now browsing by tag
#cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means
Seven weeks into 2020, and we are deep into the season for cybersecurity reporting. You can expect a wide range of summaries of the threat landscape from 2019 and forecasts as to what to expect this year. As threat actors from China, Russia, Iran and North Korea continue to probe network and system security around the world, we also have the rising threat of ever more sophisticated malware hitting individuals and the companies they work for, all fuelled by the scourge of social engineering to make every malicious campaign more dangerous and more likely to hit its mark.
BlackBerry Cylance has published its “2020 Threat Report” today, February 19, and its theme is the blurring lines between state actors and the criminal networks that develop their own exploits or lease “malware as a service,” pushing threats out via email and messaging campaigns, targeting industries or territories. This year, 2020, will be seminal in the world of threat reporting and defense—IoT’s acceleration is a game changer in cyber, with the emergence of a vast array of endpoints and the adoption of faster networking and pervasive “always connected” services.
The challenge with IoT is the limited control of the security layers within those endpoints—it’s all very well having smart lightbulbs, smart toys and smart fridges. But if every connected technology you allow into your home is given your WiFi code and a connection to the internet, then it is near impossible to assure yourself of the security of those devices. Current best practice—however impractical that sounds—is to air-gap the networks in your home: trusted devices—your phones, computers and tablets, and then everything else. If one family of devices can’t see the other, then you are much better protected from malicious actors exploiting casual vulnerabilities.
I have warned on this before, and the market now needs the makers of networking equipment to develop simple one-click multiple networking options, so we can introduce the concept of a separated IoT network and core network into all our homes—something akin to the guest networks we now have but never use on our routers, but simpler, more of a default, and therefore better used.
According to Cylance’s Eric Milam, the geopolitical climate will also “influence attacks” this year. There are two points behind this. First, mass market campaigns from state-sponsored threat actors in Iran and North Korea, from organized groups in Russia and China, and from criminal networks leveraging the same techniques, targeting individuals at “targeted scale.” And, second, as nation-states find ever more devious ways to exploit network defenses, those same tools and techniques ultimately find their way into the wider threat market.
The real threats haven’t changed much: Phishing attacks, ranging from the most basic spoofs to more sophisticated and socially engineered targeting; headline-grabbing ransomware and virus epidemics; the blurring between nation-state and criminal lines, accompanied by various flavors of government warnings. And then, of course, we have the online execution of crimes that would otherwise take place in the physical world—non-payment and non-delivery, romance scams, harassment, extortion, identity theft, all manner of financial and investment fraud.
But, we do also have a rising tide of malware. Some of that rising tide is prevalence, and some is sophistication. We also have criminal business models where malware is bought and sold or even rented on the web’s darker markets.
In the Cylance report, there is a useful summary of the “top malware threats” for Windows and Mac users. Cylance says that it complied its most dangerous list by using an “in-house tooling framework to monitor the threat landscape for attacks across different operating systems.” Essentially that means detecting malware in the wild across the endpoints monitored by its software and systems. It’s a volume list.
For cyber-guru Ian Thornton-Trump, the real concerns for individuals and companies around the world remain Business Email Compromise, “the fastest growing and most lucrative cyber-criminal enterprise.” He also points out that doing the basics better goes a long way—“there is little if any mention of account compromises due to poor password hygiene or password reuse and the lack of identifying poorly or misconfigured cloud hosting platforms leading to some of the largest data breaches” in many of the reports now coming out.
So here are Cylance’s fifteen most rampant threats. This is their own volume-based list compiled from what their own endpoints detected. There are missing names—Trickbot, Sodinokibi/REvil, Ryuk, but they’re implied. Trickbot as a secondary Emotet payload, for example, or Cylance’s observation that “the threat actors behind Ryuk are teaming with Emotet and Trickbot groups to exfiltrate sensitive data prior to encryption and blackmail victims, with the threat of proprietary data leakage should they fail to pay the ransom in a timely manner.”
There are a lot of legacy malware variants listed—hardly a surprise, these have evolved and now act as droppers for more recent threats. We also now see multiple malware variants combine, each with a specific purpose. Ten of the malware variants target Windows and five target Macs—the day-to-day risks to Windows users remain more prevalent given the scale and variety of the user base, especially within industry.
- Emotet: This is the big one—a banking trojan hat has been plaguing users in various guises since 2014. The malware has morphed from credential theft to acting as a “delivery mechanism” for other malware. The malware is viral—once it gets hold of your system, it will set about infecting your contact with equally compelling, socially engineered subterfuges.
- Kovter: This fileless malware targets the computer’s registry, as such it makes it more difficult to detect. The malware began life hiding behind spoofed warnings over illegal downloads or file sharing. Now it has joined the mass ad-fraud market, generating fraudulent clicks which quickly turn to revenue for the malware’s operators.
- Poison Ivy: A malicious “build you own” remote access trojan toolkit, providing a client-server setup that can be tailed to enable different threat actors to compile various campaigns. the malware infects target machines with various types of espionage, data exfiltration and credential theft. Again the malware is usually spread by emailed Microsoft Office attachments.
- Qakbot: Another legacy malware, dating back a decade, bit which has evolved with time into something more dangerous that its origins. The more recent variants are better adapted to avoiding detection and to spreading across networks from infected machines. The malware can lock user and administrator accounts, making remove more difficult.
- Ramnit: A “parasitic virus” with “worming capabilities,” designed to infect removable storage media, aiding replication and the persistence of an attack. The malware can also infect HTML files, infecting machines where those files are opened. The malware will steal credentials and can also enable a remote system takeover.
- Sakurel (aka. Sakula and VIPER): Another remote access trojan, “typically used in targeted attacks.” The delivery mechanism is through malicious URLs, dropping code on the machine when the URL is accessed. The malware can also act as a monitor on user browsing behavior, with other targeted attacks as more malware is pulled onto the machine.
- Upatre: A more niche, albeit still viable threat, according to Cylance. Infection usually results from emails which attach spoof voicemails or invoices, but Cylance warns that users can also be infected by visiting malicious websites. As is becoming much more prevalent now, this established legacy malware acts as a dropper for other threats.
- Ursnif: This is another evolved banking trojan, which infects machines that visit malicious websites, planting code in the process. The malware can adapt web content to increase the chances of infection. The malware remains a baking trojan in the main, but also acts as a dropper and can pull screenshots and crypto wallets from infected machines.
- Vercuse: This malware can be delivered by casual online downloads, but also through infected removable storage drives. The malware has adapted various methods of detection avoidance, including terminating processes if tools are detected. The primary threat from this malware now is as a dropper for other threats.
- Zegost: This malware is designed to identify useful information on infected machines and exfiltrate this back to its operators. That data can include activity logging, which includes credential theft. The malware can also be used for an offensive denial of service attack, essentially harnessing infected machines at scale to hit targets.
- CallMe: This is a legacy malware for the Mac world, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, usually Word, the vulnerability has been patched for contemporary versions of MacOS and Office software. Users on those setups are protected.
- KeRanger: One of the first ransomware within the Mac world, the malware started life with a valid Mac Developer ID, since revoked. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updates systems, but also offline backups as per all ransomware defenses.
- LaoShu: A remote access trojan that uses infected PDF files too spread its payload. The malware will look for specific file types, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good user training and email bevavior, including avoidance of unknown attachments.
- NetWiredRC: A favourite of the Iranian state-sponsored APT33, this malware is a remote access trojan that will operate across both Windows and Mac platforms. The malware focuses on exfiltrating “sensitive information” and credentials—the latter providing routes in for state attackers. Cylances advises administrators to block 212[.]7[.]208[.]65 in firewalls and monitor for “%home%/WIFIADAPT.app” on systems.
- XcodeGhost: Targeting both Mac and iOS, this compiler malware is considered “the first large-scale attack on Apple’s App Store.” Again with espionage and wider attacks in minds, the malware targets, captures and pulls strategic information from an infected machine. its infection of “secure apps” servers as a wider warning as to taking care when pulling apps from relatively unknown sources.
In reality, the list itself is largely informational as mitigation is much the same: Some combination of AV tools, user training, email filtering, attachment/macro controls, perhaps some network monitoring—especially for known IP addresses. The use of accredited VPNs, avoiding public WiFi, backups. Cylance also advises Windows administrators to watch for unusual registry mods and system boot executions.
Thornton-Trump warns that we need constant reminding that cyber security is about “people, process and technology.” Looking just at the technology side inevitably gives a skewed view. For him, any vendor reports inevitably “overstate the case for anti-malware defences in contrast to upgrade and improvement of other defensive mechanisms, including awareness training and vulnerability management.”
And so, ultimately, user training and keeping everything updated resolves a material proportion of these threats. Along with some basic precautions around backups and use of cloud or detached storage which provides some redundancy. Common sense, inevitably, also features highly—whatever platform you may be using.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans There’s an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives. Much is at stake when reporting security metrics. This data is critical for management to evaluate security programs and justify further investment […] View full post on AmIHackerProof.com
If 2019 was the calm before the storm, a welcome respite before things get really crazy, then we’re all in for a Cat 5 next year.
The Buzz’s most popular stories in 2019, as measured by the digital analytics firm Chartbeat, reveal a state wallowing in conflict, suffering and impending doom.
Stories related to white nationalism, federal investigators circling the former Democratic nominee for governor, elections hacking, the lingering despair from Hurricane Michael and the NRA’s opposition to a proposed assault weapons ban all resonated with readers.
U.S. Rep. Matt Gaetz, one of the most divisive members of Congress, nabbed two slots in the top 10, courtesy of his bad boy approach to politics. State Rep. Dennis Baxley’s penchant for sponsoring 1950s-style legislation made the list, as did what then appeared as a looming threat to President Donald Trump’s Florida home posed by Hurricane Dorian.
Of all the stories in the top 10, only a profile of Gov. Ron DeSantis could be described as remotely positive. It’s a revealing look at the state’s top politician finding a groove that has had him surging in the polls.
Behold the stories in 2019 that cast a spell on readers.
10. Florida bill would have students learn alternatives to climate change, evolution. (Published online Jan. 28)
TALLAHASSEE — A bill that would allow school districts to teach Florida students alternatives to concepts deemed “controversial theories” — such as human-caused climate change and evolution — has been filed in the state Legislature.
The language of the bill sounds fairly unremarkable, requiring only that schools “shall” teach these “theories” in a “factual, objective, and balanced manner.” But the group that wrote the bill, the Florida Citizens Alliance, says the bill is needed because curriculum currently taught in Florida schools equates to “political and religious indoctrination,” according to their managing director, Keith Flaugh.
The bill’s sponsor, Sen. Dennis Baxley, R-Ocala, said that schools need to teach “different worldviews” on issues like evolution and climate change. He asserts that textbooks now skew toward “uniformity” of thought.
“Nothing is ever settled if it’s science, because people are always questioning science,” Baxley said. “If you look at the history of human learning, for a long time the official worldview was that the world was flat. Anything you now accept as fact comes from a perspective and you learn from examining different schools of thought.”
Both evolution and climate change are well-established fact in the scientific community.
9. A Florida Congresswoman is wondering why she can’t talk openly about Russian election hacking (Sept. 8)
Rep. Stephanie Murphy, the Democrat who represents parts of Seminole County and Orange County, has a bone to pick with the U.S. intelligence community.
In an op-ed column for the Washington Post published earlier this week, Murphy renewed her objection to the lack of public knowledge about Russian attempts to hack into Florida’s electoral system in 2016.
Security officials, Murphy argued, have been less than forthcoming about Russia’s interference efforts. It took Murphy ― and her Republican colleague, Michael Waltz, R-6 ― requesting a private briefing for officials to disclose that two counties had been penetrated by Russians, Murphy writes. And in fact, there may have been even more counties affected. Murphy herself is not sure, she wrote.
8. Hurricane Michael recovery has a big problem: People aren’t donating (Jan. 27)
PANAMA CITY — More than three months after Hurricane Michael bludgeoned the beachside communities in the Panhandle, dozens of people crammed into the Messiah Lutheran Church on Thursday.
They were there to address enormous questions that hang over their largely lower-income part of the state.
“Affordable Housing,” “Reach Less Fortunate,” were written at the top of a long list of goals for a startup recovery group. Some suggested auctioning off quilts, or holding a car show.
But the reality is they’re going to need millions.
Major donors simply aren’t coming through for Florida’s Forgotten Coast. According to a Times/Herald analysis of contributions to three prominent national charities, donations to Hurricane Michael recovery fall far below donations for recent landmark hurricanes to hit the South such as Florence, Irma and Harvey.
The Salvation Army has received $2.8 million for its Hurricane Michael response. It received a combined $125 million after Harvey, Irma and Maria in 2017.
United Way Worldwide received just under $750,000 for Hurricane Michael recovery. That’s more than $10 million less than it received for its combined fund for Hurricanes Irma and Maria. That’s about $100,000 less than it received for the 2017 Mexican earthquake.
“God, I give you praise and honor for bringing us together … I pray that you will continue to give us the strategic ideas and the resources so that our county shall be a better county than it was before October the 10th,” Pastor Lynva Masslieno said at Thursday’s meeting.
7. Federal subpoena demands records on Andrew Gillum and his campaign for governor (May 30)
Andrew Gillum is a focal point of a recently issued federal grand jury subpoena that demands information on the former Democratic candidate for governor, his campaign, his political committee, a wealthy donor, a charity he worked for and a former employer.
The subpoena, obtained by the Tampa Bay Times and previously unreported, could reflect a new level of federal inquiry into Gillum, the former mayor of Tallahassee who narrowly lost to Republican Ron DeSantis last year.
Throughout his campaign last year, Gillum insisted he was not a target of a sprawling FBI investigation of Tallahassee City Hall, which has taken at least three years and resulted in three arrests. Last year, he told the Tallahassee Democrat: “Twenty-plus subpoenas have been issued and not one of them has anything to do with me.”
But the recent one does. Previously, the investigation had centered on corruption inside Tallahassee government, including during Gillum’s time as mayor. The newer subpoena is more focused on Gillum’s 2018 campaign and people and organizations with clear ties to him, but with less obvious connections to Tallahassee City Hall.
Gillum, now a CNN contributor, declined to answer specific questions about the subpoena or say whether a subpoena was issued to him. In a statement to the Times, Gillum said: “We stand ready to assist any future review of our work, because I am confident we always did the right thing and complied fully with the law.”
6. Where did this Ron DeSantis come from? Florida’s governor surprises everyone but himself. (Feb. 10)
TALLAHASSEE — It was a moment lost on Election Night.
As newly elected Gov. Ron DeSantis faced a blockade of TV cameras in Orlando, he told reporters that he had been misunderstood, or “unfairly demagogued,” by political rivals and the media.
At the end of a bitter campaign in which he cast himself as an uncompromising conservative who reveled in his support from President Donald Trump, DeSantis said he was eager to move on and work with those who had tried to defeat him.
Three months later, his short time in office has already shattered assumptions that he would govern exclusively from the right. He has drawn unexpected praise from Republicans and Democrats.
He released a budget proposal that broke the record for spending and contained no major cuts, placing him at odds with staunch fiscal conservatives in the Florida House. As he’s relentlessly traveled the state in a fixer-upper plane, he’s appointed Democrats to key posts, vowed to save the Everglades and urged lawmakers to allow patients to smoke medical marijuana.
“He’s taken a very pragmatic course,” said Tampa Mayor Bob Buckhorn. “I say this as a Democrat and as a mayor: I’ve been really pleased and pleasantly surprised by the course and the decisions he’s made.” He added that until DeSantis took office, he was “an unknown quantity.”
5. Here’s what the NRA’s Marion Hammer had to say about Florida’s proposed assault weapons ban (Aug. 16)
TALLAHASSEE — Florida National Rifle Association lobbyist Marion Hammer warned state economists Friday that a proposed assault rifle ban would be devastating to gun manufacturers lured to the state over the last eight years.
“Gov. Rick Scott and Enterprise Florida solicited and offered significant financial incentives to gun manufacturers to come to Florida to bring more jobs,” she said.
Hammer, speaking for the first time since back-to-back gun-related massacres in El Paso and Dayton two weeks ago, denounced the controversial amendment meant to address gun violence in Florida.
The amendment would ban the future sale of assault rifles in the Sunshine State and force current owners to either register them with the state or give them up.
But Hammer said the proposed amendment doesn’t protect the more than 150 major gun manufacturers in the state, of which many produce weapons that would be outlawed by the ban. Those companies would be forced to move because they couldn’t possess any new assault weapons, she said.
“If I were the owner of one of these firearm manufacturing companies, I wouldn’t wait to see what voters do,” she said. “If this were allowed to go on the ballot, I’d say, ‘I’m outta here.’”
4. Matt Gaetz’s 2008 DUI arrest resurfaces after jab at Hunter Biden’s substance abuse. Here’s what happened. (Dec. 12)
U.S. Rep. Matt Gaetz took a jab at Hunter Biden’s past substance abuse during Thursday’s House impeachment hearings, leading a Democratic colleague to call the Pensacola Republican a hypocrite.
The dust-up started when the Pensacola Republican sought to insert Biden’s name into the articles of impeachment — the latest attempt to redirect the investigation in President Donald Trump to Vice President Joe Biden and his son’s employment with Burisma, a Ukrainian natural gas company.
That’s when things took a strange turn.
“I don’t want to make light of anybody’s substance abuse issue,” Gaetz said. “But it’s a little hard to believe that Burisma hired Hunter Biden to resolve their international disputes when he could not resolve his own dispute with Hertz rental car leaving cocaine and a crack pipe in the car.”
Those watching the hearing online immediately drew parallels between Gaetz’s remark and his own run-in with law enforcement. Gaetz was arrested in 2008 for driving under the influence, though he was never convicted.
3. Further investigation into Matt Gaetz is needed for tweet at Michael Cohen, Florida Bar determines (Aug. 14)
An investigation into U.S. Rep. Matt Gaetz will proceed, the Florida Bar said Wednesday, meaning the Panhandle Republican could face discipline for allegedly intimidating President Donald Trump’s former lawyer Michael Cohen.
A grand jury-like panel called the Grievance Committee will next decide whether there is probable cause that Gaetz’s tweet broke the state Supreme Court’s rules for lawyers. Gaetz, one of Trump’s top allies in Congress, is licensed to practice law in Florida.
If the Florida Bar had determined in its initial review that discipline was not warranted, then the case would have stopped. But it has not, meaning the Bar has decided that further investigation is needed.
(SPOILER ALERT: It later cleared Matt Gaetz.)
2. Trump’s Mar-a-Lago is in the projected path of Hurricane Dorian (Aug. 29)
Hurricane Dorian is threatening to strike Florida near Mar-a-Lago, President Donald Trump’s prized South Florida resort.
The storm is projected to make landfall as a Category 4 hurricane on Monday, with Melbourne as the most likely landing spot. That’s about 115 miles north of Palm Beach, where Trump’s ocean-front hotel is situated. Mar-a-Lago remains in the “cone of uncertainty” — the range of potential paths the hurricane could take as it strengthens in the Caribbean.
Previous hurricane models suggested Dorian could pass right through the so-called Winter White House, a frequent destination for Trump’s working vacations. As of Thursday morning, though, the storm’s path has shifted slightly north as it slows its forward motion and intensifies.
1. Memo reveals a House Republican strategy on shootings: downplay white nationalism, blame left (Aug. 16)
Congressional Republicans recently circulated talking points on gun violence that falsely described the El Paso massacre and other mass shootings as “violence from the left.”
A document obtained by the Tampa Bay Times and sent by House Republicans provides a framework for how to respond to anticipated questions like, “Why won’t you pass legislation to close the ‘gun show loophole’ in federal law?” and “Why shouldn’t we ban high-capacity magazines?” The answers are boilerplate Republican arguments against tougher gun restrictions.
But it also included this question: “Do you believe white nationalism is driving more mass shootings recently?” The suggested response is to steer the conversation away from white nationalism to an argument that implies both sides are to blame.
“White nationalism and racism are pure evil and cannot be tolerated in any form,” the document said. “We also can’t excuse violence from the left such as the El Paso shooter, the recent Colorado shooters, the Congressional baseball shooter, Congresswoman Giffords’ shooter and Antifa.”
The post #hacking | 2019′s most read Florida political stories in the Tampa Bay Times appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says. A new report shows companies that rely solely on the Common Vulnerabilities and Exposures (CVE) system for their vulnerability information are leaving themselves exposed to a substantial number of security […] View full post on AmIHackerProof.com
#cyberfraud | #cybercriminals | Internet’s most dangerous celebrity searches include Alexis Bledel, James Corden, says computer security company McAfee
The computer security company McAfee said searches for Bledel lead to the most malicious and unreliable websites and links.
Late night talk-show host James Corden came in second.
Jimmy Fallon, Jackie Chan and Nicki Minaj also made the top ten.
McAfee has put the list out for 13 years now and cautions against clicking on suspicious websites, reported CNN.
Previous ‘most dangerous’ celebs included Emma Watson, Ruby Rose, Avril Lavigne and Amy Schumer.
Copyright © 2019 KABC-TV. All Rights Reserved.
The post #cyberfraud | #cybercriminals | Internet’s most dangerous celebrity searches include Alexis Bledel, James Corden, says computer security company McAfee appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security News
Where has the time gone? February is almost over, and already we’ve seen several major vulnerabilities and hacks this year! As we head further into what’s sure to be another busy year for cybersecurity, it’s important to take a step back and examine how we got here.
For nearly four decades, cyber criminals have been exploiting the latest and greatest technology for fun, profit and power. In that time, the word “hacker” has taken on many meanings. At first, it referred to mischievous young techies looking to build a reputation on the internet, but it has since become a worldwide title for data thieves, malicious online “entrepreneurs” and geopolitical operatives. The threats and tactics that hackers use have evolved, too – from small-time scams to dangerous worms and earth-shaking breaches.
As a result, the security industry has been in game of “cyber cat and mouse” for the better part of a half-century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by sophisticated threat actors.
Let’s take a look back at the past four decades to assess the most notorious hacks in each era, why they mattered, and how the security industry responded.
View full post on National Cyber Security Ventures
It took Bonnie and Clyde three years to rob about a dozen banks, but the scourge of bankers today is a quiet Russian hacking group called, appropriately enough, MoneyTaker, and they don’t need nearly as much drama to abscond with cash.
Using often tailor-made hack attacks that regularly rely on near-undetectable fileless malware, the MoneyTaker gang has, in barely a year and a half, robbed millions from 20 banks so far and counting. What’s worse is that the gang has stolen data that could let it hijack Swift transactions, leading Swift for the first time to issue a report on cyber-vulnerabilities with the banks it works with.
While hackers usually don’t discriminate, they’ve got no problem attacking servers at hospitals, schools and corporations with trade secrets and valuable intellectual property, banks hold a special place in their heart as that is where the money is, as yet another famous Depression-era bank robber once said.
Once a bank’s security is compromised, hackers can pay themselves from the funds on hand, transferring sums large and small to their accounts. However, with information about the global payment systems like Swift that’s also available only at the bank, hackers can do a lot more damage.
Hackers are getting better at “data mining” all the time. According to Kaspersky, Russian hackers operating just a couple of Darknet marketplaces in 2017 were offering this year an astounding 85,000 servers for sale (meaning, the authentication information that will let a hacker take control of the server), some for as little as $6! In 2016 there were “only” 70,000 such servers for sale, meaning that whatever we are doing to keep hackers at bay, it isn’t enough.
Included in those compromised servers are apparently some containing key Swift information, and it’s just a matter of time before the MoneyTaker gang will also use that information for fun and profit.
How are gangs like MoneyTaker getting away with this, especially with servers belonging to banks which are presumably protected by the latest cybersecurity systems? According to a study by the SANS Institute, it’s the “human factor” that is at work: As many as 95% of all attacks on enterprise networks begin with a spear phishing attack in which hackers dispatch their malware hidden inside email attachments. That attack could consist of trojans that pave the way for malware that allows hackers to take over servers, or the newer fileless malware attacks (where an agent installs itself in memory, hijacking servers for the use of hackers).
Cybersecurity systems, as sophisticated as they are, are clearly not doing the job — and maybe they never will, given that in the end the effectiveness of those systems can be overridden by workers inside the organization. The best systems then are the ones that take away from users and employees any opportunity to override security by responding to the phishing messages that get them, and their organizations, into trouble.
Systems like that need to be able to analyze messages and incoming files for malware or threats, and remove them before passing the file or message on to workers.
In addition, the system has to be robust and innovative enough to arrest malware that is passed on in innovative ways with traditional cybersecurity systems, like sandboxes that are perhaps not up to date on phenomena like fileless malware. With thousands of security systems out there, organizations are understandably confused about what systems are the most effective. But in our opinion, the systems that will perform best are the ones that limit opportunities for spearphishers to have their way with employees.
The post PayThink #Users are #compromising #most #security #tech appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Three quarters of all Internet of Things (IoT) projects are “failing”, according to Cisco’s Australian CTO Kevin Bloch, primarily because they have been designed to solve individual problems, and have become siloed and unsupported as a result.
“The inaugural phase of IoT is characterised by numerous point solutions from a multitude of new — often startup — vendors. Typically, these solutions have been designed to solve a particular societal problem such as lighting or parking. In each case, a complete IT stack needs to be built in support of the solution,” Bloch explained.
“Eventually, customers find themselves with multiple siloes from multiple vendors that don’t interoperate, are not cybersecure, use different protocols, and generate more complexity at greater cost.”
According to Bloch, this is why Cisco is constructing an “IoT Phase 2” foundation, which consists of a platform that is able to cope with multiple different sensors, vendors, applications, and data interchanges.
The CTO added that IoT projects are also failing due to a lack of cybersecurity, qualified skills by those running them, project definition, governance, and support.
Released alongside nine other axioms on the IoT landscape, Bloch said Cisco hopes to aid other companies in launching successful connected solutions by discussing both pitfalls and successes.
The lack of cybersecurity made up a second of his axioms, with Bloch saying that if something is not secured, it should not be connected.
“Cybersecurity crime is already at an all-time high and negatively impacting global economies by upwards of 1 percent of GDP,” he said.
“We are becoming more mobile, we are using more cloud services, and we are expanding IoT deployment to tens of billions of connected things, thereby expanding exploitation and attack opportunities. Our situation will inevitably get worse if we don’t take the right precautions.
“If you don’t secure it, don’t connect it.”
Again, Bloch said that most of the new IoT solutions being brought to market are being developed by companies or startups without any experience — including experience in security.
As a result, he said Cisco is continuing to invest billions of dollars into cybersecurity solutions for IoT, mobility, and cloud. One such product was Cisco’s IoT Threat Defense solutionlaunched in June in an effort to mitigate and solve common security issues threatening the deployment and operation of connected devices, with the networking giant at the time saying many vendors and companies strip security mechanisms out of devices in order to keep them at low cost.
Cisco IoT CTO Shaun Cooley in June explained that as many devices also don’t have the power to protect themselves, network-side security must be emphasised, along with improving processors, enforcing the better labelling of devices, and requiring a notification and approval process prior to allowing connectivity.
The IoT Threat Defense suite is also enabled by Cisco’s network intuitive, which combines the technologies Cisco has been working towards for the past few years: Software-defined networking, software-defined access, network function virtualisation, APIs, and intelligent WAN capabilities.
A third axiom saw Bloch argue that IoT is about collecting data and about the data itself — not about connecting things, with Cisco predicting that connections will cost nothing within a decade.
Under this axiom, Bloch said there are two main components needed to be able to “measure” the physical world and enable automation: Sensing via a camera, sensor, or processor; and connectivity, or the transferring of data measurements to a computer.
“Sensing and connectivity provide data that enable a product to externalise its capabilities and provide a range of new opportunities and services,” he explained.
Another of Bloch’s IoT axioms argued that the key is having the right data, knowing what to ask of the data, and knowing how to find the answers — with the CTO correlating this to another assumption: That by 2025, 40 percent of all data will never make it to the cloud.
“While amassing data may seem important, the critical question to ask is ‘what do you need the data for?’” he said.
“Most organisations already have more data than they can manage, yet most often don’t have the right data. If they did, would they know what to ask of the data? If they are able to formulate the problem, how would they go about finding the answers needed within the data?”
The key for organisations is finding the answers to those three questions by utilising a combination of compute, artificial intelligence, and machine learning, he argued.
Cisco has been focused on providing IoT solutions globally, in June announcing its Kinetic IoT operations platform with a focus on managing connections, “fog” computing, and the delivery of data, which “streamlines the capability of companies bringing their IoT initiatives to market”.
“It’s really a platform for getting data off of your devices,” Cisco SVP and GM of IoT and Applications Rowan Trollope said at the time, adding that it will complement Cisco’s Jasper IoT platform.
“We’re extending from the edge all the way onto the device to provide an amazing platform to get way more data.”
According to Trollope, trillions of terabytes of data is “locked up” on unconnected devices across the world, which Cisco Kinetic could help extract. It will also speed up the time between proof of concept and implementation for customers.
The post Cisco: Most #IoT projects are #failing due to lack of #experience and #security appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Third-party cyber security failures are costing businesses the most – up to £1.5m – as security budgets shrink, a study by Kaspersky Lab and B2B International reveals
Companies suffer the greatest damage as a result of cyber security incidents relating to their partners, according to research.
This is the finding of a study examining whether cyber security is a cost centre or a strategic investment by Kaspersky Lab and B2B International.
Incidents affecting infrastructure hosted by a third party cost small businesses £106,000 on average, while large enterprises lost nearly £1.5m as a result of breaches affecting suppliers they share data with, and £1.2m because of insufficient levels of protection at providers of infrastructure as a service (IaaS).
These findings indicate that companies should not only invest in their own protection, but also pay attention to that of their business partners.
As soon as a business gives another organisation access to its data or infrastructure, the report said weaknesses in one may affect them both.
There is a growing list of examples of data breaches that can be traced to third-party suppliers, from the Target breach in 2013, to more recent cases such as insider trading by hacking newswire services and fraudulent tax claims by compromising a feature on the US Internal Revenue Service website that was hosted by a third party.
This issue is becoming increasingly important as governments worldwide introduce legislation requiring organisations to provide information about how they share and protect personal data.
“While cyber security incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of the enterprise business division at Kaspersky Lab.
“This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR [General Data Protection Regulation] become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill,” he said.
According to the study, 63% of companies are investing in cyber security regardless of return on investment (ROI).
However, the study also shows that businesses around the world are starting to view cyber security as a strategic investment, and the share of IT budgets that is being spent on IT security is growing, reaching almost a quarter (23%) of IT budgets in large corporations.
This pattern is consistent across businesses of all sizes, including very small businesses where resources are usually in short supply. However, while security appears to be receiving a larger proportion of the IT budget, the overall budget is getting smaller. For example, the average IT security budget for enterprises in absolute terms dropped from £19.2m in 2016 to £10.3m in 2017.
As security budgets shrink, the cost of security breaches is going up. In 2017, small to medium-sized enterprises (SMEs) are paying an average of £66,800 per security incident, compared with £65,900 in 2016, while enterprises are facing costs of £756,000 in 2017, up from £655,000 in 2016.
To help businesses with their IT security strategies, based on the industry threat landscape and specific recommendations, Kaspersky Lab has introduced an IT Security Calculator.
The tool is aimed at providing a guide to the cost of IT security based on the average budgets being spent, security measures, the major threat vectors, money losses and tips on how to avoid a compromise.
The post Third-party #cyber security failures cost #businesses the #most appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures