Archive for the ‘computer security software’ category

DDoS Attack

November 29th, 2017

DDoS attack attempts on organizations was 237 per month or eight attack attempts a day in third quarter of 2017.

“The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs,” Corero CEO Ashley Stephenson said in a statement. “These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device,” Stephenson added. “Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

In second quarter of 2017, the attack leveraged multiple vendors “Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats,” Stephenson said.

Sapio Research conducted survey on behalf of CDNetworks. It shows that 88 percent of U.S. respondents are confident in their current DDoS mitigation capabilities. Among them 69 percent got affected by DDoS attack within the past 12 months.

“The results show that most U.S. companies are mindful of the alarming recent rise in DDoS attacks, and are increasing their investment in mitigation technology in response,” CDNetworks Americas managing director Alex Nam said in a statement. “This has understandably led to a confidence in resilience. But when comparing alongside the frequency of DDoS attacks and the likelihood of their success, this confidence tips worryingly into complacency.”

There was increase in attack on gaming services and on platforms offering new financial services such as initial coin offerings (ICOs).

“Entertainment and financial services — businesses that are critically dependent on their continuous availability to users — have always been a favorite target for DDoS attacks,” Kaspersky head of DDoS protection Kirill Ilganaev said in a statement. “For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen.

Ransomware Attack and Phony Websites

November 17th, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Deception Technology

October 31st, 2017

Symantec’s endpoint security product suite has latest update which uses deception technology to keep devices secured. Deception technology is first step towards this efforts in the industry.

It unveiled Endpoint Security for the Cloud Generation along with this new technology. It is used by the companies to trick hackers which makes them believe that they had gained access to the systems.

“Deception technology is a direct result of Symantec’s innovation strategy paired with more than 15 years of endpoint security expertise,” Sri Sundaralingam, head of product marketing for Enterprise Security Products at Symantec.

The technique makes hackers to waste their efforts, time and energy breaking into fake servers.

“With deception on the endpoint, customers can now utilize the threat intelligence and deception capabilities of the largest security company in the world to expose stealthy attack tactics, delay attackers, and determine attacker intent beyond what’s available through purely network-based deception technologies – all at a scale like no other in the market,” continued Sundaralingam.

SEP 14.1 also had a new add-on entity which is called Hardening. It isolates suspicious activity at applications.  It also provides behavioral analysis and machine learning to identify malware.

Symantec Advanced Threat Protection (ATP): Endpoint 3.0 employs SEP’s endpoint detection and response features combined with threat intelligence and machine learning to stop attacks.

Company also launched Skycure’s AI-enabled mobile threat defense software. Skycure was acquired by Symantec for an undisclosed amount.

“One of the most dangerous assumptions in today’s world is that iOS and other mobile devices that employees bring into the office are safe, but the apps and data on these devices are under increasing attack,” stated Symantec CEO Greg Clark at the time. “We believe that tomorrow’s workforce will be completely mobile and will demand a cyber defense solution that travels with them.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen

DHS and FBI warns of APTs Targeting

October 27th, 2017

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have recently mentioned in a statement that an advanced persistent threat (APT) campaign is specifically targeting government entities and organizations. The affected entities are energy, nuclear, water, aviation and critical manufacturing sectors.

Attackers are targeting low security networks and third party suppliers.

“Based on malware analysis and observed [indicators of compromise], DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign,” the alert mentioned

Attackers use public website tor phishing attack.

“As an example, the threat actors downloaded a small photo from a publicly accessible human resources page,” the report states. “The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.”

Hackers try to steal login information through security loopholes.

“Although these watering holes may host legitimate content by reputable organizations, the threat actors have altered them to contain and reference malicious content,” the alert mentioned.

“Approximately half of the known watering holes are trade publications and information websites related to process control, ICS, or critical infrastructure.”

Attackers conduct reconnaissance operations after getting into system.

“Specifically, the threat actors focused on identifying and browsing file servers within the intended victim’s network,” the alert states. “The threat actors viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems.”

In one case hackers got inside energy installation systems.

Virsec Systems CEO Atiq Raza told eSecurity Planet that attack has common pattern “Rather than directly attacking high security networks, hackers are doing careful reconnaissance of connected third parties, staging servers or watering holes for insiders,” he said. “Once hackers steal credentials, or find a less secure backdoor, they can quickly pivot to more secure servers, bypassing traditional network perimeter security.”

“IT security needs to assume the perimeter is porous and focus more directly on guarding sensitive applications and data,” Raza added.

____________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Funding for Averon

October 25th, 2017

San Francisco-based company Averon recently secured $8.3 million in an Avalon Ventures-led Series A round of funding. The firm is a mobile authentication startup.

Direct Autonomous Authentication (DAA) mobile identity verification standard is the brainchild of Averon. It allows smartphone users seamlessly and securely interact with services and devices. The technology allows users to interact with devices like smart locks which involves no download of dedicated app.

“Averon leverages real-time mobile network signaling and the SIM/eSIM (eUICC) chips already found in the world’s seven billion smartphones, requiring no installation, no apps, and no user involvement whatsoever,” the company explained in an Oct. 24 media advisory. “Working seamlessly in the background, it is the easiest, fastest and most secure way to provide instant, frictionless authentication.”

Wendell Brown, Averion’s CEO mentioned that his company is the solution to large scale breaches in current time.

“As we see in the news every day, cybersecurity breaches continue to grow in size and frequency, and the world is in desperate need of the next generation of online identity authentication,” said Brown, in a statement. “Averon offers a uniquely superior solution that authenticates users while relying on zero personally identifiable data and requiring zero effort on the part of consumers – Averon is the new gold standard in cybersecurity, and we’re rapidly taking it to scale.”

Many cyber security startups are getting funded. The partial list can be mentioned as below who got funding in recent times –

KnowBe4 secured a $30 million Series B round of financing the company

Contrast Security mentioned that it had completed a Series C round worth $30 million

ShiftLeft’s secured $9.3 million

Attivo Networks secured  $21 million Series C round of funding

Duo Security raised $70 million

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Breaches in US Financial Service Organizations

October 23rd, 2017

As per the 2017 Thales Data Threat Report, forty two percent of U.S. financial services organizations got affected by data breach. Survey saw participation of 1,100 senior security executives worldwide. The findings are as below:

Twenty four percent of the organizations suffered data breach in last year alone

Nineteen percent suffered data breach in 2016

Eighty-six percent of participants believe they are vulnerable to data threats.

Ninety six percent will use sensitive data in an advanced technology environment

“Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers,” Thales e-Security vice president of strategy Peter Galvin said in a statement.

“As digitization continues to transform the industry’s online infrastructures it is critical organizations implement data security solutions that follow the data — wherever it is created, shared or stored,” Galvin added.

A recent survey conducted by ISMG survey of over 250 banking and security leaders found that 38 percent have confidence in threat detection deployed by companies.

“This survey certainly shows that while consumers may shoulder many direct costs and burdens associated with fraud, institutions are also suffering substantially,” NuData Security marketing director Lisa Baergen told eSecurity Planet by email.

“The global uptick in fraud, coupled with ever-increasing amounts of PII available on the black market, makes financial institutions more vulnerable and as a result, their security investments are growing yet their confidence in them isn’t,” Baergen added.

As per Symantec’s Q2 Mobile Threat Intelligence Report: Mobility and Finance found that twenty five percent of mobile devices used by employees at financial services organizations are at risk.

“Since user behavior is such a huge factor in mobile security, user education is one of the most important things an organization can do to… minimize the threat to their organizations through mobile devices,” the report suggests.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

North Korea Hackers Hit US Companies

October 14th, 2017

FireEye researchers recently mentioned that spear phishing emails were sent to U.S. electric companies which can be traced back to North Korea.

The emails contained fake invitations to a fundraiser. Anyone who opened attachment will get malware.

The researchers mentioned that the attack is early-stage reconnaissance.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Two years ago North Korean hackers has released sensitive data on South Korean nuclear power plants.

Researchers mentioned that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Eddie Habibi, CEO of PAS Global mentioned that with the growing tension between US and North Korea the frequency of the attack will rise.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Oracle CEO Promises Autonomous Security Technology

October 2nd, 2017

Oracle’s founder Larry Ellison mentioned Equifax mistakes while mentioning that new Oracle technology would help to prevent Oracle customers from the data breach.

Due to vulnerability in the Apache Struts framework, there was data breach which exposed personally identifiable information on 143 million Americans.

“The biggest threat by far in cybersecurity is data theft,” Ellison said. “Preventing data theft is all about securing your data.”

As per the Oracle CEO, Oracle database is the safest database. Its new Oracle 18c database has autonomous capabilities. It has auto-tuning as well as automatic patching capabilities.

Ellison plans on announcing a new cyber-security service.

“You have to know when you’re being attacked and as they come in and you better detect that during reconnaissance phase,” Ellison said. “The attacker’s goal is to take your data and send it someplace else.”

The new system will automatically detect threats when they first appear. It will immediate defend and remediate against the detected problem.

He also mentioned that automated patching is key to the cyber defense.

“We have to automate our cyber-defences and you have to be able to defend yourself without taking your systems offline or shutting down your database,” Ellison said.

The new system makes use of machine learning and has the same underlying technology foundation as the Oracle 18c database.

“No human error means no opportunities for human malicious behaviour,” Ellison said.

“After your database’s been notified by your security system it has to be able to patch itself immediately while running,” he explained.

“There was a patch available for Equifax [but] somebody didn’t apply it. It’s a clean sweep; directors aren’t safe, nobody’s safe when something like that happens. People are going to get better at stealing data and we have to get a lot better at protecting it.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

New Anti-Malware Engine by BullGuard

September 30th, 2017

London cybersecurity software provider BullGuard launched new anti-malware engine to detect and block advanced threats.

“The new engine is specifically designed to protect against zero-day threats or threats, such as polymorphic malware and file-less attacks, for which traditional signature-based engines are insufficient. The engine monitors a wide array of behaviours across the device and utilizes a comprehensive set of rules to discriminate bad behaviour from good,” explained Paul Lipman, CEO of BullGuard.

“The client-side engine is supported by a cloud-based machine learning system that continually learns from data across our customer base, and from our automated malware research systems, so the ruleset and engine functionality improve on an on-going basis,” continued Lipman.

The company is further branching out from its consumer antivirus roots with a real-time Home Network Scanner feature in BullGuard Premium Protection that continually scans a home’s Wi-Fi networks for internal threats. It also enlists the cloud to scan home networks using external vectors, a similar tactic to that used by security professionals to perform penetration testing.

Home Network Scanner finds cybersecurity problems. There is a rise in the attack on IoT devices.

“Earlier this year BullGuard released an IoT scanner that checks whether your home network is accessible from the open internet. We found that approximately five percent of people using our scanner had open ports that could potentially be compromised by attackers,” revealed Lipman.

“Consumer routers are notoriously hackable, as we’ve seen this year in multiple news stories (most notably the Wikileaks revelation about how the CIA has been pwning consumer routers for over a decade),” he added. “The new home network scanner offered in BullGuard Premium Protection takes this scanning to the next level, utilizing a deeper scan from multiple locations in the cloud, and coupling this with internal network scanning capabilities to ensure that our customers are immediately aware of potential vulnerabilities.”

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

APT33 Attacks US companies

September 29th, 2017

As per the FireEye researchers, Iranian government hacking group is using phishing attacks to target companies in the U.S., Saudi Arabia and South Korea. The group is named as APT33.

In the past year,  the group is able to access to many U.S. organization in the energy sector. It also targeted refining and petrochemicals in South Korean and aviation business in Saudi Arabia.

“We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia’s military aviation capabilities to enhance Iran’s domestic aviation capabilities or to support Iran’s military and strategic decision-making vis a vis Saudi Arabia,” the researchers wrote.

“Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities,” FireEye director of intelligence analysis John Hultquist said in a statement. “Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world.”

STEALTHbits Technologies CTO Jonathan Sander told eSecurity Planet that this is changing the face of cyber attacks.”When a cyber attack occurs, most still envision some young man in a hoodie or loner in a basement,” he said. “However, most of the bad guys today are professionals working for governments, organized crime, or even private [firms] in countries with lax laws that let cybercrime be a middle-class profession.”

“Organizations tend to focus defense on attacks that would exfiltrate data,” he said. “Many use the common notion that we’ve all been penetrated already as an excuse to only worry about defending against the last stage of most attacks where that data is stolen. When the motivation is destruction, though, the part where the data leaves never happens, and the trap is never sprung.”

Virsec Systems co-founder and COO Ray DeMeo mentioned there is no surprise in such groups. “We’ve seen clear evidence for some time that nation-state funded groups are using systematic, methodical, and innovative techniques to find weaknesses in networks and critical infrastructure systems,” he said.

“Expect ongoing cyber warfare to be the new normal, and it’s critical that all organizations take security much more seriously, improve their detection and protection capabilities, and train all employees to protect their credentials against theft,” DeMeo added.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.