Archive for the ‘Data Protection’ category

Increase in Ransomware Sales

October 16th, 2017

There was increase in sales of ransomware on the dark web by 2,502 percent. It raised to 6.2 million dollar from $250,000.

“This increase is largely due to a simple economic principle — supply and demand,” the report states. “Cyber criminals are increasingly seeing opportunities to enter the market and looking to make a quick buck via one of the many ransomware offerings available via illicit economies.”

There are around 6300 dark web marketplaces which sells ransomware. The listing includes 45,000 product which are priced in the range of $0.50 to $3,000.

“Based on our research, ransomware can no longer be perceived as petty criminals performing stick-ups and kidnappings,” Carbon Black security strategist Rick McElroy said in a statement. “Instead, ransomware has become a rapidly growing, cloud-based black market economy focused on destruction and profit.”

“Today, legitimate enterprises avoid heavy investments in infrastruture — and hackers are no different,” McElroy added. “In fact, with ransomware, hackers have set a model for a cloud-based, high-profit and effective turnkey service economy.”

Survey conducted by Crowd Research Partners of 516 cyber security professionals shows that –

Eighty percent view ransomware a moderate or extreme threat

Small fraction of respondents say they will pay ransom

It also found out that most successful insertion of malware is through email attachments.

“In many respects, ransomware is a game changer,” Cybersecurity Insiders founder and CEO Holger Schulze said in a statement. “It is incredibly easy and inexpensive for cyber criminals to execute highly profitable attacks on a global scale.”

Survey conducted by Magnet Networks of 205 shows that 48 percent do not have cyber security policy.

“We found that only 13 percent of respondents think that their business is very secure — and in the absolute world of cyber attacks you are either totally secure or you are vulnerable in some way,” Magnet Networks cyber security expert James Canty said in a statement.

In seventy percent of the companies under 10 employees, the security aspect is handled by business owner or office manager.

That means that as many as 171,000 Irish businesses, Canty said, “have no one qualified looking after their network security and may not be protected against a ransomware and cybercrime industry which is growing at a rapid rate.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Fast Flux Botnets is a Security Risk

October 8th, 2017

Attackers use many techniques which is hidden in nature. Akamai research mentioned that a botnet with over 14,000 IP addresses uses fast flux DNS technique to avoid detection. It is technique which uses Domain Name System (DNS) to hide the source of an attack.

Multiple sets of IP address are rapidly swapped in and out of the DNS records which avoids detection. Most of the attack are coming from eastern Europe.

“No attribution to a specific attacker, but the research shows that the majority of botnet IP addresses are from Ukraine, Romania and Russia,” Or Katz, Principal Lead Security Researcher, Akamai, told eSecurityPlanet.

Botnets have been using fast flux techniques earlier which includes the zBot and Avalanche networks.

It is not a new technique. The focus of the research conducted by Akamai is to show analysis using data science approaches.

“According to the evidence we were able to collect, we assume that the botnet infrastructure is based on compromised machines and the machines that are associated with the botnet are constantly changing,” Katz said. “The fast flux technique being used is abusing the features of DNS in a way that serve their objectives.”

Akamai has not given the specifics of the attack.

“While tracking fast flux botnet is challenging, it is possible to do so by using algorithms that capture the fluxing behavior by looking on the relevant features, and this can lead to detecting such networks out-of-the-box,” Katz said.

One can detect botnets attack by having threat landscape visibility along with DNS and web traffic monitoring.

“Fast flux botnets are using domain names as the way for communication with malware,” Katz said. “Having algorithms that can track those domain names, once they start to become active, can reduce the effectiveness of such botnets.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running IOS and Android are encrypted before access is granted.

Outsourcing Solution for Skill Gap?

October 5th, 2017

A recent survey shows that there is huge skill gap in security staff. Three hundred and fifteen IT security professionals participated. Seventy two percent mentioned that it is difficult to hire skilled staff.

Ninety percent of the participants believe that technology vendors can help to address the skills gap. Ninety six percent believe automation can solve skill gap.

Tripwire sponsored the survey and was conducted by Dimensional Research. Forty seven percent of respondents are worried about losing security capabilities due to skill gap.

Other findings include –

Fifty two percent mentioned that they’re concerned about coping up with vulnerabilities

Twenty nine percent are concerned about keeping track of devices and software on the network

Twenty four percent are concerned about identifying and responding to issues in a timely manner

“Considering the recent high-profile threats that have been attributed to unpatched systems, it’s no wonder respondents are concerned that a technical skills gap could leave their organizations exposed to new vulnerabilities,” Tripwire vice president of product management and strategy Tim Erlin said in a statement.

Eight percent believe they need expertise in the cloud.

“Growing adoption of cloud, IoT and DevOps brings about new challenges that security teams with need to keep up with, and if organizations want to bridge a technical skills gap they should look to work with security vendors and managed security providers who can help them address today’s major attack types, while also offering training to their existing IT teams,” Erlin said.

“As security continues to become an even bigger challenge for organizations, we can expect to see more and more businesses outsourcing to gain security expertise in the future,” he added.

Another (ISC)2 survey of more than 3,300 IT professionals stated that there is no adequate  resources for security training.

Only thirty five percent said that there is active action taken on security issues.

“Security is a shared responsibility across any enterprise or government agency,” (ISC)2 CEO David Shearer said in a statement. “Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Oracle CEO Promises Autonomous Security Technology

October 2nd, 2017

Oracle’s founder Larry Ellison mentioned Equifax mistakes while mentioning that new Oracle technology would help to prevent Oracle customers from the data breach.

Due to vulnerability in the Apache Struts framework, there was data breach which exposed personally identifiable information on 143 million Americans.

“The biggest threat by far in cybersecurity is data theft,” Ellison said. “Preventing data theft is all about securing your data.”

As per the Oracle CEO, Oracle database is the safest database. Its new Oracle 18c database has autonomous capabilities. It has auto-tuning as well as automatic patching capabilities.

Ellison plans on announcing a new cyber-security service.

“You have to know when you’re being attacked and as they come in and you better detect that during reconnaissance phase,” Ellison said. “The attacker’s goal is to take your data and send it someplace else.”

The new system will automatically detect threats when they first appear. It will immediate defend and remediate against the detected problem.

He also mentioned that automated patching is key to the cyber defense.

“We have to automate our cyber-defences and you have to be able to defend yourself without taking your systems offline or shutting down your database,” Ellison said.

The new system makes use of machine learning and has the same underlying technology foundation as the Oracle 18c database.

“No human error means no opportunities for human malicious behaviour,” Ellison said.

“After your database’s been notified by your security system it has to be able to patch itself immediately while running,” he explained.

“There was a patch available for Equifax [but] somebody didn’t apply it. It’s a clean sweep; directors aren’t safe, nobody’s safe when something like that happens. People are going to get better at stealing data and we have to get a lot better at protecting it.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

APT33 Attacks US companies

September 29th, 2017

As per the FireEye researchers, Iranian government hacking group is using phishing attacks to target companies in the U.S., Saudi Arabia and South Korea. The group is named as APT33.

In the past year,  the group is able to access to many U.S. organization in the energy sector. It also targeted refining and petrochemicals in South Korean and aviation business in Saudi Arabia.

“We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia’s military aviation capabilities to enhance Iran’s domestic aviation capabilities or to support Iran’s military and strategic decision-making vis a vis Saudi Arabia,” the researchers wrote.

“Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities,” FireEye director of intelligence analysis John Hultquist said in a statement. “Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world.”

STEALTHbits Technologies CTO Jonathan Sander told eSecurity Planet that this is changing the face of cyber attacks.”When a cyber attack occurs, most still envision some young man in a hoodie or loner in a basement,” he said. “However, most of the bad guys today are professionals working for governments, organized crime, or even private [firms] in countries with lax laws that let cybercrime be a middle-class profession.”

“Organizations tend to focus defense on attacks that would exfiltrate data,” he said. “Many use the common notion that we’ve all been penetrated already as an excuse to only worry about defending against the last stage of most attacks where that data is stolen. When the motivation is destruction, though, the part where the data leaves never happens, and the trap is never sprung.”

Virsec Systems co-founder and COO Ray DeMeo mentioned there is no surprise in such groups. “We’ve seen clear evidence for some time that nation-state funded groups are using systematic, methodical, and innovative techniques to find weaknesses in networks and critical infrastructure systems,” he said.

“Expect ongoing cyber warfare to be the new normal, and it’s critical that all organizations take security much more seriously, improve their detection and protection capabilities, and train all employees to protect their credentials against theft,” DeMeo added.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

SEC Breach Calls for Broader Use of Encryption

September 27th, 2017

U.S. Securities and Exchange Commission (SEC) chairman Jay Clayton recently mentioned that software vulnerability in its Electronic Data Gathering, Analysis and Retrieval (EDGAR) system “was exploited and resulted in access to nonpublic information”.

He added it “may have provided the basis for illicit gain through trading.”

Hackers gain access to the system last year but till August 2017 commission determined that the data may have been available for illegal trading.

AsTech Consulting chief security strategist Nathan Wenzler mentioned that hackers can sell non-sensitive data as well. “Many of them are looking for specific types of information which they can leverage as an advantage in business deals, stock trades, investments and other financial activities for huge profits,” he said.

Wenzler added, “It’s imperative that monitoring and detection for the inappropriate use of this kind of data be a standard layer of defense for organizations right alongside patching vulnerabilities, encrypting data and enforcing strong access controls.”

Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies mentioned that the hackers may have been inspired by other data breach. ”Protecting information that will be made public but has to remain private for some period of time is very difficult to govern,” he said.

“This is not an area most organizations have shown competence in, and for any publicly traded company it is an area that they must be proficient in — but until then, expect this will not be the last such insider trading hack,” he said.

Jason Hart, vice president and CTO for data protection at Gemalto mentioned that stopping such threats is unrealistic goal “A better starting point is for organizations to truly know what they are trying to protect and then putting the right safeguards like encryption in place,” he said. “Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1 percent used encryption to render the information useless.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Deloitte Firm Data Breach

September 26th, 2017

Deloitte firm suffered data breach when it was hit last year by a cyber attack. The incident affected confidential emails and plans of at least six of its clients. Firm mentioned that attack was privileged, unrestricted ‘access to all areas.

Affected information also included usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

As per the statement “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators,” the company added.

As per the source, the exact duration was not known to the company.

“I think it’s unfortunate how we have handled this and swept it under the rug,” the source told Krebs. “It wasn’t a few emails like reported. They accessed the entire email database and all admin accounts. But we never notified our advisory clients or our cyber Intel clients.”

Raytheon chief strategy officer for cyber services Josh Douglas mentioned that data was not protected properly. “Two-factor authentication … is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” he said.

He added that 2FA alone isn’t enough. “Organizations need to hunt threats to their network proactively and adopt an incident response plan that prevents or limits the exfiltration of sensitive data,” he said. “Comprehensive cybersecurity is especially important in the era of cloud computing, where companies are storing sensitive data remotely. As we tell our clients, cloud computing puts your information on someone else’s computer — so it’s vital to protect the cloud exactly as you would your own servers.”

“Some key elements to such a strategy are an optimally deployed and tuned SIEM platform leveraging machine learning, a combination of internal and external expertise actively engaged in analysis, and the use of deception technology to identify active attackers and suspicious behavior,” Netsurion CISO John Christly said.

VASCO Data Security CMO John Gunn mentioned growing trends among hacker to attack other confidential. ”This was first evidenced by the successful attack on newswire services that yielded hackers more than $100 million of insider trading profits, and more recently with the successful breach of the SEC for confidential information on publicly traded companies,” he said.

“Firms such as Deloitte that have troves of sensitive, non-public information that could be used for illegal trading activity will find themselves increasingly in the cross-hairs of sophisticated hacking organizations,” Gunn added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Superfish Privacy Claims Settled by Lenovo

September 24th, 2017

PC vendor Lenovo admitted that adware is known as ‘Superfish’ was pre-installed on their system. These PCs were sold in the U.S. Now, Lenovo and the U.S. Federal Trade Commission (FTC) and a coalition of 32 state attorneys have settled the case. The FTC claimed that Superfish Adware was violating consumer privacy and filed the legal complaint in 2014.

“Lenovo compromised consumers’ privacy when it pre-loaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” Acting FTC Chairman Maureen K. Ohlhausen said in a statement. “This conduct is even more serious because the software compromised online security protections that consumers rely on.”

Earlier Lenovo denied the claim and added that there is no evidence to say that systems have security concerns. In early 2015, company changing it stance admitted that the adware has security risks.

The main issue with Superfish is that it installed a security certificate which allowed – ‘it work as a man-in-the-middle (MiTM) and intercept traffic between the user and the intended location’.

“To date, we are not aware of any actual instances of a third-party exploiting the vulnerabilities to gain access to a user’s communications,” Lenovo stated. “Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today. “

As per the settlement between two parties, Lenovo mentioned that it will stop misrepresenting preloaded software. It also agreed to implement a comprehensive security program for next 20 years. The program is subject to third-party audit.

Lenovo has agreed to security risks but remains firm that there is no violation of privacy of customers.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection. 

Cybrary raises Series A Funding

September 22nd, 2017

Cybrary raised $3.5 million in a Series A round of funding led by Arthur Ventures. Tenable Network Security’s founder, Ron Gula also got involved in a new round.

The Greenbelt, Md. provider of cybersecurity training services is planning to use the funds for content catalogue and grow its online learning and testing technology platform. Millions of people till date has acquired knowledge of cyber security on the Cybrary.

The offerings include web application penetration testing, Metasploit penetration testing software and ethical hacking.

There is growing number of data breaches which is amplified due to lack of skilled security experts. Last week Equifax disclosed a data breach which affected names, addresses, driver’s license numbers, birthdates and social security numbers—valuable personal identifiable information that can facilitate identity theft.

“Beyond addressing core cybersecurity and IT skills, the material available on Cybrary focuses in on specialized areas that are lacking across industries such as incident response, technical project management, malware analysis, and penetration testing,” said Ralph Sita, co-Founder and CEO.

“Cybrary brings together people, companies, content, and technology to create an ever-growing catalogue of online courses and experiential learning tools that provide IT and cyber security learning opportunities to anyone, anytime, anywhere, continued Sita.

“With free video courses, the platform works to bridge the skills gap by providing access to tools professionals need to be competent and confident,” he said. “The open-source model fosters this ecosystem of information sharing in order to create a frictionless environment where those professionals can learn at their own pace and assess their skills while interacting with the community of over 1.2 million users.”

There is more to the offerings.

“Cybrary’s course catalogue will be the world’s largest portfolio of courses and tutorials covering unique products, industry best practices, skills-based certifications, career-based learning paths, and more. We’ve seen a huge demand for topics like data science, secure coding, enterprise risk assessment, and software development,” said Sita. “Be on the lookout for those additions in the near future.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Kaspersky Software Banned in U.S. Government

September 19th, 2017

U.S. Acting Secretary of Homeland Security Elaine Duke issued a directive to Departments and agencies to stop using Kaspersky software in stipulated timeline citing security risks.

As per the Department of Homeland Security (DHS), “based on the information security risks presented by the use of Kaspersky products on federal information systems,” particularly since Kaspersky products generally provide broad access to files and elevated privileges on the computers on which they’re installed.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS mentioned. 

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS added.

Kapsersky replied that it has no inappropriate ties with any government, and said the DHS allegations regarding ties to Russian intelligence and other agencies are “completely unfounded.”

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” Kaspersky said. “The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.”

Christopher Krebs, a senior DHS official asked Kaspersky to prove in 90 days that it do not possess any risk. “We’ve determined that [the software] poses an unacceptable amount of risk based on our assessment,” he said. “If they want to provide additional information or mitigation strategies, our door is open.”

Kaspersky Lab founder Eugene Kaspersky mentioned, “When they say we have strong ties with Russian espionage it’s not true.”

“We cooperate with many law enforcement agencies around the world — in the past with the U.S. as well,” Kaspersky added.

“U.S. government officials are pressuring software companies to implement encryption backdoors because they think it will help them catch potential terrorists,” Venafi CEO Jeff Hudson said.

“At the same time, they banned security software from a Russian company for use in the U.S. government because they are concerned about security backdoors,” Hudson added. “They want to have it both ways, which is understandable.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.