses of Parliament. Both attacks have targeted email systems, trying to take advantage staffs’ weak passwords to gain access to sensitive information contained in mailboxes. Cyber criminals come back to this type of attack time and time again because human error is always the greatest area of weakness when it comes to cybersecurity.

“In this attack, and countless others, hackers were banking on poor security practices to help them through the door, such as weak or re-used passwords,and urging staff to update their credentials is simply not enough. Organisations, public or otherwise, need to put technologies and procedures in place to reduce the impact of human error. Should hackers find a weakness, organisations need to be confident that they can’t access the sensitive information that is shared via, and therefore stored in, email systems. For example, encryption that secures email content at rest is one way to protect critical assets should the worst happen and a hacker gain access. Good security should work with staff,accepting their behaviour will be unpredictable and helping them to be productive while making sure they are not letting cyber criminals access sensitive content, and in this case potentially putting the public at risk.”

The ISBuzz Post: This Post Northern Ireland Assembly appeared first on Information Security Buzz.

TalkTalk Urged To Improve Security

The ISBuzz Post: This Post TalkTalk Urged To Improve Security appeared first on Information Security Buzz.

It has been reported today that TalkTalk has been urged to improve its security after a researcher found a “Cross Site Scripting” error allowing him to take control of a convincing looking “talktalk.co.uk” URL, which meant he could potentially trick any of the company’s webmail customers into thinking they were accessing an official TalkTalk website.

TalkTalk was apparently told about the flaw in March 2016 through a bug bounty program, however they only fixed it this week. In response to this piece of news, IT security experts commented below.

Ondrej Kubovic, Security Awareness Specialist at ESET:

“With the growing complexity of IT environments, the number of vulnerabilities that could be found and possibly misused by attackers, is growing every day.

This can make it increasingly difficult for IT teams to address all vulnerabilities immediately. With that said, it should be a top priority to patch known major vulnerabilities as soon as possible, especially if they affect public-facing company assets.

Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies:

“Cross site scripting is a very serious vulnerability but what is more worrying is the response from TalkTalk. They have a duty of responsibility to their customer that is not only a corporate responsibility but is also mandated by regulation and legislation. Unfortunately this response, or lack there of, is much too common, which is why public disclosure is sometimes necessary. Security researchers responsibly disclosing flaws may actually put enough pressure on the company affected to close the vulnerability, thus protecting the public.”

Brooks Wallace, Managing Director EMEA at Trusted Knight:

“This is a relatively standard phishing exercise and, as is always advised, consumers need to be vigilant when logging into websites. TalkTalk might be of the belief that the risk presented to customers from the fake website was low, but the opposite is true. Any customer could easily have mistaken this site for the real one, entered their log-in details and then have them hoovered-up by the hacker to use on the real version. On top of that, people have a habit of using the same username and password across multiple sites, so the hackers could then have gone on to brute-force multiple sites.

“A fake website popping up is not necessarily the fault of a brand, but getting rid of it is their responsibility. A lot of businesses get caught out by security 101 issues and, despite the very public consequences, many are clearly still struggling with basic cybersecurity practices.”

The ISBuzz Post: This Post TalkTalk Urged To Improve Security appeared first on Information Security Buzz.

Cyberattacks Now #1 Threat To Swiss Banks

The ISBuzz Post: This Post Cyberattacks Now #1 Threat To Swiss Banks appeared first on Information Security Buzz.

It has been reported that cyber-attacks pose the biggest threat to the Swiss financial system with risks from hacking incursions on the rise, watchdog FINMA warned on Tuesday, calling on Switzerland to step up its national defences against the menace. FINMA said on the whole Swiss banks seemed aware of the risks and were well equipped to deal with them, citing banks’ ability to repel around 100 attacks a day from “Retefe” malware attacks on ebanking systems. But as a country Switzerland was lagging behind others with major financial hubs that have set up cybersecurity competence centres or imposed system-wide tests of hackers’ ability to penetrate banking systems, Mark James, Security Specialist at ESET commented below.

Mark James, Security Specialist at ESET: 

“Banks and their customers are under continuous attack from cybercriminals because cybercrime is motivated by money and a successful attack against a bank is essentially almost like hitting the ‘cybercrime jackpot’.

To protect against these attacks, banks should deploy security with multiple protective layers over their systems, and ensure operating systems and all other software are kept fully up to date and patched. Education into the current attack techniques is also critical  as it allows bank employees as well as customers to understand the danger signs and attackable areas so they can identify when something suspicious appears.

The tools being used by cybercriminals are expanding each and every day, but our knowledge and learning has also increased. Both enterprises and governments can learn and adapt information from the security companies and professionals in the cybersecurity industry to form a good strong layer of defence against those who choose to use software as a malicious tool.”

The ISBuzz Post: This Post Cyberattacks Now #1 Threat To Swiss Banks appeared first on Information Security Buzz.

Sanny Malware

The ISBuzz Post: This Post Sanny Malware appeared first on Information Security Buzz.

It is being reported that the group behind the Sanny malware attacks have made significant changes to the way it delivers their payload. Findings by security researchers has uncovered that the attackers have upgraded their delivery techniques when it comes to planting malware on systems via document attachments sent as part of spam and phishing campaigns.

The attackers, believed to be based in Korea, have targeted English and Russian-language diplomatic victims around the world since 2012. According FireEye’s report, written by researchers Sudeep Singh and Yijie Sui, the attacks are using both rigged Cyrillic and English-language Word files. The malicious file contains an embedded macro that, when enabled, triggers an infection chain that ultimately delivers to the Sanny malware payload. Travis Smith, Principal Security Researcher at Tripwire commented below.

Travis Smith, Principal Security Researcher at Tripwire:

“While the authors behind the malware are changing their tactics, the techniques they are leveraging are not novel compared to other pervasive malware. Unsolicited word documents containing macros have been used for a while, and something that every internet user should be trained to be wary of. By making the malware multi stage, endpoint security tools may have a more difficult time identifying it as malware. However, from a detection standpoint the attack is incredible noisy If the attack occurs on the company network. The amount of new files added to the OS in addition to rogue FTP outbound traffic can be a red flag in environments which have established baselines for their network.

Even though this specific attack is targeted, the general population has nothing new to be concerned about. The same recommendations about safe browsing habits still apply to keep yourself safe.”

The ISBuzz Post: This Post Sanny Malware appeared first on Information Security Buzz.

Attack Campaigns

The ISBuzz Post: This Post Attack Campaigns appeared first on Information Security Buzz.

In response to a recent report from Recorded Future, which revealed that seven of the top 10 vulnerabilities of 2017 exploited by phishing attacks and exploit kits utilised Microsoft products, Bill Lummis, Technical Program Manager at HackerOne commented below.

Bill Lummis, Technical Program Manager at HackerOne:

“The report shows that you can’t be narrowly focusing on just one exploit or just one attack vector. The best thing security administrators can be doing is improving their patch management processes for the software their users need to have installed, and removing the software they don’t need. The crimeware groups aren’t going to pick up their ball and go home just because one piece of software becomes harder to attack, so it’s important to think of the issue in terms of security best practices, rather than focusing too narrowly on specific avenues of exploitation.

What’s important is training employees to try and take security into their own hands, since they’re on the front line. Security experts in the modern enterprise have to constantly be learning, and staying on top of the news.”

The ISBuzz Post: This Post Attack Campaigns appeared first on Information Security Buzz.

500,000 People Downloaded Malicious QR Code Apps From Google Play

The ISBuzz Post: This Post 500,000 People Downloaded Malicious QR Code Apps From Google Play appeared first on Information Security Buzz.

In response to the news that researchers have found that cybercriminals have distributed malware to hundreds of thousands of Android users by hiding it inside a series of apparently harmless apps on Google Play, Ondrej Kubovic, Security Awareness Specialist at ESET commented below.

Ondrej Kubovic, Security Awareness Specialist at ESET:

“The relatively large number of installs could be caused with the promised functionality, as QR scanners are popular and frequently used apps. The delayed activation of malicious activity could have also contributed to attackers’ ability to sneak their “product” into the official Google Play store.

What to do? First, users should remove the infected apps from their device. Users are also recommended to install a reliable security software, scan their device and remove any remaining malicious code. To keep their Android device protected in the future, we would also recommend them to keep the device’s operating system and apps up-to-date and also read reviews before installing a new app (mostly the negative ones, as the positive ones might be fabricated by the attacker).”

The ISBuzz Post: This Post 500,000 People Downloaded Malicious QR Code Apps From Google Play appeared first on Information Security Buzz.

GoScanSSH Malware

The ISBuzz Post: This Post GoScanSSH Malware appeared first on Information Security Buzz.

Security experts have discovered a new strain of malware that targets vulnerable Linux-based systems and tries its best to avoid infecting devices on government and military networks. The name of this new strain is GoScanSSH, and its name is a tell-tale sign of its main features and capabilities — coded in Go, use of infected hosts to scan for new ones, and the SSH port as the point of entry. Dan Matthews, Director of Engineering at Lastline commented below.

Dan Matthews, Director of Engineering at Lastline:

“It is difficult to fully get inside the head of attackers, but one theory could be that the attackers know that nation-states are resourced and have the political and networking connections to perform accurate attribution. This attack does not appear complex, although they have done two things which differ from recent commodity malware:

1) Written in Go, which is a efficient/cross-platform/modern/cool programming language

2) Added an IP address validation step prior to performing dictionary attacks against publicly reachable SSH servers.

The best thing any organization can do to protect against password reuse attacks is to enable some type of multi-factor authentication, particularly for services such as VPN’s, SSH servers and web/cloud-based email services which are reachable from the internet.”

The ISBuzz Post: This Post GoScanSSH Malware appeared first on Information Security Buzz.

Email Cyberattacks

The ISBuzz Post: This Post Email Cyberattacks appeared first on Information Security Buzz.

News is breaking regarding the results of the Cofense Phishing Response Trends Report, which suggests that over half of European companies are unprepared for email-based cyberattacks, despite 78 percent of IT professionals having dealt with a security incident originating from a deceptive email. This was significantly lower than the 66 percent in the US that had dealt with a similar incident. Tim Helming, Director of Product Management at DomainTools commented below.

Tim Helming, Director of Product Management at DomainTools:

“These findings from Cofense are worrying but not surprising. Phishing attacks, despite being among the most well-known cybersecurity attack vectors, are still consistently fooling companies and private individuals. This is typified by the news coming from the US last week regarding a phishing campaign on universities which was so effective it didn’t need to change tactics for 4 years. Phishing presents such a concern because it is the spark that ignites a long line of malicious activity, creating a pipeline of infected systems and accessible data for threat actors to leverage in further criminal campaigns. Companies across Europe and beyond need to engage with stringent educational campaigns around these issues across all levels of an organization.”

The ISBuzz Post: This Post Email Cyberattacks appeared first on Information Security Buzz.

Hacker Told To Pay £69000

The ISBuzz Post: This Post Hacker Told To Pay £69000 appeared first on Information Security Buzz.

In response to the news that the attacker behind the Titanium Stresser tool, which was used to carry out more than 1.7 million DDoS attacks on websites and gaming servers, will face a two-year jail sentence unless he repays £69,000, Terry Ray, CTO at Imperva commented below.

Terry Ray, CTO at Imperva:

“I see that criminal judgements seem to apply more reformative value to incarceration duration than they do to monetary reparations.  Of course, victim companies can certainly follow the criminal trial with a civil lawsuit where monetary reparations are the primary result.

Regardless, I think the real pain Mr. Mudd will face will be the jail sentence.  There are cases where judges have banned the use of computers and internet from offenders in some countries.  However, this does seem to be fairly light for running a for-profit business specifically designed to offer services to anyone wanting to purposely damage businesses.

A number of similar exploit services exist today, though most of them are run from countries where little is done to prevent them.  At least in the UK, the attacker was identified, tried and incarcerated.  Companies should know that solutions to prevent the behavior of Mr. Mudd’s attack platform have existed for years and if an organization’s web portal is important to them, they should consider implementing effective security, much like they do for front doors, windows, networks, laptops and the like.”

The ISBuzz Post: This Post Hacker Told To Pay £69000 appeared first on Information Security Buzz.

User Credentials Publicly

The ISBuzz Post: This Post User Credentials Publicly appeared first on Information Security Buzz.

In response to the  news story that thousands of etcd installs are leaking secret server keys online, Zohar Alon, the Co-Founder and CEO at Dome9 commented below.

Zohar Alon, Co-Founder and CEO at Dome9:

Zohar Alon“The case of the etcd database leak is particularly ironic, as it is a service used to store sensitive information like passwords and configuration settings, and its default configuration allows the data to be accessed without authentication. This is yet another unfortunate example of organizations not placing appropriate emphasis on the security of valuable assets. There were two levels of security failure here — one, no password protection for the service by default, and two, servers with ports exposed to the whole world when they should have been locked down. When using any software — including open source — administrators need to understand what the default settings are and take responsibility for locking them down. They should also adopt a closed-by-default posture to network security, locking down ports that do not need to be exposed.”

The ISBuzz Post: This Post User Credentials Publicly appeared first on Information Security Buzz.

U.S. Charges, Sanctions Iranians

The ISBuzz Post: This Post U.S. Charges, Sanctions Iranians appeared first on Information Security Buzz.

In response to reports that U.S. charges, sanctions Iranians for global cyber attacks on behalf of Tehran, a cyber security expert with Juniper Networks commented below.

Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:

“The recent US government action – to name Iranian state intelligence responsible for cyber attacks against US targets – continues the trend of state-sponsored cyber attack attribution. By applying sanctions quickly against the Iranian hacker network involved in this incident, the United States is signaling that any cyber attack against the country will have consequences. It is another recent example of the US both calling out malicious state-sponsored cyber behavior and taking action against it. However, the sanctions applied by the U.S. Treasury Department will have very limited effect on people without US-based assets or bank accounts.”

The ISBuzz Post: This Post U.S. Charges, Sanctions Iranians appeared first on Information Security Buzz.

Leader Of $1 Billion By Hacking Gang Arrested

The ISBuzz Post: This Post Leader Of $1 Billion By Hacking Gang Arrested appeared first on Information Security Buzz.

In response to the news that the leader of the ring behind the infamous Carbanak malware, which caused ATMs to spit out cash and caused more than 1 billion euros of losses, has been arrested in Spain, IT security experts commented below.

Mark James, Security Specialist at ESET:

“Without specifics it’s hard to say how the actual investigations work, but often in these cases it could be that the individual concerned either made an error or was lured into a scenario that enabled law enforcement to track his or her whereabouts.

Internet anonymity is not as easy as it’s made out to be, it’s virtually impossible to be completely transparent in the digital universe especially if you are getting the attention of organisations worldwide. You also need help, many of the techniques shown here require others to physically be at the locations. With the widespread use visual tracking around these days it’s extremely difficult to move without being filmed somewhere especially in public places.

It’s unlikely that the money will be returned, some may if it’s able to be traced or stashed somewhere. The gangs have been working for a long time and money obtained this way has a nasty habit of being used for nefarious purposes or used to fund further bad actors.”

Ilia Kolochenko, CEO at High-Tech Bridge:

“I would remain cautiously optimistic about the news for several reasons.

First of all, it’s not crystal clear how the law enforcement agencies managed to identify and apprehend this person. Unfortunately, this arrest may not lead to mass arrests. Many cybercriminals use various methods to cover their identity in a reliable and technically untraceable manner, even among each other, so even the best investigators may not find them. Other cybercriminals, however, start exposing themselves in a pretty stupid manner, for example, by purchasing conspicuous luxury cars, boasting out loud about their criminal business in bars and casinos. Many of these hackers were caught mainly because of their imprudence and, unfortunately, not thanks to the technical capacity of our law enforcement agencies.

This case is rather an isolated arrest so far – many professional cybercriminals enjoy impunity and continue their illicit activities. Law enforcement agencies need more financial support from governments to conduct their investigatory and prosecution activities with more effectiveness and stronger results.

Last, but not least, the remaining cyber gangs will likely take additional precautionary measures to hinder and impede any pending investigations against them.”

Kaspersky Lab welcomes recent law enforcement operation against Carbanak group

“The recent success in the fight against the Carbanak cybercriminal group is very good news for the whole industry and highlights how the exchange of information between countries is especially important  in countering cybercrime,” says Sergey Golovanov, Principal Security Researcher in the Global Research & Analysis Team, Kaspersky Lab.

Carbanak is an advanced persistent threat (APT)-like campaign, using targeted attack tools to hit financial institutions around the world for the main purpose of theft.

It was uncovered in 2015 by Kaspersky Lab together with INTERPOL, Europol and a number of other law enforcement authorities based on incident back to 2013. At the time, the group was using a range of tools, including a program called Carbanak. After the publication of Kaspersky Lab’s findings in 2015, the group adapted its tools and started to use Cobalt-strike malware as well as its servers’ names and infrastructure.

The group uses social engineering techniques, such as phishing emails with malicious attachments (for example Word documents with embedded exploits), to target employees in financial institutions of interest. Once a victim is infected, the attackers install a backdoor designed for espionage, data theft and remote management of the infected system, looking for financial transaction systems.

At the time of discovery, Kaspersky Lab researchers estimated that the Carbanak group had stolen up to a $1 billion. Since 2013, the group has hit more than 100 banks, e-payment systems and other financial organizations, in at least 30 countries in Europe, Asia, North and South America, and other regions, stealing more than billions of dollars from victims.

Based on the successful research into Carbanak, in 2016, Kaspersky Lab discovered two groups acting in a very similar way to Carbanak – Metel and GCMAN. They were attacking financial organizations using covert APT-style reconnaissance and customized malware, along with legitimate software and new, innovative schemes to cash out. Other actors have also implemented Carbanak-like techniques, tactics and procedures, for instance Lazarus and Silence.

Given the international scale of these actors’ activities, we believe that there are dozens of people involved in this cybercrime activity. Discovered artefacts in the malicious files and victims’ computers suggest that the creators of the Carbanak malware are Russian-speaking. Although, to perform cybercriminal activities in each country the group generally also looked for a native speaker.

The ISBuzz Post: This Post Leader Of $1 Billion By Hacking Gang Arrested appeared first on Information Security Buzz.

Government Launches Cybersecurity Export Strategy

The ISBuzz Post: This Post Government Launches Cybersecurity Export Strategy appeared first on Information Security Buzz.

The Government released a report today launching a new strategy to support the export of UK cybersecurity technologies/businesses. The strategy is designed to:

  • Promote the UK’s world-leading expertise and increase export growth in the security sector
  • Strengthen defence capabilities in the UK and allied countries
  • Support the ongoing work of the 2016 National Cyber Security Strategy
  • Improve collaboration between Government and industry

Andy Kays, CTO at Redscan: 

“It’s great to see the Government acknowledge the strength of the UK cybersecurity sector. Against a backdrop of ever-evolving threats, growing digital transformation and regulatory pressures, there has never been such global demand for effective cybersecurity products and services. UK companies are leading the way in innovation across the security industry and any initiate that helps to improve the visibility of our products and services on the international stage is certainly welcome.

“To effectively manage cybersecurity risk, all businesses are having to contend with more challenges than ever, such as the growing attack surface and need to quickly detect and respond to threats.

“In a fast-moving and complex environment, businesses need more help to understand and implement the best and most appropriate solutions available, as well as obtain optimal value from them. The UK is at the forefront of efforts to tackle cybercrime and our continued development of new products and services is vital to helping organisations around the world prevent, detect and respond to the latest threats.”

The ISBuzz Post: This Post Government Launches Cybersecurity Export Strategy appeared first on Information Security Buzz.

Data Breaches At Hospitals & Patient Deaths

The ISBuzz Post: This Post Data Breaches At Hospitals & Patient Deaths appeared first on Information Security Buzz.

The Wall Street Journal reported Friday that more than 2,100 patient deaths per year are linked to data breaches at hospitals, according to Dr. Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management. The findings, which were presented last week at a cyberrisk quantification conference hosted by Drexel University’s LeBow College of Business in Philadelphia, highlight the need for health-care organizations to invest in cybersecurity and improve their post-breach remediation efforts. They also illustrate how data breaches can compromise the performance of organizations, even if lives aren’t involved. Leon Lerman, Co-Founder and CEO at Cynerio commented below.

Leon Lerman, Co-Founder and CEO at Cynerio:

“One of the most important and immediate concerns to patient safety from cyber attacks are related to medical devices service disruption.

Many of these connected medical devices were not built with security in mind, typically running outdated and unpatched operating systems which are susceptible to everyday cyber attacks, which may cause service disruption and pose an immediate risk to patient safety.

After the attack, it’s difficult to get the devices back up and running as many of them require the assistance of the device manufacturer to restore operation, which increases the havoc.

We saw a vivid example to that during the WannaCry attack that affected operation room equipment which caused the cancellation of thousands of scheduled surgeries, including critical heart operations.”

The ISBuzz Post: This Post Data Breaches At Hospitals & Patient Deaths appeared first on Information Security Buzz.

City Of Atlanta Hit With Ransomware

The ISBuzz Post: This Post City Of Atlanta Hit With Ransomware appeared first on Information Security Buzz.

City of Atlanta has been hit by a ransomware attack, causing outages across internal and customer-facing applications. The cybercriminals are requesting a payment of $6,800 to unlock each computer or $51,000 for all of the needed keys. As of now, the city hasn’t paid and has assured citizens the systems will be restored soon. The FBI is currently investigating to find out who is responsible. You can view the tweet from the city here. IT security experts commented below.

Gijsbert Janssen Van Doorn, Technology Evangelist at Zerto:

“Without a data hostage, there is no ransom – that’s the technology mindset organizations, and city authorities such as Atlanta, need to adopt to protect themselves from ransomware. Prevention plans aren’t enough as attacks build in frequency and strength and are irreparable causing damage to brand reputation and increasing risk. Instead, organizations need to invest and create full IT resilience plans, including a disaster recovery infrastructure. Being able to easily and quickly recover data from mere seconds before it was lost or disrupted can save an organization time, money and many other types of damage.”

 Rob Tate, Security Researcher at WhiteHat Security:

“Ransomware is the new phishing attack. It’s a quick and easy win for bad guys that more than likely haven’t even breached your network. But the threat of bad press, reputation damage and fleeing customers is enough to incentivize companies to pay the ransom. This has caused a huge spike in ransomware threats. The bad guys aren’t dumb. They realize that there is this paranoia and fear, so it’s really easy to send an email saying ‘Send me 10 bitcoins/dollars or else,’ and inevitably, a few will actually cough up.

“Ransomware is just one specific attack scenario, and companies need to protect against ALL threats, not simply focus on a single issue. By performing a full vulnerability assessment and fixing the issues, you can protect your company from a far larger threat landscape. If 90 percent of your fence has already fallen over, what’s the use in trying to fix a hole in the 10 percent that’s left up? You need to protect against all threats, not one specific one.

“For the companies that are truly concerned about ransomware, in addition to vulnerability assessments, they can follow some easy industry best practices. Simply backing up your data and using up-to-date encryption will negate a lot of the risk of ransomware.”

The ISBuzz Post: This Post City Of Atlanta Hit With Ransomware appeared first on Information Security Buzz.

Iranian Hackers

The ISBuzz Post: This Post Iranian Hackers appeared first on Information Security Buzz.

Following the news that the US Justice Department announced charges against nine Iranians and an Iranian company for attempting to hack into hundreds of universities worldwide, dozens of companies and parts of the U.S. government, IT security experts commented below.

Gabriel Gumbs, Vice President at STEALTHbits Technologies:

“It is very difficult to quantify the frequency or impact of Nation State sponsored attacks, more importantly there is a lack of emphasis on the means by which these attacks are perpetrated. The consensus among security professionals is that passwords are a poor mechanism for securing data, and often when we hear about sophisticated attackers and their ability to penetrate systems and sensitive infrastructure the emphasis is placed on the attacker’s capabilities and less on the factors that allow skilled or unskilled attackers to be successful. A full eight percent of the targeted accounts had their credentials compromised – let’s not underestimate the attackers capabilities, however, let’s be clear that in all but a few cases, attackers prefer the path of least resistance and compromising credentials is still the preferred method.”

Sam Curry, CSO at Cybereason:

“Iran has committed a crime, and there’s a price to pay for that. This is a significant development for the government and other nation states should take notice that if you commit cyber crimes against the United States there is a price to pay for your actions. This is the first time our government has indicted a nation for being linked to the cyber intrusion of government offices, such as the Federal Energy Regulatory Commission and Department of Labor and that shouldn’t be overlooked.

“I expect the Iranian government to use a plausible deniability defense and claim that these rogue hacking groups aren’t affiliated with Tehran. Any nation state, Iran in this case, can say these were rogue groups, but when there is overwhelming proof, the circumstantial evidence can pile up. What’s also interesting about today’s indictments is that the 2015 nuclear deal struck between Iran, the US and six other countries lifted crippling economic sanctions in return for their disarmament of their nuclear weapon program. Many experts point toward this agreement as the main reason cyber attacks originating from Tehran have significantly diminished. But the DOJs announcement shows a nation that continued its hacking operations in the face of this agreement.

“When you are a “pariah nation” such as Iran you still have to keep information flowing because information is a lifeline. We now see that as a nation-state, Iran’s playbook is to ensure there is currency flowing and a flow of information. For the United States, this is a precedent in establishing the message on how we as a nation will deal with sanctions. We are a country who respects the rule of law, and with that, follow up matters.”

The ISBuzz Post: This Post Iranian Hackers appeared first on Information Security Buzz.

Election Cyber Security

The ISBuzz Post: This Post Election Cyber Security appeared first on Information Security Buzz.

The massive federal government spending bill unveiled includes $380 million to help safeguard U.S. voting systems from cyber attacks, in what would be Congress’ first concrete steps to bolster election security since the 2016 presidential campaign was marred by allegations of Russian meddling. Ilia Kolochenko, CEO at High-Tech Bridge commented below.

Ilia Kolochenko, CEO at High-Tech Bridge:

“The efforts to protect democracy are undoubtedly laudable. However, one should keep in mind that a direct attack on voting systems is highly difficult and very expensive, as it will require some local access to many different systems and devices. Moreover, if spotted, the election results will likely be immediately cancelled.

Therefore, fake news and manipulation of public opinion via social networks will probably dominate attacking techniques. It is almost impossible to reliably prevent such tactics without implementing unreasonable censure and interference with the constitutional freedom of speech. Probably some resources should be thus allocated to educational campaigns and awareness to enable voters to distinguish fake and true news.”

The ISBuzz Post: This Post Election Cyber Security appeared first on Information Security Buzz.

Atlanta Ransomware Attack

The ISBuzz Post: This Post Atlanta Ransomware Attack appeared first on Information Security Buzz.

As news broke today that the FBI is investigating a ransomware attack on the city of Atlanta that shut down city government systems, IT security experts commented below.

Israel Barak, Chief Information Security officer at Cybereason: 

If WannaCry, NotPetya and BadRabbit taught us anything in 2017 it is that ransomware attacks can have devastating effects on for profit organizations and consumers. Individually, the NotPetya attack cost organizations in access of $1.2 billion dollars. Globally, our estimates show that organizations and consumers paid more than $10 billion in ransoms in 2017.

While investigators explore the root cause of the ransomware attack in Atlanta, local and federal law enforcement agencies will piece together characteristics that show the tactics, techniques and procedures used to lock down many servers in Atlanta.

The best advice for organizations to prevent ransomware from victimizing their businesses is as follows:

  1. Maintain up to date backups of important files and regularly verify that the backups can be restored
  2. Refrain from downloading pirated software / paid software offered for ‘free.’
  3. Don’t download software from dubious sources.
  4. Don’t download key-gen / password cracking / license check removal software
  5. Don’t open email attachments from unknown / unexpected senders
  6. Deploy anti-malware and anti-ransomware tools

Sam Elliott, Director of Security Product Management at Atlanta-based Bomgar:

“Ransomware attacks are a reality for many businesses, and unfortunately, this instance is likely  not the last. However, there are steps organizations can take to protect themselves which includes adopting least privilege or zero trust security postures, implementing robust procedures for patching software and technologies against security vulnerabilities. Maintaining a regular patching routine closes potential holes in an organizations’ infrastructure, keeping attackers at bay. Infrastructure teams should also better segment their IT systems to prevent future malware from spreading laterally through connected networks, to prevent potential for extensive damage.”

Matt Walmsley, EMEA Director at Vectra:

“Ransomware spreads like wild fire, and is the most time critical of cyber threats. The ability to detect the pre-cursor behaviours if ransomware is the only way to get ahead of the attack. Unfortunately that’s almost impossible to do using traditional manual threat hunting techniques. That’s why forward thinking enterprises are increasingly using an automated approach, using AI powered threat detection. You need to detect and respond at machine speed.”

The ISBuzz Post: This Post Atlanta Ransomware Attack appeared first on Information Security Buzz.

Zuckerberg Apology

The ISBuzz Post: This Post Zuckerberg Apology appeared first on Information Security Buzz.

Facebook CEO, Mark Zuckerberg, has finally spoken up about the Cambridge Analytica debacle, telling CNN’s Laurie Segall “I’m really sorry that this happened.”

However, Evgeny Chereshnev thinks it’s too little, too late. Evgeny Chereshnev, CEO at Biolink.Tech commented below.

Evgeny Chereshnev, CEO at Biolink.Tech:

“The reputational damage done by Facebook to its customers and partners is irreversible. The attempt to shift the spotlight by literally pointing to another entity to blame is a decent PR attempt, but it’s a low blow and wrong from a moral and commercial perspective.

“It’s too little too late, because now everyone understands that Facebook is the problem. It’s not about a third party being able to acquire people’s data. It’s obvious that this is happening, and by many third parties that we’re not even aware of yet! But meddling with elections, referendums and messing with people’s minds is unacceptable. The real problem is the amount of power Facebook has on people and the amount of damage Facebook can have on free governments.”

The ISBuzz Post: This Post Zuckerberg Apology appeared first on Information Security Buzz.

Cryptojacking Campaign

The ISBuzz Post: This Post Cryptojacking Campaign appeared first on Information Security Buzz.

Researchers have discovered a cryptojacking campaign exploits an old vulnerability in Cacti’s Network Weathermap plug-in, an open source tool which is used by network administrators to visualize network activity. The vulnerability was disclosed in April 2013 and the patch has been available for almost five years, but attackers are still using it to help mine cryptocurrency in 2018. Patrick Bedwell, VP at Lastline commented below.

Patrick Bedwell, VP at Lastline:

“Threat actors target old vulnerabilities because patch deployment is a difficult and not very sexy aspect of security. Vendors issue patches, but they can’t force users to deploy them. Consequently, attacks target those old vulnerabilities because they know there are still vulnerable systems out there to compromise. In other words, they still target these old vulnerabilities because the attacks are still successful.

AlienVault posted a blog earlier this year showing that of the top 10 vulnerabilities cited in vendor reports its Open Threat Exchange (OTX) in 2017, 2 were from 2012, 1 from 2013 and 1 from 2014.

​​Deploying patches in a timely manner is essential to avoid being compromised by old vulnerabilities. A related issue is knowing what systems are on the network in the first place–often these unpatched systems are not on a current asset list, and are unknown by the IT team and therefore not patched. They could have been stood up in a test lab by an employee who’s no longer with the organization, or in a remote office where the IT team doesn’t have visibility. In any event, they’re on a network and vulnerable to attack.

So, asset inventory and patch management are two very basic but essential functions that can prevent organizations from being victimized by 5-year old vulnerabilities.”

The ISBuzz Post: This Post Cryptojacking Campaign appeared first on Information Security Buzz.

DDoS Attacks Are Just $10 An Hour On Dark Web

The ISBuzz Post: This Post DDoS Attacks Are Just $10 An Hour On Dark Web appeared first on Information Security Buzz.

Does a life of cybercrime really pay, as per Armor’s Black Market Report (released yesterday), exposing the hacker underground and detailing popular tools and services cybercriminals are peddling, as well as what types of data hold the most value. For three months, Armor’s Threat Resistance Unit (TRU) research team compiled and analyzed data from the black market to shed light on the type of activity threat actors are participating in and how underground forums operate in the burgeoning industry. Ilia Kolochenko, CEO at High-Tech Bridge commented below.

Ilia Kolochenko, CEO at
High-Tech Bridge:

“Unfortunately, there nothing substantially new in the report. A great wealth of Cybercrime-as-a-Service offerings have existed for a while already, let alone exploit, malware and stolen data markets that are more than fifteen years old.

Some additional technical details would also be helpful. For example, a WordPress exploit can easily cost a 5-figure amount depending on the vulnerability’s criticity, exploitability and its public status (i.e. if it’s a 0day or not). For $100, you will unlikely buy anything of decent quality but an SQL injection in an unpopular plugin.

Most of these publicly-traded goods and services are of a very lousy quality. Backdoors and trojans are usually based on the same engine, slightly modified or improved. Stolen data is a mix of several dumps from different data breaches or leaks. Many fraudsters sell overt fakes or garbage. While professional cybercriminals usually deal via private channels, established for many years and very well camouflaged on legitimate systems, beyond cybersecurity companies and law enforcement’s field of vision. With cryptocurrencies, money laundering problems virtually disappeared and cybercriminals may enjoy their growing wealth without fear.”

The ISBuzz Post: This Post DDoS Attacks Are Just $10 An Hour On Dark Web appeared first on Information Security Buzz.

Orbitz Hack Exposed Payment Cards

The ISBuzz Post: This Post Orbitz Hack Exposed Payment Cards appeared first on Information Security Buzz.

Responding to the disclosure by Orbitz that hackers may have gained access to 880,000 payment card numbers stored on a legacy system and used by members to used to book travel through the site and Orbitz partners, a STEALTHbits cybersecurity expert commented below.

Jonathan Sander, CTO at STEALTHbits Technologies:

“Orbitz and Expedia are companies born on the internet, but they are clearly not immune to the oldest IT flaws in security fundamentals. IT has been building new systems without ever killing off the old ones since the beginning of technology. Sometimes this is because those systems are business critical (looking at you mainframes). Sometimes it’s simple inertia that makes it hard to get rid of the older versions. There are many issues with keeping old versions of systems around, but security problems are always there. Security is hard, doing it twice because there are two versions of system is twice as hard, and human nature dictates the older version will get less attention from the staff defending against threats.”

The ISBuzz Post: This Post Orbitz Hack Exposed Payment Cards appeared first on Information Security Buzz.

Phishing Must Not Be Underestimated

The ISBuzz Post: This Post Phishing Must Not Be Underestimated appeared first on Information Security Buzz.

New research released today has illustrated the fact that Infosec executives view ransomware and DDoS attacks as the biggest security threat to their organisations. Eyal Benishti, CEO & Founder at IRONSCALES commented below.

Eyal Benishti, CEO & Founder at IRONSCALES: 

“It is surprising to see infosec executives seemingly discount phishing as one of, if not the biggest, security threats an organisation can face. Phishing attacks remain the most popular attack vectors for cybercriminals, and the proof of their success really is in the pudding with 90-95% of all successful cyberattacks in 2017 can be traced back to a phishing email. The reality is that ‘Phishing-as-a-Service’ kits are readily available for any novice hacker to purchase and, with spoofing and impersonation techniques becoming more sophisticated in their nature, malicious emails continue to bypass traditional gateway security, land in employees inbox’s, and subsequently leave organisations just one click away from what could be a cybersecurity nightmare. By disregarding phishing as a legitimate, pressing threat to organisations, executives are simply offering themselves and their employees out as an easy catch.”

The ISBuzz Post: This Post Phishing Must Not Be Underestimated appeared first on Information Security Buzz.

Overwhelm Security Operation Centers

The ISBuzz Post: This Post Overwhelm Security Operation Centers appeared first on Information Security Buzz.

Security Operation Centers face a flood of excessive alerts and are working with outdated metrics that are leading to alert fatigue for many security operation centers (SOC) according to a new study released by Fidelis Cybersecurity.* Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below.

Bob Noel, Director of Strategic Relationships and Marketing at Plixer:

“High volumes of false positives create significant risk to organizations. Analysts who are constantly investigating false alarms become desensitized to the urgency of each effort, losing focus and potentially missing real events. There are a few important directions the industry must take to improve the accuracy of alert notification. First, analysts must gain better context and insight through the integration of SIEM (syslog aggregation) and Network Traffic Analysis (NTA) platforms. When an alarm is generated, this allows the analyst to correlate log-driven alarms, with the associated network traffic to quickly assess alert validity. Security vendors are also doing a better job of providing richer APIs. This allows for cross platform integration so that analysts can more easily navigate and correlate data across otherwise disparate silos of security-related data (firewall, SIEM, NTA, vulnerability assessment, etc.). Finally, the rise of machine learning promises to offer a mechanism to reduce the number of alarms sent to analysts.”

The ISBuzz Post: This Post Overwhelm Security Operation Centers appeared first on Information Security Buzz.

Google Cloud Platform Security

The ISBuzz Post: This Post Google Cloud Platform Security appeared first on Information Security Buzz.

Following Google’s announcement today of new security features for the Google Cloud Platform, with the intent of giving businesses more control over their security environment, IT security experts commented below.

Anthony James, Chief Marketing Officer at CipherCloud:

“Cloud adoption is ramping rapidly and the adoption of cloud-based applications has entered the mainstream. Each cloud vendor has a variety of cloud controls, but this gets very complicated as enterprises scale their applications across multiple clouds.

As we saw very recently with the Amazon cloud breaches involving Walmart and then subsequently with Federal Express, your data may be exposed due to human error or other unforeseen factors using any vendor. It remains essential to deploy a single unified cloud security platform that can secure enterprise data using encryption. Using tools such as cloud access security brokers (also called cloud gateways) you can encrypt data within applications, and in the event of a breach of the data within Google, Amazon or Microsoft Azure your data will remain protected. These same capabilities are also part of the critical infrastructure larger enterprise needs to address challenging compliance regulations such as GDPR.”

Mark James, Security Specialist at ESET:

Should companies still use additional security, on top of what Google of offering, to protect against cyber threats?

“The fine art of cyber defence relies on multi-layered techniques designed to integrate and strengthen your security. Long gone are the days of a single magic bullet that will keep you safe from malicious intent. From my point of view anything that can be done by the “tech giants” to not only protect the individuals and their brands is a plus. If your able to add to your security to compliment what they are doing then “go for it”. As much as we like others to do all the hard work, we need to do what we can to protect our own data, over and above what’s provided by default.”

Do you think the move will encourage more tech giants to follow suit and offer additional security controls for their customers?

“Yes, well I hope so. In this competitive world companies will need to keep up. Offering something that protects or enhances the user experience will encourage more to take up those services, and even more so as we move towards GDPR and beyond. Having a choice of companies and services only enhances the users security and encourages other companies to keep up and develop and grow their own services they offer.”

Do you see this as a positive step from Google?

“Yes absolutely, the user needs all the help they can get and being able to utilise the expertise and knowledge of Google will only enhance their ability to protect their data, that has sadly become the modern day “gold at the end of the rainbow”.”

The ISBuzz Post: This Post Google Cloud Platform Security appeared first on Information Security Buzz.

Trickbot Adds Screenlocker- Will Ccryptojacking Be Next?

The ISBuzz Post: This Post Trickbot Adds Screenlocker- Will Ccryptojacking Be Next? appeared first on Information Security Buzz.

The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware’s operators might soon start holding victims for ransom if infected targets don’t appear to be e-banking users. The good news is that the screenlocker mechanism is not fully functional just yet, and appears to still be under development. Nonetheless, security researchers have spotted the new module dropped on victims’ computers, suggesting development is advanced enough to have reached field trials. Andy Norton, Director of Threat Intelligence at Lastline commented below.

Andy Norton, Director of Threat Intelligence at Lastline:

“If you’re going to the trouble of infecting a remote machine, you might as well try to monetise the infection in as many ways as possible.

We’ve seen this with Smoke Loader, and now TrickBot. In the same way that missiles have multiple warheads, TrickBot is adding payloads.

Probably its next warhead after it completes ransomware will be a cryptojacking payload.”

The ISBuzz Post: This Post Trickbot Adds Screenlocker- Will Ccryptojacking Be Next? appeared first on Information Security Buzz.

Chinese Hackers Building A Botnet

The ISBuzz Post: This Post Chinese Hackers Building A Botnet appeared first on Information Security Buzz.

Security researchers have discovered malware that could be assembling a botnet army composed of five million compromised Android devices. Researchers from cybersecurity firm Check Point said that the RottenSys malware was targeted at Android users through an app disguised as a WiFi service. It was originally used as malware to serve fraudulent ads on users’ displays. Sean Newman, Director at Corero Network security commented below.

Sean Newman, Director at Corero Network Security:

“Mobile malware is nothing new, so it was only matter of time before reports of mobile devices being compromised, en masse, and used for nefarious purposes on a potentially much larger scale, was to be expected.  Following on from the significant damage caused by DDoS attacks over the past two years by botnets consisting of up to several hundred thousand relatively low performance IoT devices, the prospect of millions of significantly more powerful smartphones launching attacks is not to be taken lightly.

“Service providers should be looking at real-time DDoS protection at the core of their mobile networks to protect all their users and services.   As they migrate to higher-bandwidth 5G mobile services, this issue will only become more acute and additional segmentation, from a security and DDoS perspective, should be considered, to avoid some parts of their networks attacking others.”

The ISBuzz Post: This Post Chinese Hackers Building A Botnet appeared first on Information Security Buzz.

82% Of Boards Concerned With Email Fraud

The ISBuzz Post: This Post 82% Of Boards Concerned With Email Fraud appeared first on Information Security Buzz.

In research released recently, Proofpoint revealed 82 percent of boards are concerned with email fraud and more than half (59%) consider it a top security risk—no longer just an IT issue. Yet almost a third (30%) of respondents cited a lack of executive support as a key challenge to email fraud protection deployment. Eyal Benishti, CEO & Founder at IRONSCALES commented below.

Eyal Benishti, CEO & Founder at IRONSCALES: 

“Perhaps the only thing surprising from this study is that people are being fired for falling for a bogus message delivered to their inbox. That’s akin to firing an engineer due to a power outage from a lightning strike! Could the outage have been prevented – probably. Could the lightning strike be stopped – no way. The same is true for employees filtering their emails. Should they realise a message is a scam, possibly. Could they take aversive action instead, probably. Are they negligent for clicking a message delivered to their inbox, certainly not.

“The sad reality is that organisations are failing to prevent malicious messages being delivered to end users with alarming frequency – and that is where culpability lies. We all know that traditional email security tools, that focus on the gateway, are inadequate to detect the legitimate from illegitimate emails that appear to originate from a trusted source. To then blame employees is not just unfair, but also immoral.

“Today’s sophisticated attacks nullify traditional email security – such as firewalls and secure email gateways (SEGs), which have not kept pace with the rapid advances in hacking and phishing strategies, including advanced persistent threats (APTs), business email compromise (BEC), ransomware, and other types of file-less attacks in which there is no malicious payload. Instead of continuing to do what we know doesn’t work, it’s time to change focus and move detection down to the inbox.

“Taking a bottom-up approach, using machine learning algorithms and deep scans in the mailbox itself, organisations can detect phishing attacks that make it through SEG’s. By examining user communications and meta data to establish a baseline, anomalies in communications are easily spotted and automatically flagged as suspicious, to help people make smarter and quick decisions regarding emails within the mailbox. This must be supported with a mechanism for employees that do spot something amiss in a message to report their findings via inmail alerts combined with the ability for the security team to remove confirmed malicious messages from mailboxes enterprise-wide. This stance not only gives employees the necessary intelligence to detect bogus messages, but helps all parties defend the organisation from the most prevalent attack vector.”

The ISBuzz Post: This Post 82% Of Boards Concerned With Email Fraud appeared first on Information Security Buzz.

Managing Data Governance Under GDPR

The ISBuzz Post: This Post Managing Data Governance Under GDPR appeared first on Information Security Buzz.

When I was young “identity theft” didn’t have a name, and was something that only happened in TV series re-runs of “Mission Impossible” or “The Man from U.N.C.L.E.” But it seems a lot has changed since these days, with the likes of Facebook and Google now potentially knowing more about us then our own family.

Today we need to be extra careful with our own personal information and the digital footprints we make. In the wrong hands it can unlock the doors to the many things we do online today; banking, shopping, subscriptions, the list goes on.

Thankfully most companies and Governments are doing their bit to keep our personal information safe as well as keeping us informed, if we care to listen. Did you know for example there is even a national “Data Protection Day” on 28th January, which raises awareness and promotes privacy and data protection best practices.

Far bigger than that this year however is the European General Data Protection Regulation (GDPR), which comes into effect on 25th May this year.

GDPR is a new regulation which will affect any organisation, regardless where they are based, that processes personal data from EU residents. It calls for greater transparency and increased accountability on these organisations and it is grabbing headlines as the regulation imposes large sanctions for those found to be in violation. With maximum fines of 4% of global revenue or 20 million euros (whichever is greater), it could even stop organisations from processing data altogether.

This new regulation will give enhanced rights to EU citizens allowing them to request what personal data is being stored about them and why. It will be an interesting time for many companies, particularly those looking to capitalise on the Internet of Things (IoT), who will really have to think about the personal data they have, what they need to process it and how long they need to keep it for.

GDPR will require an intricate understanding of the many disparate data sources inside and outside of an organisation, ensuring the correct policies and procedures, training and technology are all in place to protect, manage and monitor that data in the run up to 25th May and beyond.

Reputable and forward-thinking organisations will take an open and transparent approach to GDPR. In the analytics economy, leaders will be better data custodians, building the next level of trust, gaining the proper consent so that they can use the personal data they need to provide the product or service. And individuals will be open to share if they see value.

When it comes to our personal data at least things are changing, and they are changing for the better.

About Adam Mayer
Adam Mayer, Technical Product Marketing at Qlik

The ISBuzz Post: This Post Managing Data Governance Under GDPR appeared first on Information Security Buzz.

UK Police Forces spend £1.3 Million On Cybercrime Training

The ISBuzz Post: This Post UK Police Forces spend £1.3 Million On Cybercrime Training appeared first on Information Security Buzz.

In response to the news that UK police forces have spent £1.3 million on cybercrime training over the past three years, Laurie Mercer, Solutions Engineer at HackerOne commented below.

Laurie Mercer, Solutions Engineer at HackerOne:

“Legend has it that the reason why criminal Willie Sutton robbed banks was “because that’s where the money is.” Today it is not just our money that is accessed online, but our very identities. Given that we live in an age of digitization, it follows that criminals will become digital criminals. We all need to adapt to this new world. This is going to involve security awareness not only for executives and law enforcement officials but for all citizens.”

The ISBuzz Post: This Post UK Police Forces spend £1.3 Million On Cybercrime Training appeared first on Information Security Buzz.

Russia DDoS Election Interference Attack

The ISBuzz Post: This Post Russia DDoS Election Interference Attack appeared first on Information Security Buzz.

In response to reports of a DDoS attack launched to interfere with Russian elections, IT security experts commented below.

Sean Newman, Director of Product Management at Corero Network Security:

“Reports of DDoS attacks on the Russian, or any other government, elections come as no surprise. There’s no better time to make your point, whether it’s political, moral or otherwise, whichever side of the political fence you sit.  One thing you can say though is that it’s typically virtually impossible to determine the true source of the attack, as where the DDoS traffic emanates from is almost certainly not directly related to either the attacker, those who funded the attacks, or the geographical region they are located in.

“You’re not going to stop the sources of these attacks from trying to make their point, but you can protect the integrity of the systems being used for the democratic process.  The latest always-on real-time automated DDoS protection solutions can keep systems online, and available for citizens to access at all times during the voting process.”

Lee Munson, Security Researcher at Comparitech.com: 

“As everyone knows by now, all the cool kids get hit by cyberattacks and so, in an attempt to look hip, The People’s Republic of Russia has claimed its very own sob story in the form of a Distributed Denial of Service attack during its recent presidential procession.

“The fifteen alleged powerful nation state virtual combatants, which may have included England, Wales, Ireland and the rebel alliance north of Hadrian’s Wall, could well have been mustering the proposed retaliation for the recent Salisbury poisoning of someone no-one cared about, just a few short weeks ago.

“In fact, given how ineffective the cyber-attack was, I’m pretty sure the combined power of the UK must have been behind it, especially given all the fake news in the British press about how Putin would be re-elected before a single vote had been cast.

“Next week, I expect the same attackers to strike again, this time using puppet politicians to decry the encryption in messaging apps that allowed those nasty vodka-swilling Ruskies to influence the real democratic election across the pond that saw our American friends get exactly what they deserved.”

The ISBuzz Post: This Post Russia DDoS Election Interference Attack appeared first on Information Security Buzz.

New Fakebank Android Malware

The ISBuzz Post: This Post New Fakebank Android Malware appeared first on Information Security Buzz.

Late last week researchers at Symantec warned of a new variant of the Fakebank Android malware family that has an unusual twist. Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. IT security experts commented below.

Frederik Mennes,  Senior Manager for Market and Security Strategy at VASCO:

“Banks can protect themselves against “vishing” (voice phishing) attacks by educating users, for example explaining that they shouldn’t install apps from unofficial stores, and requesting they review app privileges. However this approach fails if the user makes a mistake. A stronger and better approach to protect against vishing consists of implementing transaction authentication, whereby the user must generate a valid dynamic authentication code in order to confirm a financial transaction. Fraudsters will have trouble convincing the user to generate and provide a valid authentication code or a fraudulent financial transaction, and hence will be stopped before doing any harm.”

Paul Bischoff, Privacy Advocate at Comparitech.com:

“The Fakebank Android malware could soon be a model adopted by malware makers in parts of the world outside South Korea. Even though the attack uses a fairly novel approach to scam users, Android owners can avoid it using the same best practices used to avoid any other type of malware. First, update Android to the latest stable version. The newest release, Oreo, prevents the caller ID from being spoofed by the malware. Avoid downloading apps and files from unknown sources. Don’t trust apps from third-party app stores, and be wary of links in web pages and emails. It’s also important to review and limit the permissions of apps you install, and install and run antivirus regularly.”

The ISBuzz Post: This Post New Fakebank Android Malware appeared first on Information Security Buzz.