now browsing by tag
U.S. vs. China heavyweight
fight not ending soon
As we endure the ongoing U.S.
vs. China trade talks, it has become increasing clear that the U.S.
administration’s on-again off-again relationship with China is not going to
change. The U.S. is seeking a reset
in its relationship with China including better protections for American IP,
and Huawei has become a victim of this reset.
This ongoing instability has
resulted in having the Five Eyes’ (United States, Britain, Canada, New Zealand
and Australia) decision
not to use technology from Huawei in the “sensitive” parts of their telecoms
networks. The U.S. told allies not to
use Huawei for fear of Chinese spying through the back doors of the equipment.
The key to share shift is
Now let’s look at the U.S. vs.
China spat through the lens of wireless system integrators. Ericsson and Nokia have long been dominant
players in world since 2G. Huawei made
significant share increases in APAC with LTE deployments and to a lesser extent
in Latin America, Africa and Eastern Europe.
Now LTE deployments (first national deployments begun in 2009) are
The networks are built, the vendors
are selected, and their services are up and running. Global market share is set, for now. Now enter the 5G major deployments for 2020. New 5G vendors are performing acceptance
testing on initial deployments imminently at this very moment, and this represents
the biggest chance in 10 years for any of the major vendors (Ericsson, Nokia,
Huawei, Samsung, Cisco) to gain share.
Enterprise fears and China
Once we accept that Huawei’s position
in the cross hairs of the U. S. administration isn’t changing, there are two
aspects we must consider. First, though
Huawei’s executives have made multiple statements saying there are no back
doors to their equipment, two Chinese laws- the 2017 National Intelligence Law
and the 2014 Counter Espionage Law -remain very problematic for the
company. Some of the most troubling language is
content like Article 22 which states:
“When the state security organ investigates and understands
the situation of espionage and collects relevant evidence, the relevant organizations
and individuals shall provide it truthfully and may not refuse.”
have interpreted this as a legal basis upon which the Chinese government could
compel any Chinese company including Huawei to share any and all customer data from equipment deployed both inside China
and throughout the rest of the world.
With the understanding that
Huawei may have a legal obligation to share customer data with the intelligence
wing of the Chinese government, non-Chinese vendors gain a distinct advantage. Because enterprises believe they can be and
are being penetrated (Radware research
found that 67% of C-Suite executives believe their networks can be penetrated
by hackers). Cisco, Nokia, Ericsson and
others can differentiate themselves by developing a superior security offering. And they can make a statement to Service
Providers that Huawei never can: “We will never share any customer data with
any foreign governments and have ZERO legal obligation to do so.”
Once Cisco, Ericsson, Nokia
and others embrace this statement, Service Providers will clearly understand they
can build superior, high quality, agile security services with Western vendors.
Thousands of security
instances, when and where you need them
As Service Providers build
out their new 5G core networks, many will build out thousands of Mobile Edge
Compute (MEC) nodes across the network.
These MECs give the Service Providers a service edge that is geographically
very close to tens of thousands of enterprises, and that sees all the
applications flowing in and out of the enterprise. This becomes an ideal point to insert a
security instance at the network, or application layer (or both) to inspect
traffic in real-time as it enters and exits the enterprise. When the security instance sees any anomaly,
it can signal to the orchestration layer to spin up an enforcement instance to
clean the traffic and block the offending IP address (or whatever action is
required by the pre-programmed security policy).
In addition, the MEC nodes
are effectively distributed private cloud instances. As such, they enable Service Providers to
deploy this highly valuable security service as a completely software-based
cloud solution. This results in a
significantly lower cost service with new business models in which enterprises could
pay for a monitoring only service that increases to an additional enforcement
service just for the actual minutes spent thwarting an attack. This opens new avenues for revenue to
businesses that see themselves as vulnerable, but can only afford a small
amount per month to monitor their applications.
Increase growth 30X? Yes
Managed Security Services are
going through a period of explosive growth.
For example, Akamai saw 29%
growth YoY in its most recent quarter.
In an environment where large
Service Providers are growing
overall revenues in the low single digits, a high value, high margin service
growing almost 30X faster than the overall company is very attractive.
Cisco, Ericsson, Nokia and
other non-Chinese vendors have a unique opportunity to lead with security in
their 5G MEC applications. This will
enable them to differentiate against Huawei with the superiority of their
offerings and the ability to provide peace of mind from foreign government
hacking that clouds Huawei networks. It
truly is a great opportunity for Western network equipment vendors to:
- Gain 5G share
- Help Service Providers
build a superior high value security service
themselves as the pro security, pro privacy vendors for Service providers in an
environment where most enterprises see themselves as vulnerable.
View full post on National Cyber Security
#school | #ransomware | Town Hit by Ransomware; System Shut Down to Limit Damage – East Greenwich News
Source: National Cyber Security – Produced By Gregory Evans By Elizabeth F. McNamara Town Manager Andrew Nota said Saturday the town had been hit with computer ransomware and had shut down the system townwide to evaluate the damage and rebuild. “There have been numerous system breaches in municipalities in Rhode Island, New England and nationally […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Analyst Discusses Reporting Hack Of Computer System At Indian Nuclear Reactor | Avast
Source: National Cyber Security – Produced By Gregory Evans This week a report of hackers gaining access to an Indian nuclear power plant’s computer network led to alarm, confusion, and denial before officials admitted the hack took place. The threat analyst who reported the issue experienced a unique vantage point in the middle of that […] View full post on AmIHackerProof.com
LOS ANGELES (AP) — A man who hacked Los Angeles County court computers, sent 2 million malicious phishing emails and stole hundreds of credit card numbers has been sentenced in Los Angeles.
Oriyomi Aloba received a 12-year federal prison sentence Monday.
Authorities say the 33-year-old Katy, Texas, resident hacked the Superior Court computer system in 2017, compromised one worker’s email account and used it to send out phishing emails that obtained email addresses and passwords from hundreds of other workers.
Their accounts were then used to send out 2 million emails pretending to be from American Express, Wells Fargo and other companies to obtain banking and credit card information.
Prosecutors say Aloba’s hacking substantially disrupted the court system at a cost of tens of thousands of dollars.
Copyright © 2019 The Associated Press. All rights reserved. This website is not intended for users located within the European Economic Area.
The post #hacking | Man sentenced for hacking LA court system appeared first on National Cyber Security.
View full post on National Cyber Security
Green Bay Police say they are investigating the hacking of a local corporation’s computer network, resulting in the theft of “significant amounts of money” from victims in the organization.
Police did not immediately identify the company that was attacked. Action 2 News will work to find that out.
Officers say the hackers stole human resources information.
“In this case, it appeared the cyber actors utilized a known vulnerability to access the company’s computer systems and human resources software to steal personal identifying information from employees,” reads a statement from Capt. Jeremy Muraski.
Police say the vulnerability was a known issue and a security patch had not been installed and updated.
“This incident demonstrates how vital it is to maintain public facing computer systems with the latest security patches from the server companies as cyber actors will attempt to use exploits as long as they are finding vulnerable systems,” reads the statement from Capt. Muraski.
The post Local #company's #system #hacked; employee #info #stolen appeared first on National Cyber Security .
View full post on National Cyber Security
The hack that forced Baltimore’s 911 dispatch system to be temporarily shut down over the weekend was a ransomware attack, city officials said Wednesday.
Such attacks — another of which occurred in Atlanta last week — take over parts of private or municipal computer networks and then demand payment, or ransom, for their release.
Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said he was not aware of any specific ransom request made by the hackers of Baltimore’s network, but federal authorities are investigating.
“The systems and the software and the files are all being investigated by the FBI right now,” Johnson said.
No personal data of city residents was compromised, he added.
Dave Fitz, an FBI spokesman, could not be reached Wednesday. On Tuesday, Fitz said the agency was aware of the breach and providing assistance to the city, but otherwise declined to comment.
The attack infiltrated a server that runs the city’s computer-aided dispatch, or CAD, system for 911 and 311 calls. The system automatically populates 911 callers’ locations on maps and dispatches the closest emergency responders there more seamlessly than is possible with manual dispatching. It also relays information to first responders in some cases and logs information for data retention and records.
The breach shut down the CAD system from Sunday morning until Monday morning, forcing the city to revert to manual dispatching during that time. While the city’s 911 calls are normally recorded online on Open Baltimore, the city dispatch logs stopped recording them at 9:54 a.m. Sunday and didn’t resume recording them again until 7:42 a.m. Monday.
Johnson said the attack was made possible after a city information technology team troubleshooting a separate communications issue with the server inadvertently changed a firewall and left a port, or a channel to the Internet, open for about 24 hours, and hackers who were likely running automated scans of networks looking for such vulnerabilities found it and gained access.
“I don’t know what else to call it but a self-inflicted wound,” Johnson said. “The bad guys did not get in on their own without the help of someone inadvertently leaving the door open.”
Once the “limited breach” was identified, city information technology crews “were able to successfully isolate the threat and ensure that no harm was done to other servers or systems” on the city’s network, Johnson said. And once “all systems were properly vetted, CAD was brought back online.”
Johnson said the city “continues to work with its federal partners to determine the source of the intrusion.”
The Baltimore hack comes amid increasing hacking of municipal systems across the country, and follows one in Atlanta last week that paralyzed that city’s online bill-payment system, with hackers demanding a $51,000 payment in bitcoin to unlock it. That attack occurred Thursday, and Atlanta employees only turned their computers back on Tuesday.
Johnson said his office works diligently to prevent cyberattacks and is looking to invest more in safeguarding its networks.
Baltimore also faced cyberattacks during the unrest in 2015, when its website was taken offline. Johnson said he was unaware of any other successful attacks on the city’s networks. He said the city would be obligated to disclose any attacks that compromised residents’ personal information, health information or crime data.
Johnson said he feels the city recovered well from the breach once it was identified, but that he did not want to go into detail about what was done lest he expose the city to more attacks.
The city has a $2.5 million contract with TriTech Software Systems to maintain its CAD software and provide “technical support services to ensure the functional integrity” of the city’s CAD system.
Scott MacDonald, TriTech’s vice president of public safety strategy, said the company worked with city IT personnel to shut down the CAD software after the attack. The breach was not related to the company’s software, MacDonald said.
“When we were alerted of it, it was reported that the server had some sort of compromise,” he said. “Our techs connected and worked with the IT staff there, and the CAD system was taken down manually, in combination between our staff and theirs, while the servers could be troubleshooted by the city.”
View full post on National Cyber Security Ventures
Homeland Security Secretary Kirstjen Nielsen told senators that most states are being cooperative with the whole-of-government effort to protect voting systems from cyberintrusions, though there are two unnamed states “who aren’t working with us as much as we would like right now.”
Members of the Senate Intelligence Committee grilled Nielsen last week about what is being done to secure the vote in light of Russia’s campaign influence operation in the 2016, and for an inside perspective on that campaign season former DHS Secretary Jeh Johnson joined Nielsen at the witness table.
Chairman Richard Burr (R-N.C.) praised DHS for making “great strides towards better understanding elections, better understanding the states, and providing assistance that makes a difference to the security of our elections.”
“But there’s more to do. There’s a long wait time for DHS premier services. States are still not getting all the information they feel they need to secure their systems,” Burr said. “The department’s ability to collect all the information needed to fully understand the problem is an open question, and attributing cyber attacks quickly and authoritatively is a continuing challenge.”
The chairman stressed that “this issue is urgent — if we start to fix these problems tomorrow, we still might not be in time to save the system for 2016 and 2020.”
Vice-Chairman Mark Warner (D-Va.) noted that in 2016 Russian actors “were able to penetrate Illinois’ voter registration database and access 90,000 voter registration records — they also attempted to target the election systems of at least 20 other states.”
“The intelligence community’s assessment last January concluded that Russia secured and maintained access to multiple elements of U.S. state and local election boards,” he said. “And the truth is clear that 2016 will not be the last of their attempts.”
Nielsen described the DHS arm of the election security mission as providing “assistance and support to those officials in the form of advice, intelligence, technical support, incident response planning, with the ultimate goal of building a more resilient, redundant, and secure election enterprise.”
“Our services are voluntary and not all election officials accept our offer of support. We continue to offer it; we continue to demonstrate its value. But in many cases state and local officials have their own resources and simply don’t require the assistance that we’re offering,” she said.
So far, the secretary told senators, “more than half” of states have signed up for DHS’ cyber hygiene scanning service, an automated remote scan “that gives state and local officials a report identifying vulnerabilities and offering recommendations to mitigate them.”
Another tool DHS is using is information sharing directly with election officials “through trusted third parties such as the Multi-State Information Sharing and Analysis Center, or MS-ISAC, and we look forward to the creation of the Election ISAC.”
Nielsen emphasized the need to “rapidly share information about potential compromises with the broader community so that everyone can defend their systems.”
“This collective defense approach makes all election systems more secure,” she said. “We’re also working with state election officials to share classified information on specific threats, including sponsoring up to three officials per state with security clearances and providing one-day read-ins as needed when needed, as we did in mid-February for the secretaries of state and election directors. We are also working with the intelligence community to rapidly declassify information to share with our stakeholders.”
Unlike DHS’ posture in 2016, Nielsen said the department now knows which person to contact in every state to share threat information.
“DHS is leading federal efforts to support and enhance the security of election systems across the country. Yet we do face a technology deficit that exists not just in election infrastructure but across state and local government systems,” she said. “It will require a significant investment over time and will require a whole-of-government solution to ensure continued confidence in our elections.”
Johnson talked about the Obama administration’s reticence to make a wrong move on Russia’s campaign interference and give the appearance that the White House was stepping into the election.
“The reality is that, given our electoral college and our current politics, national elections are decided in this country in a few precincts in a few key swing states. The outcome, therefore, may dance on the head of a pin. The writers of the TV show House of Cards have figured that out. So can others,” Johnson told lawmakers, adding he’s “pleased by reports that state election officials to various degrees are now taking serious steps to fortify cybersecurity of their election infrastructure and that the Department of Homeland Security is currently taking serious steps to work with them in that effort.”
Nielsen said DHS is trying to get security clearances for those three election contact persons in each state, but only “about 20” of those 150 officials have received the full clearance. “We’re granting interim secret clearances as quickly as we can,” she said, adding later that they’re “widely using day read-ins now, so we’re not going to let security clearances hold us up.”
The secretary said “a lot of work” has been accomplished at DHS over the past year on “related processes,” including working with the intelligence community to declassify information as “some of the information does not originate within DHS, so we need to work with our partners to be able to share it.”
“The second one is on victim notification. We have a role there, but so does FBI and so does MS-ISAC, which in this case the Multi-State Information Sharing and Analysis Center was in some cases the first organization to identify some of the targeting,” Nielsen said. “So we have to work with whomever originates the information. We all have different roles. So we’ve worked to pull it all together so that we can quickly notify victims of what has occurred.”
Pressed on the current level of cyber threat from malicious actors heading into midterm elections, Nielsen replied that “the threat remains high.”
“We think vigilance is important, and we think there is a lot that we all need to do at all levels of government before we have the midterm elections,” she said. “I will say our decentralized nature both makes it difficult to have a nationwide effect, but also makes it perhaps of greater threat at a local level. And, of course, if it’s a swing state or swing area that can, in turn, have a national effect.”
“So what we’re looking at is everything from registration and validation of voters — so those are the databases, through to the casting and the tabulation of votes, through to the transmission — the election night reporting, and then, of course, the — the certification and the auditing on the back end. All of those are potential vulnerabilities. All of those require different tools and different attention by state and locals,” Nielsen continued, adding that the federal government continues to work with state and local jurisdictions “to also help them look at physical security.”
“They need to make sure that the locations where the voting machines are kept, as well as the tabulation areas, they need access control and very traditional security like we would in other critical infrastructure areas,” she said.
Johnson told senators that “with the benefit of two years’ hindsight it does seem plain… that the Russian effort has not been contained; it has not been deterred.”
“In my experience, superpowers respond to sufficient deterrence and will not engage in behavior that is cost prohibitive. Plainly, that has not occurred and more needs to be done,” the former DHS chief said. “With the benefit of hindsight, the sanctions we issued in late December  have not worked as an effective deterrent and it’s now on the current administration to add to those and follow through on those.”
View full post on National Cyber Security Ventures
For a homeowner, the knowledge that a trained eye has evaluated the home security system — and attested that it is in good working order — can go a long way toward a good night’s sleep.
The same goes for business owners and executives in charge of keeping the company’s digital assets safe. Recent global ransomware attacks, such as the WannaCry and NotPetya strains, have highlighted the growing and pervasive risks to organizations of all sizes and in all sectors of the economy.
Many business owners and executives believe that they can manage these risks with technology such as firewalls and anti-virus software. However, just like an alarm system that has not been activated is useless, defensive technology will not overcome bad controls and human error.
Stakeholders Scrutinize Cybersecurity Defenses
Boards of directors, customers, employees, investors, business partners, and regulatory bodies expect organizations to have processes and controls designed to prevent, detect, and mitigate the effects of cybersecurity events. Increasingly, these stakeholders expect independent third-party reports that attest to the effectiveness of the organization’s cybersecurity risk management program.
But the challenge has been choosing from among a multitude of reporting frameworks and solution providers. In 2017, the American Institute of CPAs (AICPA) introduced a robust, industry-agnostic framework intended to provide the market with a conventional approach to evaluating and reporting on a company’s cybersecurity risk management program.
The post Will Your #Cybersecurity Defense #System Protect Your #Organization? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
New York is #quietly working to #prevent a major #cyber attack that could bring down the #financial #system
Source: National Cyber Security News
Five months before the 9/11 attacks, US Secretary of Defense Donald Rumsfeld sent a memo to one of his advisers with an ominous message.
“Cyberwar,” read the subject line.
“Please take a look at this article,” Rumsfeld wrote, “and tell me what you think I ought to do about it. Thanks.”
Attached was a 38-page paper, published seven months prior, analyzing the consequences of society’s increasing dependence on the internet.
It was April 30, 2001. Optimistic investors and frenzied tech entrepreneurs were still on a high from the dot-com boom. The World Wide Web was spreading fast.
Once America’s enemies got around to fully embracing the internet, the report predicted, it would be weaponized and turned against the homeland.
The internet would be to modern warfare what the airplane was to strategic bombers during World War I.
The paper’s three authors — two PhD graduates and the founder of a cyber defense research center — imagined the damage a hostile foreign power could inflict on the US. They warned of enemies infecting computers with malicious code, and launching mass denial of service attacks that could bring down networks critical to the functioning of the American economy.
View full post on National Cyber Security Ventures