now browsing by tag


#cybersecurity | #hackerspace | NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

Source: National Cyber Security – Produced By Gregory Evans

When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.

Related:Promise vs. pitfalls of IoT

For small- and mid-sized businesses, firewalls, antivirus suites and access management systems  represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well

Meanwhile, large enterprises pour tens of billions of dollars annually into next-gen firewalls, EDR, DLP and IDS technologies, each system generating a fire-hose of threat feeds, with all of this threat intel flooding, hour-by-hour, into SIEMs, UEBAs and other analytics platforms.

And yet, after a couple of decades of piling up layer upon layer of defenses, catastrophic breaches persist — they’re occurring as often as ever, and causing more harm than ever. Threat actors simply seek out the endless fresh attack vectors arising as an unintended consequence of digital transformation. In short, layered defenses have turned out to be cheesecloth.

Acknowledging this, a few cybersecurity innovators are taking a different tack. Instead of offering up more layers of defense, they’ve slipped on the shoes of the attackers and taken an offensive approach to defending IT assets. One of the most single-minded of these security vendors is startup CyCognito.

The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. Gurzeev and Potekhin set out to mirror the perspective of threat actors — and then help companies tactically leverage this attackers’ view to shore up their porous networks.



“The attackers need only to find a single blind spot to gain entry – it’s like singling out the weakest zebra in the herd,” says Gurzeev, CyCognito’s CEO. “Defenders, meanwhile, have to guard everything all of the time, and most organizations have many more Internet pathways than they even know about, much less are taking steps to defend.”

Botnet turnaround

CyCognito’s employment of a bot network is what struck me most after I sat down with the team and learned in more detail what they’re up to. They’re not just borrowing a few pages from the attackers’ handbook; they’re actually utilizing the bad guys’ core tool – botnets They’ve set out to boldly redirect botnet-power towards helping, instead of exploiting, the good guys.

I first wrote about criminal botnets at USA TODAY in 2004. Botnets at the time were just emerging; they’ve since become entrenched as the engine that drives all of cybercrime. A bot is a computing nodule that strictly obeys instructions from a command and control server. A criminal botnet is a network of bots under control of an individual  attacker.

Botnets are the nimble infrastructure that enables criminals to blast out massive ransomware and denial of service attacks and also to execute intricate advanced persistent threat (APT) hacks that play out over months and go very deep. Bots traditionally have arisen from compromised, or “pwned,” computing devices. Today bots are more often spun up as virtual instances of computing devices. Bad actors are spinning up these virtual bots by the million, utilizing computing resources sold, no questions asked, by the major cloud service providers, Amazon Web Services, Microsoft Azure and Google Cloud .

By contrast, CyCognito’s 60,000 nodule-strong bot network is comprised of computing instances  distributed globally with the expressed intent to help enterprises protect themselves. Bots do what they’re told. CyCognito’s bot network actively crawls the Internet identifying and mapping all exposed IP assets, fingerprinting each asset. This is essentially identical to the ground-level crawling and probing reconnaissance tasks that criminal botnets perform every day.

Upon finding an exposed IT asset, say a web server or a gateway router, CyCognito can pinpoint the IP address, confirm what type of asset it is and check whether the asset has any open ports; it can even ferret out snippets of coding or text, such as a copyright, that indicates more granularly what specific functions the asset performs, who the asset belongs to and what other assets it communicates with.



CyCognito’s bots feed this ground-level intelligence back to an analytics platform, which makes correlations and may ask for more information. This results in an assessment of  the business context surrounding each asset. “We’re building a live picture of what’s out there, not specifically looking for problems, at that stage,” explains Raphael Reich, CyCognito’s vice president of product marketing. “We’re collecting information to build associations between assets that other solutions miss: assets in the cloud, in subsidiaries, in third-party networks.”

Shadow risks

Another thing about bots, they do what they’re told — for as long as they’re told to do it. Over the past couple of years, CyCognito’s botnet has surveilled and fingerprinted some 3.5 billion Internet-exposed IT assets, resulting in rich data sets that are fed into the company’s analytics. CyCognito has been able to map details of specific assets to thousands of organizations in much the way a criminal ring would do, which allows it to understand attackers’ easiest pathways i

Last November, the company released findings from an analysis it conducted to identify what it calls “shadow risk” – exposures that, for whatever reasons, enterprise IT and security teams are often blind to. Shadow risk creates attack vectors that are externally exposed to anyone with the skill and desire to go find them. The data reveals that a stunning percentage of organizations have a significant number of security blind spots, most often stemming from third-party and cloud interconnectivity. For instance, CyCognito’s research found:

•Organizations are unaware of as much as 75% of their attack surface.

•Some 82% of these hidden assets impact the organization’s cybersecurity posture and are managed by their cloud providers, partners or subsidiaries.

•Some 87% of organizations have critical exposures that are visible to attackers at a given point in time.

Offensive defense

These findings are not at all surprising. Quite the opposite, they ring very true. Companies never found a way to stop intruders from breaching and plundering with impunity, even when all they had to defend were on-premises IT systems. Today we’re in the throes of digital transformation. Agility, speed, and modular transactions happen on the fly and in the cloud. This sets up a much more complex security challenge than setting up trip-wire alarms around an on-prem data center.



“Most organizations have expanded and broadly diversified their IT resources on-premises and in the cloud, making continuous monitoring and timely mitigation extremely challenging,” observes Potekhin, CyCognito’s CTO. “The inspiration for the CyCognito platform was the realization that the explosive growth in the numbers of threat actors and the sophistication of their tools has leapfrogged the capabilities of legacy security solutions and most of today’s enterprises, even those who are highly security-aware.”

What CyCognito has set out to do is outflank attackers and one of the results is a high-definition snapshot of the threat landscape, on any given day. That’s a major step forward. I hope they are able to trigger a new era of advances in the overall field of attack surface monitoring.

Meanwhile, as you might expect, the company has also designed its botnet and analytics platform to be available for hire — to drill down on individual companies’ IT assets. This can help companies identify and address open attack vectors — before the bad guys can get to them. “We looked to create a new class of solution to beat the attackers at their own game,” Gurzeev says. “It’s heartening that from Day One on our platform, customers are finding, assessing and closing open pathways.”

I expect layered defenses will continue to have a place, moving forward. But it’s going to be fascinating to see how adding a bit of offensive punch to defending networks catches on, and how much of a difference offensive security solutions will make, overall. I’ll keep watching.



Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/new-tech-cycognito-deploys-offensive-bot-network-to-put-companies-a-step-a-head-of-attackers/

Source link

The post #cybersecurity | #hackerspace |<p> NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | What’s in store for cybersecurity as we head into the ’20s

Source: National Cyber Security – Produced By Gregory Evans

In 2020 we will see more and more sophisticated attacks perpetrated by a larger number of threat actors, including many who are backed by organised crime or nation-states. According to the 2019 Verizon Data Breach Investigations Report (DBIR), organised criminal groups were behind 39 per cent of breaches in 2019, and actors identified as nation-state or state-affiliated were involved in 23 per cent of breaches.

These attacks may leverage side-channel attack techniques (similar to Spectre, Meltdown and the slew of other discovered hardware-related vulnerabilities that are so hard to address purely through software fixes), attacks living in firmware and others going beyond a traditional file-based or even living-off-the-land (aka fileless) malware. While the industry is still struggling with old known malware, these types of attacks will proliferate mostly unchecked.

For the first time, we may see an attack that results in death(s). Internet of Things (IoT) devices incorporated into critical infrastructure systems (e.g. electric grid, water treatment, communications), as well as life-critical medical devices, will see a slew of new disclosed vulnerabilities that could prove deadly, particularly to the most vulnerable patients in intensive care units (ICU). Attackers will become more specialised in different areas of IoT device types.

The evolution of ransomware

Ransomware has been around since 1989, yet it will remain a very effective malware type for attackers in 2020. McAfee’s researchers found that ransomware attacks have more than doubled this year, including a Q1 increase of 118 per cent.

“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee.

To that point, we can not only expect the number of ransomware attacks to increase in 2020, but as the discovery of the RIPlace evasion technique demonstrates, they will become more difficult — if not impossible — to detect.

All organisations across all industries are potential targets, but healthcare and government organisations appear to have the biggest targets on their backs. CNN reports 140 attacks targeting public state and local governments and health care providers this year (and counting).

The attacks hit schools, local government offices and hospitals, wreaking havoc and costing victims hundreds of millions of dollars. The victims included:

A network of Alabama hospitals had to stop accepting new patients.

The city of Baltimore, which ended up spending more than $18 million recovering from an attack.

Louisiana schools – Governor John Bel Edwards was forced to activate a state of emergency after ransomware took down three school districts’ IT systems

Three Florida cities – Key Biscayne, Lake City and Riviera Beach – were unable to provide residents with access to many vital government services while officials scrambled to spend hundreds of thousands of dollars to bring downed IT systems back online. The attackers collected ransoms totaling over $1.1 million.

The most recent victim (as of this writing) was the city of Pensacola, Florida, was hit by ransomware that took phones, email, electronic “311” service requests, and electronic payment systems offline.

As Dave Hylender, a senior risk analyst at Verizon and one of the authors of the 2019 Verizon Data Breach Investigations Report said, “There’s an impression that ransomware has sort of run its course. It hasn’t. I don’t think ransomware is ‘back’ this year because I don’t think it ever left.”

Gone phishing

An organisation’s employees will continue to initiate some of the most devastating losses. Companies rely on awareness training to educate users on how to avoid falling victim to attacks,  but that cannot eliminate user error entirely.

Consider that nearly a third of all breaches in 2019 were the result of phishing attacks, according to the Verizon DBIR. Worse, it’s easy for attackers to secure and use well-built, off-the-shelf tools, lowering the skill required to launch a phishing campaign. According to the IDG Security Priorities Study, 44 per cent of companies will increase their security awareness programs and make staff training priorities is a top priority.

Attackers will respond by improving the quality of their phishing campaigns by minimising or hiding common signs of a phish. Expect greater use of business email compromise (BEC), too, where an attacker sends legitimate-looking phishing attempts through fraudulent or compromised internal or third-party accounts.

Organisations in 2020 need to prioritise strengthening the environment around users to reduce the opportunity for them to be presented with attacks, strengthening the technology around the user to ensure that users cannot initiate losses, and then proactively anticipating the losses that users can initiate and putting technologies in place to mitigate the resulting losses.

Look for both the bad and the good

The reason for ransomware and other malware so easily being able to inflict damage is our continued reliance on security tools that chase badness (rather than ensuring good). It is impossible to detect all badness with a high degree of confidence by relying on the enumeration of badness approach.

Organisations should complement their existing security layers with an approach that does the exact opposite – ensuring what’s good. The emphasis is on the word “complement.” Do not rip out your existing solutions. When you combine your existing tools focusing on the bad with ones that track the good, by applying a whitelisting-like approach, you create the most effective defense in depth posture.

Rene Kolga, CISSP, heads Product Management and Business Development for North America, Nyotron

Source link

The post #comptia | #ransomware | What’s in store for cybersecurity as we head into the ’20s appeared first on National Cyber Security.

View full post on National Cyber Security

Understand #cyber security, don’t fear it, says #NCSC head

Source: National Cyber Security – Produced By Gregory Evans

Understand #cyber security, don’t fear it, says #NCSC head

The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection

The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection

The most important thing leaders of organisations can do is to stop being afraid of the problem and try to understand it, according to Ciaran Martin, chief executive of the NCSC.

“For too long, cyber security has been shrouded in mystique and fear – that’s not helpful,” he said in the annual KPMG lecture, hosted by Queen’s Management School and the Chief Executives’ Club at Queen’s University Belfast.

“Attacks are about return on investment, and cyber defence is about risk management and harm reduction,” said Martin.

“When you put it like that, it doesn’t seem so completely daunting. There’s plenty we can do to manage the risk. So simplify, simplify, simplify. Understand the risks and take action that you understand to manage them,” he said.

Digital attacks are a real risk to economic wellbeing in Northern Ireland and its citizens, warned Martin, because they can cause widespread disruption to individuals, companies and public services.

“There’s some great work going on around Northern Ireland, for example at Queen’s, and we need strong partners across the whole of Northern Ireland society to combat the threat. That’s the way to make Northern Ireland one of the safest places to live and do business online,” he said.

Facing the challenge

Given that cyber attack is about return on investment (ROI) for the attacker and risk management for the defender, Martin said the NCSC’s job as the national authority for cyber security is to do what it can to help take away as much of the harm from as many of the people as often as possible.

“Doing that isn’t as glamorous as Hollywood makes out. Instead, it’s about a relentless focus on getting these basic defences right,” he said, adding that defences have to be useable by people.

“By focusing not just on technology, but also on behaviours and economic incentives, the government can help create the right framework where that improvement in basic cyber security can take place.

“Success is possible. We are not claiming that we’ve cracked the problem. I’ve already said that we expect serious attacks with significant public impact, but that doesn’t mean we can’t make progress.

“In the 12 months to September of this year, we saw a 47% increase globally in detected phishing attacks. But the UK’s share of those attacks fell from 5.1% to 3.3%,” he said.

By breaking the problem down into manageable chunks, and looking objectively at what is and is not working, Martin said some improvements can be achieved.

“Please don’t let anyone tell you that the problem is unfixable, or that the right skills can’t be developed. Skills are indeed a very significant challenge, but there is no reason at all we should see it as an insurmountable one,” he said.

“My final message to you as chief executives is that the most important thing you can do is not to be afraid of the problem. Work out what you care about protecting the most, treat it as you would any major corporate, and engage with us and with other partners to work out what the best protections are for you. Cyber security is a team sport and we should be optimistic about our ability to make a real difference.”

John Hansen, partner in charge, KPMG in Northern Ireland, said KPMG’s recent CEO outlook report revealed that cyber security is a key issue for business leaders in Northern Ireland.

“CEOs are moving beyond a generic view of cyber risk and are taking steps to become more cyber resilient by developing risk, resilience and mitigation plans in the parts of their business that could be most seriously affected,” he said.

Nola Hewitt-Dundas, head of Queen’s Management School, said: “Cyber security threats are fast becoming a major global and national issue for all organisations and businesses.

“This annual lecture series is one way that the Management School is working in partnership with KPMG to equip businesses to respond to serious technological challenges,” she said.

Seek out dedicated teams to fight cyber crime

According to a recent survey by UK-based IT managed services provider (MSP) CORETX, mid-sized companies in the UK are not adequately protecting themselves from cyber security threats.

The survey revealed this is not due to lack of investment in technology, but through a lack of the dedicated, skilled resource needed to make the most of those tools.

The survey of 100 IT decision makers shows that 72% have implemented a security and information event management (Siem) system, which combines data sources and presents security-related information in an accessible form. Organisations also regularly refresh other security systems, such as firewalls, which 83% of respondents had replaced with more modern technology in the past three years.

However, only 4% had staff dedicated to monitoring, analysing and reporting security information created by a Siem or other sources, and only 6% had staff dedicated to acting on security reports.

With day-to-day security management falling to multi-tasking, generalist IT resources, the survey report said it is not surprising that just 19% of organisations monitor all IT logs that might contain security information. When potential threats are identified, only 13% of organisations are communicating the intelligence to someone able to deal with it.

“Many organisations must be spending a lot of money on the latest technology and then failing to recruit the people they need to use it,” said Merlin Gillespie, group strategy director at CORETX.

“Analysing live data feeds to identify cyber attacks is something general IT staff are unlikely to be appropriately skilled for. It’s also a relentless task. There’s a lot of data to analyse and cyber criminals don’t respect nine-to-five working patterns. Non-specialists may struggle to be consistently effective at the level required, which seems to be born out in our survey results,” he said.

Three-quarters of survey respondents said their organisations had recently fallen victim to a cyber attack, with 40% occurring in the past year.

“It’s clear that many organisations’ security practices leave very large gaps in their protection,” said Gillespie.

“In our view, creating actionable intelligence on the threats organisations faces can only be handled by a dedicated team. A business can either recruit and support that function in house or outsource it, engaging a service provider that specialises in security. Whatever option is taken, the result can only be significantly more credible protection,” he said.


The post Understand #cyber security, don’t fear it, says #NCSC head appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Huawei Australia appoints former NBN security head as cybersecurity officer

Source: National Cyber Security – Produced By Gregory Evans

Huawei Australia appoints former NBN security head as cybersecurity officer

Former head of security for NBN and Telecom New Zealand Malcolm Shore, who has also worked in NZ Defence security, has been appointed Huawei Australia’s cybersecurity officer. Huawei Australia has announced appointing former Australian National Broadband Network (NBN) and Telecom New Zealand head of security Dr Malcolm Shore as its…

The post Huawei Australia appoints former NBN security head as cybersecurity officer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ It’s almost time for summer camp for kids around the tri-state area. As you pack and plan for the perfect summer, there’s a conversation you may want to have about bullying. …

The post It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp appeared first on Become007.com.

View full post on Become007.com

Don’t bury head in sand on cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Don’t bury head in sand on cybersecurity

Cybersecurity is not always top of mind for companies. Sometimes it takes a heavy-hitting news story with details about a massive breach for leaders to stop and assess their internal controls. Sometimes it takes an employee opening a hacker’s phishing …

The post Don’t bury head in sand on cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

When the Govt Says Cybersecurity, Get Your Head Down, Cos the Koreans Are Coming

Source: National Cyber Security – Produced By Gregory Evans

When the Govt Says Cybersecurity, Get Your Head Down, Cos the Koreans Are Coming

Hey folks. Just spent the past week investigating potential sites for my post-nuclear apocalypse survival camp and, uh, “recruiting” nubile young cult… I mean commune members. East Africa is a touch too close to the Korean Peninsula for my liking, in light of the little palaver that’s going on between Donald Trump and Kim Jong Un. I hope that you …

The post When the Govt Says Cybersecurity, Get Your Head Down, Cos the Koreans Are Coming appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Mum raises awareness of bullying after seven-year-old son is hospitalised with head wounds

The mum of a seven-year-old boy who was continuously bullied at school has taken to Facebook to raise awareness after he was hospitalised with head wounds.

Seven-year-old Jak had complained of bullies at his school in Telford to his mum, but despite talking to the school she had been unable to stop the latest attack happening.

On a Facebook page called ‘Justice for Jak’, his mum has posted an upsetting account of what she has already been through to get help for her son, who was left with a serious head injury after ‘the bully was hitting my son in school and pushed him so hard he hit his head on a metal pole’.

Read More

The post Mum raises awareness of bullying after seven-year-old son is hospitalised with head wounds appeared first on Parent Security Online.

View full post on Parent Security Online

Colorado Teen Allegedly Found with Rodeo Star Ex-Girlfriend’s Body After He Shot Her in the Head

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ A Colorado teen allegedly found with the body of his ex-girlfriend in the back of his truck has pleaded not guilty to murdering her, PEOPLE confirms. Tanner Flores, 19, appeared in … View full post on Become007.com

Thunder Light with Pivoting Head

Source: National Cyber Security – Produced By Gregory Evans

Thunder Light with Pivoting Head

GF Thunder Light Cap Light features a 135 lumen LED light housed in a tough black ABS plastic body with slide zoom and aluminum pivoting head. The super bright LED light easily slides over the brim of your cap or …

The post Thunder Light with Pivoting Head appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures