now browsing by tag
#cyberfraud | #cybercriminals | Department of Parliamentary Services gives itself cyber tick of approval
The Australian Department of Parliamentary Services (DPS) has self-assessed that everything is mostly fine with its infrastructure, following a leaked report that everything was not.
Last month, the ABC reported that an internal audit written by KPMG had given many elements of DPS the lowest cyber maturity rating possible.
At Senate Estimates on Monday morning, DPS secretary Rob Stefanik said the leaked report was a draft prepared after the advisory giant had completed its “preliminary field work”.
“It wasn’t until a process of validation and verification that a lot of the information presented in that draft was simply found to be incorrect and the final report that they had produced, which had an implementation plan in it, in July 2019, did not have the statements in it that the original draft did.”
Stefanik said that instead of receiving the “ad hoc” rating — the lowest possible rating on a scale that ranges from ad hoc to developing, to managing, to embedded as the highest rating — the department bagged a “managing” rating in 85 of 88 criteria, with the remaining three being scored as “developing”.
Labor Senator Kimberley Kitching asked to what extent the department was able to self-assess its cyber maturity.
“It’s entirely self-assessment,” Stefanik replied.
Senate President Scott Ryan said the final report would not be released, and senators could take their concerns to the private Senate Standing Committee on Appropriations, Staffing, and Security.
“It is not appropriate to release that report because it contains information that could be used to weaken our cybersecurity,” he said.
“We have more lengthy discussions on these matters in a non-public forum to which all senators are entitled to attend and, having consulted officials, both in the Department of the Senate and in DPS, it is the view that that committee, which has a specific mandate regarding information technology in its terms of reference, is the appropriate place to discuss matters that should not be drawn to public attention or exposed to public.”
In earlier remarks, Ryan said public sector networks were targeted across a four-day period in October.
“During this period, the investment that DPS made in cybersecurity has paid dividends,” Ryan said.
“Our cybersecurity operation centre was able to leverage information from partners to be well prepared in advance of the campaign, and protective controls in place, blocked many attempts to inject malware into the environment.”
The attackers also went after parliamentary staff on their personal email addresses in an attempt to gain access to the parliamentary network.
“I’m pleased to report that there was a high degree of co-operation by users during this period, combined with the maturing cybersecurity defences that have been put in place. They both ensured that the parliamentary environment was protected from this attack,” the Senate President said.
“This is one example of many cases on a daily basis where parliament is targeted by malicious actors.”
The parliamentary network and Australia’s political parties were not successfully defended during an attack in February 2019.
For eight days, the attacker described as a state actor was able to remain on the network.
“While I do not propose to discuss operational security matters in detail, I can state that a small number of users visited a legitimate external website that had been compromised,” Ryan said at the time.
“This caused malware to be injected into the Parliamentary Computing Network.”
The incident highlighted the awful password practices present with Australia’s parliament.
Parliament House hack report reveals poor password practices
It took eight days to flush February’s cyber attackers from Australia’s parliamentary network. A procedure to authenticate staff asking to reset their boss’ passwords only came another week later.
Ransomware infection takes some police car laptops offline in Georgia
Ransomware infection impacted police car laptops for the Georgia State Patrol, Georgia Capitol Police, and the Georgia Motor Carrier Compliance Division.
Department of Parliamentary Services says February attack was ‘detected early’
The department admitted it has work to do on fighting external threats.
Australian government computing network reset following security ‘incident’
Department of Parliamentary Services says there is no evidence to suggest data has been taken or accessed, or that the incident is part of a plan to influence electoral processes.
Cybercriminals flooding the web with coronavirus-themed spam and malware (TechRepublic)
Hackers have expanded their exploitation of the outbreak fears with hundreds of scams and operations.
View full post on National Cyber Security
In today’s ever-shifting market, we recognize that you need to be constantly adapting, and Akamai provides a way to enhance your customers’ experiences through our unique expertise, helping you unlock the value of Akamai’s products and services.
Professional Services’ primary mission is to drive customer success and growth. In order to achieve that, Akamai’s Global Services and Support team rationalized the Web Performance and Media Services portfolio that bundles Advisory, Professional Services and Support to focus on value confirmation that is differentiated at each level of service.
As industry experts and trusted advisors, we can help our customers scale, meeting their needs by offering everything from break-fix support to implementation services, to maintaining and optimizing their Akamai products to assisting in addressing their specific business goals through the adoption of Akamai solutions.
The new Premium 3.0 Services and Support provides a high-touch engagement and access to aligned support professionals with extensive knowledge and understanding of all Akamai solutions. This service enables media configuration optimization through best-practices and regular validation of product value to improve viewer experience. As part of its capabilities, Premium 3.0 includes a catalog of Technical Business Assessment with tools such as Ingest Readiness, Reduced Rebuffering and Media Distribution Optimization, all this to ensure that the different aspects of media distribution are set up and configured correctly.
To learn more about professional services, please visit our website: https://www.akamai.com/us/en/services/
*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Nancy Carvajal. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/MEV-MF3Sx1M/march-2020—professional-services-and-the-media-industry.html
View full post on National Cyber Security
#cybersecurity | #hackerspace | WhiteHat Provides Free Vulnerability Discovery Services to Gov’t Agencies
As part of an effort to help chronically underfunded government agencies combat state-sponsored cyberattacks, WhiteHat Security, a unit of NTT, has decided to offer free of charge two services it provides for discovering vulnerabilities before and after application code is deployed to federal, state and municipal agencies in North America.
Company CEO Craig Hinkley said the decision to make WhiteHat Sentinel Dynamic and Sentinel Source Essentials Edition available for free to government agencies is motivated by civic duty. A native of Australia, Hinkley moved to the U.S. 23 years ago and last year became a U.S. citizen. State-sponsored attacks against election systems are nothing less than an attack on democracy, he said.
Citing data compiled by the Center for Strategic & International Studies, recent examples of state-sponsored cyberattacks against applications and websites included are of increasing concern, with recent examples include the theft of login credentials from government agencies in 22 countries across Asia, Europe and North America and hacking campaign that kicked more than 2,000 websites offline in Georgia.
At the same time, North Dakota officials this week disclosed cyberattacks aimed at the state government nearly tripled last year. Shawn Riley, North Dakota’s chief information officer and head of the Information Technology department, disclosed there were more than 15 million cyberattacks against the state’s government per month in 2019, a 300% increase year over year.
The Texas Department of Information Resources revealed it has seen as many as 10,000 attempted attacks per minute from Iran over a 48-hour period on state agency networks, while the U.S. Coast Guard (USCG) issued a security bulletin after revealing that one of its bases had been knocked offline last month by a Ryuk ransomware attack. Even small school districts are being impacted by cybersecurity: Richmond, Michigan, a small city near Detroit, recently announced that students would be enjoying a few extra days of holiday break this year while its school system recovered from a ransomware attack.
A recent report published by Emisoft, a provider of endpoint security software, estimates attacks against roughly 966 government agencies, educational institutions and healthcare providers created costs in excess of $7.5 billion.
Clearly, a lot of focus on cybersecurity attacks is on state and local governments that are responsible for ensuring the integrity of elections. Just this week, a bipartisan bill was proposed calling for the director of the Cybersecurity and Infrastructure Security Agency to appoint a cybersecurity state coordinator in each U.S. state.
Hinkley said it’s apparent government agencies don’t have the resources required to thwart attacks being launched by states themselves or rogue organized groups acting to advance their interests. By making available cybersecurity vulnerability assessment services for free, WhiteHat Security is moving to help agencies identify vulnerabilities in websites and applications that could be easily exploited, he said.
Making that capability available as a service should make it easier for both application developers and cybersecurity teams to scan for vulnerabilities before and after an application is deployed. It may even help foster the adoption of best DevSecOps practices within government agencies, Hinkley noted.
State-sponsored cybersecurity attacks have become a global issue. Concerns about such attacks have risen sharply as tensions in the Middle East continue to rise. The challenge now is how best to thwart those attacks before they are launched by eliminating as many existing vulnerabilities as possible.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans A Loft Orbital satellite. Photo: Loft Orbital Startup Loft Orbital wants to shake up space with technology standardization. Their proprietary Payload Hub technology is a universal payload adapter that can fly any payload on a standard satellite bus. The company, which is in its infancy, received […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans by Dan Kobialka • Jan 14, 2020 WatchGuard Technologies, a network security hardware and services provider, now offers automated monthly billing for its WatchGuardONE FlexPay program, according to a prepared statement. That way, WatchGuardONE partners can purchase WatchGuard Subscriptions from participating distributors without upfront costs or […] View full post on AmIHackerProof.com
(Eds: Disclaimer: The following press release comes to you under an arrangement with PR Newswire. PTI takes no editorial responsibility for the same.)
As a partner of AWS, Fractal is co-presenting with Office Depot at NRF 2020 Vision
MUMBAI, Jan. 13, 2020 /PRNewswire/ — Fractal (https://fractal.ai), a global leader in artificial intelligence and analytics, powering decision-making in Fortune 100 companies, announced today that they are a Certified Retail Competency Partner of Amazon Web Services (AWS). As an AWS Certified Retail Competency Partner, Fractal will co-present with Office Depot at the National Retail Federation’s (NRF) 2020 vision event, taking place at the Javits Center in New York City, January 11-14.
Fractal and Office Depot will jointly present on retail technologies enabling customer centricity and growth, using AI and Machine Learning solutions to help retailers make decisions around customer segmentation, next best action, customer churn and more, giving attendees a closer look at the company’s latest innovations.
The AWS Retail Competency status differentiates Fractal as an AWS Partner Network (APN) member that delivers highly specialized technical proficiency with deep AWS expertise, and delivers solutions seamlessly on AWS. AWS Retail Competency Partners undergo rigorous validation by AWS to ensure alignment to AWS’ best practices for building the most secure, resilient and highest-performing cloud infrastructure for industry applications, giving customers increased confidence when making decisions.
“Fractal has been focused on transforming the retail business for some time now. We are thrilled to be recognized as a Retail Competency Partner by Amazon Web Services,” said Amitabh Bose, Chief Practice Officer at Fractal. “AWS is the market leader in cloud computing platforms and well penetrated in the retail sector. This acknowledgment and our strategic partnership with AWS will help us drive significant value for our retail clients by solving their business problems at scale.”
Fractal offers a wide range of retail-focused solutions in areas including personalization, marketing effectiveness, supply chain, promotions optimization, shrink management, and more, which can be deployed either on-premise or through deployed cloud systems. With these solutions, Fractal has helped deliver successful top-line and bottom-line impact for various Fortune-100 retailers.
Fractal is one of the most prominent players in the Artificial Intelligence space. Fractal’s mission is to power every human decision in the enterprise and uses the power of AI to help the world’s most admired Fortune 100 companies.
Fractal’s products include Qure.ai to assist radiologists in making better diagnostic decisions, Cuddle.ai to assists CEOs, and senior executives make better tactical and strategic decisions, Theremin.ai to improve investment decisions and Eugenie.ai to find anomalies in high-velocity data.
Fractal has consistently been rated as India’s best companies to work for by The Great Place to Work® Institute. Fractal has been featured as a leader in the Customer Analytics Service Providers Wave 2019 by Forrester Research and recognized as an “Honorable Vendor” in 2019 magic quadrant for data & analytics by Gartner.
For more information: www.fractal.ai
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans For years we’ve been talking about the skills shortage that plagues the cybersecurity industry and which some reports now peg at three million and growing. Organizations lack trained, experienced resources in many areas including expertise in management and monitoring of the infrastructure protecting an environment, incident […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans by Joe Panettieri • Dec 20, 2019 Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across that managed security services provider ecosystem. The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR) and MSP security […] View full post on AmIHackerProof.com
#deepweb | Webscale Achieves Advanced Consulting Partner Status in the Amazon Web Services Partner Network
SUNNYVALE, Calif., Nov. 20, 2019 (GLOBE NEWSWIRE) — Webscale, the Digital Cloud Company, announced today that it is now an Advanced Consulting Partner in the Amazon Web Services (AWS) Partner Network (APN). The new designation underscores the company’s ability to rapidly migrate digital applications from static hosting environments to a fully managed cloud infrastructure in AWS. It also recognizes Webscale’s expertise in DevSecOps automation, and the company’s focus on providing availability, scalability, performance, and security in a simple-to-consume SaaS-based platform.
APN Consulting Partners help customers of all sizes design, architect, build, migrate, and manage their workloads and applications on AWS. To qualify for the APN Advanced Consulting Partner tier, partners must meet thorough requirements that demonstrate the scale of their AWS expertise, capabilities, and engagement in the AWS ecosystem, and showcase they have built strong AWS-based businesses.
“Achieving APN Advanced Consulting Partner status speaks volumes about the level of commitment and expertise that the Webscale team brings to every customer engagement,” said Sonal Puri, CEO at Webscale. “With our focus on the cloud for digital commerce – B2C, B2B, B2E – and our deep understanding of the needs of this segment as it relates to website infrastructure, our customers, both present and future, can enjoy peace of mind in knowing that they are selecting a proven team to help them leverage the cloud effectively and affordably.”
For more information on Webscale’s award-winning Digital Cloud platform, visit www.webscale.com.
Webscale, the Digital Cloud Company, is the leader in converged software for hyperscale cloud automation. Delivered as-a-Service, the Webscale platform allows businesses of all sizes to benefit from infinite scalability, load balancing, high performance, outage prevention, improved security, and simple management in multi-cloud environments, including Amazon Web Services (Advanced Consulting Partner in the AWS Partner Network), Google Cloud Platform (Google Cloud Platform Partner), and Microsoft Azure (Microsoft Partner Network). Webscale enables digital transformation for B2C, B2B, and B2E e-commerce and enterprise customers in seven countries and for seven of the Fortune 1000 businesses and seven of the Internet Retailer Top 500. The company is headquartered in Sunnyvale, CA, with offices in Boulder, CO, and Bangalore, India.
For more information, visit www.webscale.com. Follow us on LinkedIn, Twitter, and Facebook.
+1 (408) 416 7943
View full post on National Cyber Security
#cybersecurity | #hacking | Google Online Security Blog: How Google adopted BeyondCorp: Part 4 (services)
This is the final post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal implementation path at Google.
The first post in this series focused on providing necessary context for how Google adopted BeyondCorp, Google’s implementation of the zero trust security model. The second post focused on managing devices – how we decide whether or not a device should be trusted and why that distinction is necessary. The third post focused on tiered access – how to define access tiers and rules and how to simplify troubleshooting when things go wrong.
This post introduces the concept of gated services, how to identify and, subsequently, migrate them and the associated lessons we learned along the way.
High level architecture for BeyondCorp
Identifying and gating services
How do you identify and categorize all the services that should be gated?
Google began as a web-based company, and as it matured in the modern era, most internal business applications were developed with a web-first approach. These applications were hosted on similar internal architecture as our external services, with the exception that they could only be accessed on corporate office networks. Thus, identifying services to be gated by BeyondCorp was made easier for us due to the fact that most internal services were already properly inventoried and hosted via standard, central solutions. Migration, in many cases, was as simple as a DNS change. Solid IT asset inventory systems and maintenance are critical to migrating to a zero trust security model.
Enforcement of zero trust access policies began with services which we determined would not be meaningfully impacted by the change in access requirements. For most services, requirements could be gathered via typical access log analysis or consulting with service owners. Services which could not be readily gated by default ACL requirements required service owners to develop strict access groups and/or eliminate risky workflows before they could be migrated.
How do you know which trust tier is needed for every service?
As discussed in our previous blog post, Google makes internal services available based on device trust tiers. Today, those services are accessible by the highest trust tier by default.
When the intent of the change is to restrict access to a service to a specific group or team, service owners are free to propose access changes to add or remove restrictions to their service. Access changes which are deemed to be sufficiently low risk can be automatically approved. In all other cases, such as where the owning team wants to expose a service to a risky device tier, they must work with security engineers to follow the principle of least privilege and devise solutions.
What do you do with services that are incompatible with BeyondCorp ideals?
It may not always be possible to gate an application by the preferred zero trust solution. Services that cannot be easily gated typically fall into these categories:
- Type 1: “Non-proxyable protocols”, e.g. non-HTTP/HTTPS traffic.
- Type 2: Low latency requirements or localized high throughput traffic.
- Type 3: Administrative and emergency access networks.
The typical first step in finding a solution for these cases is finding a way to remove the need for that service altogether. In many cases, this was made possible by deprecating or replacing systems which could not be made compatible with the BeyondCorp implementation.
When that was not an option, we found that no single solution would work for all critical requirements:
- Solutions for the “Type 1” traffic have generally involved maintaining a specialized client tunneling which strongly enforces authentication and authorization decisions on the client and the server end of the connection. This is usually client/server type traffic which is similar to HTTP traffic in that connectivity is typically multi-point to point.
- Solutions to the “Type 2” problems generally rely on moving BeyondCorp-compatible compute resources locally or developing a solution tightly integrated with network access equipment to selectively forward “local” traffic without permanently opening network holes.
- As for “Type 3,” it would be ideal to completely eliminate all privileged internal networks. However, the reality is that some privileged networking will likely always be required to maintain the network itself and also to provide emergency access during outages.
It should be noted that server-to-server traffic in secure production data center environments does not necessarily rely on BeyondCorp, although many systems are integrated regardless, due to the Service-Oriented Design benefits that BeyondCorp inherently provides.
How do you prioritize gating?
Prioritization starts by identifying all the services that are currently accessible via internal IP-access alone and migrating the most critical services to BeyondCorp, while working to slowly ratchet down permissions via exception management processes. Criticality of the service may also depend on the number and type of users, sensitivity of data handled, security and privacy risks enabled by the service.
Most services required integration testing with the BeyondCorp proxy. Service teams were encouraged to stand up “test” services which were used to test functionality behind the BeyondCorp proxy. Most services that performed their own access control enforcement were reconfigured to instead rely on BeyondCorp for all user/group authentication and authorization. Service teams have been encouraged to develop their own “fine-grained” discretionary access controls in the services by leveraging session data provided by the BeyondCorp proxy.
Allow coarse gating and exceptions
Inventory: It’s easy to overlook the importance of keeping a good inventory of services, devices, owners and security exceptions. The journey to a BeyondCorp world should start by solving organizational challenges when managing and maintaining data quality in inventory systems. In short, knowing how a service works, who should access it, and what makes that acceptable are the central tenets of managing BeyondCorp. Fine-grained access control is severely complicated when this insight is missing.
Legacy protocols: Most large enterprises will inevitably need to support workflows and protocols which cannot be migrated to a BeyondCorp world (in any reasonable amount of time). Exception management and service inventory become crucial at this stage while stakeholders develop solutions.
The BeyondCorp initiative would not be sustainable at Google’s scale without the involvement of various Site Reliability Engineering (SRE) teams across the inventory systems, BeyondCorp infrastructure and client side solutions. The ability to successfully achieve wide-spread adoption of changes this large can be hampered by perceived (or in some cases, actual) reliability issues. Understanding the user workflows that might be impacted, working with key stakeholders and ensuring the transition is smooth and trouble-free for all users helps protect against backlash and avoids users finding undesirable workarounds. By applying our reliability engineering practices, those teams helped to ensure that the components of our implementation all have availability and latency targets, operational robustness, etc. These are compatible with our business needs and intended user experiences.
Put employees in control as much as possible
Employees cover a broad range of job functions with varying requirements of technology and tools. In addition to communicating changes to our employees early, we provide them with self-service solutions for handling exceptions or addressing issues affecting their devices. By putting our employees in control, we help to ensure that security mechanisms do not get in their way, helping with the acceptance and scaling processes.
Throughout this series of blog posts, we set out to revisit and demystify BeyondCorp, Google’s internal implementation of a zero trust security model. The four posts had different focus areas – setting context, devices, tiered access and, finally, services (this post).
If you want to learn more, you can check out the BeyondCorp research papers. In addition, getting started with BeyondCorp is now easier using zero trust solutions from Google Cloud (context-aware access) and other enterprise providers. Lastly, stay tuned for an upcoming BeyondCorp webinar on Cloud OnAir in a few months where you will be able to learn more and ask us questions. We hope that these blog posts, research papers, and webinars will help you on your journey to enable zero trust access.
Thank you to the editors of the BeyondCorp blog post series, Puneet Goel (Product Manager), Lior Tishbi (Program Manager), and Justin McWilliams (Engineering Manager).
View full post on National Cyber Security