Archive for the ‘Security Flaw’ category

Increase in DDoS Attacks

May 26th, 2017

Verisign recent report shows that 59 percent of distributed denial of service attacks peaked over 1 Gbps. Also, 23 percent peaked over 10 Gbps. The average peak attack size was 14.1 Gbps which is 26 percent increase over the last quarter.

The biggest attack included 60 Gbps for more than 15 hours.

“The attackers were very persistent in their attempts to disrupt the victim’s network by sending attack traffic on a daily basis for over two weeks.”

Survey also mentioned that IT services/cloud/SaaS industry was the prime target.

“In Q1 2017, Verisign observed that DDoS attacks remain unpredictable and persistent, and vary widely in terms of volume, speed and complexity,” the report mentioned. “To combat these attacks, it is becoming increasingly important to constantly monitor attacks for changes in order to optimize the mitigation strategy.”

Imperva’s Global DDoS Threat Landscape mentioned that 74 percent of DDoS attack victims were repeated.

“In the most extreme case, an established U.S.-based science news website was hit 1,046 times by low-volume bursts lasting 10 minutes or less,” Igal Zeifman, Incapsula security evangelist at Imperva, told eSecurity Planet by email. “This attack, and many other repeat assaults, fit the pattern of online harassment.”

“These attacks are a sign of the times — launching a DDoS assault has become as simple as downloading an attack script or paying a few dollars for a DDoS-for-hire service,” Zeifman added.

“Using these, non-professionals can take a website offline over a personal grievance or just as an act of cyber vandalism in what is essentially a form of Internet trolling.”

It also mentioned that the U.S. was the most targeted country and majority of attacks came from China.

Neustar’s Worldwide DDoS Attacks and Cyber Insights Research Report mentioned that the average cost of a DDoS attack amounts to $2.5 million in lost revenue.

“The question organizations must ask now is how they are prepared to manage these highly disruptive events,” Neustar head of research and development Barrett Lyon mentioned in a statement.

“Are they prepared for the bad day where they customers call and ask why the website is down?”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Seventy four countries hit with WannaCry ransomware

May 14th, 2017

Kaspersky researchers mentioned that tens of thousands of computers are infected in 74 countries worldwide by WannaCry ransomware.

“It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher,” the researchers mentioned.

MalwareTech has published live map for the area affected in the world.

“Russia, Ukraine and Taiwan leading,” Avast researcher Jakub Kroustek tweeted on Friday. “This is huge.”

Major company affected included FedEx, the Spanish phone company Telefonica, the Russian mobile phone operator MegaFon, and the UK’s National Health Service (NHS).

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.” NHS mentioned.

Joshua Douglas, chief strategy officer at Raytheon Foreground Security mentioned that the target was vital services like healthcare.

“Organizations are beginning to fully appreciate their exposure to risk, whether from negligent or malicious insiders, the growing attack surface are represented by the Internet of Things, or from the growing number of sophisticated attackers,” Douglas said.

“Healthcare, an industry with mountains of sensitive personal data and lives at stake, should consider security measures that take into account network users in addition to outside threats,” Douglas added. “When dealing with ransomware, advance security protections, basic cyber hygiene, tested disaster recovery plans and employee training are critical to protecting data.”

The attack has devastating impact on the services and systems.

“This is the first time that a worm-link tool has been used in conjunction with ransomware that has created devastating impact against entire organizations,” Fidelis Cybersecurity threat research manager John Bambenek said by email. “Strong and swift patching would have helped mitigate this threat. It has undoubtedly captured the imagination of criminals who don’t want to hold individual machines ransom but to take entire organizations hostage, and surely we will see much more of this in the coming weeks.”

“The fact that a vulnerability developed by the NSA was used in this attack shows the dangers that can happen when this knowledge gets out into the wild even after a patch has been developed,” Bambenek added. “Intelligence agencies will always be developing zero-days, but unlike traditional weapons, these tools can be repurposed quickly for devastating criminal attacks.”

“The intelligence community should develop strong procedures that when such tools leak, they immediately give relevant information to software developers and security vendors so protections can be developed before attacks are seen in the wild,” Bambenek said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Verizon Survey

May 5th, 2017

Verizon mentioned that increase in the propriety research, prototypes, and amounts of confidential personal data is the major factor for the rise in the phishing attack. It also mentioned that there is an increase in 50 percent in the attacks last year.

Almost 95% of the attacks include the phishing technique of software installation on the user device. There is also rise in getting the information by pretending someone else. These are called pretexting attacks. Eighty-eight percent of pretexting attacks originated from emails.

Many smaller organizations also suffered a data breach. Sixty-one percent of breach occurred at the companies having less than 1000 employees.

“Cyber-attacks targeting the human factor are still a major issue,” Verizon Enterprise Solutions Global Security Services Executive Director Bryan Sartin said in a statement. “Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”

Verizon mentioned that three quarters of the breaches was caused by outsider. Almost 51% involves criminal groups.

Finance sector was the major area where attacker focused. Almost 24% attacks counted for this sector. Healthcare involves 15% of data breaches.

“The cybercrime data for each industry varies dramatically,” Sartin explained. “It is only by understanding the fundamental workings of each vertical that you can appreciate the cyber security challenges they face and recommend appropriate actions.”

Survey also found out that 73% percent of the attacks are financially motivated.

“Social engineering is a common means for cybercriminals to establish a foothold,” report authors warned. “And employees are making this easy by using easy-to-guess passwords. Users, and even IT departments are even often guilty of not changing the default passwords that devices come with, and can easily be looked up online.”

The report author at Verizon mentioned that encryption and two-factor authentication also help to limit the damage.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Stolen laptop leads to data breach

May 2nd, 2017

Lifespan Corporation recently suffered a possible data breach due to stolen laptop. The device belongs to Lifespan employee. An individual broke into employee’s car and stole laptop along with other items. The employee immediately reported the incident to law enforcement & Lifespan.

As per the website, “Lifespan, Rhode Island’s first health system, was founded in 1994 by Rhode Island Hospital and The Miriam Hospital. A comprehensive, integrated, academic health system affiliated with The Warren Alpert Medical School of Brown University, Lifespan’s present partners also include Rhode Island Hospital’s paediatric division, Hasbro Children’s Hospital; Bradley Hospital; Newport Hospital; and Gateway Healthcare. “

To reduce unauthorized access to the laptop, Rhode Island health organization changed the login credentials for accessing Lifespan system information. Facility found out the stolen MacBook was not encrypted. Password protection was also not present on the system.

The laptop included information of 20,431 patients. Affected information included emails containing patient names, medical record numbers, and demographic information. Lifespan has started notifying the affected patients. Call centre is also established to answer the queries.

Facility mentioned that there is no suggestion or information of data misuse. Also, patient medical records or Social Security numbers were not included in the breach.

Facility is retraining the employees to avoid such incidents in future.

“Lifespan is committed to protecting the security and confidentiality of our patients’ information, and we deeply regret this incident occurred.”

How can you protect data when the laptop is stolen?

Encryption

 Encryption can play a major role in securing your data in case of stolen laptop.

Authentication

Biometrics and two-factor authentication (2FA) increases the security level of your device.

Email security

Your email contains a lot of sensitive information. Emails are auto-opened in the system due to stored password. Remember password or use alternative methods to open email accounts.
Find My Device

Activate Find My Device software on your laptop. It will help you to track the laptop.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Hackers trying to gain access to US defence servers

April 27th, 2017

US Airforce is attacked by hackers. It was the continuation of bug bounty program which earlier allowed attacks on Pentagon and the Army. It is an effort to allow security researchers to attack a limited set of Pentagon IT assets. It is now widened to different branches of the armed forces.

The program plans to expand further and allow entities from the U.S and the United Kingdom, Canada, Australia and New Zealand.

“Hack the Air Force has the largest scope of participation yet,” Reina Staley, Chief of Staff at U.S Defense Digital Services.

Earlier the bug bounty program was limited only to US citizens.

“Since the success of Hack the Pentagon and the subsequent Hack the Army bounty, we’ve been working to continually expand the bounds for participation by everyone,” she said. “For this round with the Department of the Air Force, we’re excited to include the citizens of a few allied nations.”

This program is limited scope program where participants need to work on given scope. It’s not open invitation to hack anything. Unmanned Aerial Vehicles (UAVs), known as drones are not included in this program. Hack the Air Force is also limited period program.

“DDS: The Department of Defense launched a Vulnerability Disclosure Program (VDP) which allows security researchers across the globe to submit discovered vulnerabilities through the HackerOne platform for remediation by DoD security teams,” Staley said. “The VDP provides a safe and legal avenue for anyone to report these vulnerabilities at any time, even outside of a bug bounty program.”

“Our aim is for DoD organizations and all military Services to adopt this crowdsourced security tool,” Staley said. “It’s incredibly important for us to strengthen the assets that support services for our Service members, civilians, and their families around the world.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Security Survey For Mobile Data Breach

April 25th, 2017

According to the recent survey by Dimensional Research, Sixty-four percent of security professionals feel that their organisations cannot prevent a breach to employees’ mobile devices.

Highlights of the survey are as below:

Twenty percent had suffered mobile breach incident

Twenty-four percent are not sure of the breach or they can’t tell about it

Fifty-one percent believe that breach to mobile is equal to that of PCs

“Perhaps the high level of concern is based on the frequency of mobile device loss or theft, as well as the limited security measures companies use to protect enterprise mobile devices,” the report states.

More than a third of companies fail to secure mobile devices as required and only thirty-eight percent take help of mobile security solution. Fifty-three percent says that lack of budget leads to a less secure environment. Forty-one said the shortage of resources is the reason.

“The dichotomy of management trying to control costs and security professionals struggling with insufficient tools to repel attackers is not a new story line in most enterprises,” the report notes. “Unfortunately, the story usually ends sadly with a huge, embarrassing event with the press blazing headlines of a costly hack and the company suffering brand damage and loss of customer confidence.”

Ninety-four percent feels that mobile attack will increase in coming time

Seventy-nine percent expect that complexity of mobile security will increase

Twenty percent said that mobile breach can cost $500,000 and 11 percent said it will cost more than $1 million for the companies

“The research consistently revealed that the overall focus and preparedness of security for mobile devices is severely lacking,” Dimensional Research principal David Gehringer said in a statement.

“Security professionals identified the risk of mobile devices, but focus and resources assignment seem to be waiting for actual catastrophes to validate the need to properly prepare their defenses,” Gehringer added. “It’s unfortunate that so many companies have not learned from the past and are doomed to repeat wasted costs and the customer outrage of being breached.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security software, the market leader in the field of mobile data protection. Encryption is performed with the AES 256 bit encryption algorithm.

Firms to spend more on cyber security

April 21st, 2017

As per the recent Duff & Phelps survey, eighty-six percent of financial services firms are planning to spend more time and resources on cyber security in this year. In 2016, only 60 percent said they planned to spend more. Also, thirty-one percent mentioned that the cyber security is the top priority.

“Cyber security is at the top of the agenda for financial services firms today,” Jason Elmer, managing director for compliance and regulatory consulting at Duff & Phelps, said in a statement. “In the wake of high-profile cyber attacks, many are anticipating clearer and more punitive cyber security regulation to be implemented.”

“Firms are proactively looking to strengthen cyber defenses as a result, and this is an opportunity for regulators to collaborate with financial institutions to form new rules,” Elmer added. “What’s also clear is that commercial pressures from investors concerned about the security of their sensitive data will accelerate any attempt to improve cyber security measures.”

There is a high cost involved in the case of a breach. Kaspersky Lab conducted a survey of financial institutions. It mentioned that cost of even a single cyber security incident to a financial institution in the U.S. can rise up to $1,165,000.

Other findings of survey include-

Fifty-three percent believe that their top concerns are phishing/social engineering attacks on customers

Thirty-three believe that attack can happen on local/branch office

Thirty-one percent believe that digital banking services can be the target

“Given the substantial monetary losses from cyber attacks, it is not surprising that financial organizations are looking to increase spending on security,” Kaspersky Lab vice president for enterprise business Veniamin Levtsov said in a statement.

“We believe successful security strategies for financial organizations lie in a more balanced approach to allocating resources — not just spending on compliance, but also investing more in protection from advanced targeted attacks, paying more attention to personal security awareness and getting better insights on the industry-specific threats,” Levtsov added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Encryption strategy for enterprises

April 18th, 2017

A Recent survey of Thales’ 2017 Global Encryption Trends Study shows that only 41 percent of enterprises have an encryption strategy which has consistency throughout the company.

Other findings of the reports are as follow-

Forty-six encrypts data on-premise before sending to the cloud

Twenty-one percent encrypts data in the cloud

Thirty-seven percent gave control of keys and encryption processes to cloud service providers

Fifty-five percent believe that compliance is the most important driver for encryption

“The accelerated growth of encryption strategies in business underscores the proliferation of mega breaches and cyber attacks, as well as the need to protect a broadening range of sensitive data types,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.

“Simply put, the stakes are too high for organizations to stand by and wait for an attack to happen to them before introducing a sophisticated data protection strategy,” Ponemon added. “Encryption and key management continue to play critical roles in these strategies.”

A different survey conducted by Venafi of more than 1,540 information security professionals shows that twenty-three percent have no idea the extent of decryption and inspection of encrypted data.

“Encryption offers the perfect cover for cyber criminals,” Venafi chief security strategist Kevin Bocek said in a statement. “It’s alarming that almost one out of four security professionals don’t know if his or her organization is looking for threats hiding in encrypted traffic.”

“It’s clear that most IT and security professionals don’t realize the security technologies they depend on to protect their business are useless against the increasing number of attacks hiding in encrypted traffic,” Bocek added.

This survey also showed that 41 percent companies encrypt at least 70 percent of internal network traffic.

“Although the vast majority of the respondents inspect and decrypt a small percentage of their internal encrypted traffic, they still believe they can quickly remediate a cyber attack hidden in encrypted traffic,” Bocek said. “The problem is that attackers lurking in encrypted traffic make quick responses even more difficult.”

“This is especially true for organizations without mature inbound, cross-network, and outbound inspection programs,” Bocek added.

“This overconfidence makes it very clear that most security professionals don’t have the strategies necessary to protect against malicious encrypted traffic.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Hacking of Amazon third-party sellers’ accounts

April 16th, 2017

Hackers use passwords for high-profile breaches to compromise Amazon third-party sellers’ accounts. The attackers stole tens of thousands of dollars from sellers’ accounts. They also posted nonexistent items for sale in order to get more funds.

The incident has affected two million seller accounts on Amazon.com account which counts for more than half of its sales. As per the reports, over 100,000 sellers earn more than $100,000 a year.

Amazon seller Margina Dennis told NBC News about the fraud. She got 100 emails from customers. They were complaining of not getting a Nintendo Switch. The product was uploaded on site through her account by hacker. They also changed the accounts password.

An Amazon spokesman said “There have always been bad actors in the world; however, as fraudsters get smarter so do we. Amazon is constantly innovating on behalf of customers and sellers to ensure their information is secure and that they can buy and sell with confidence on Amazon.com.”

Third-Party Risk

CyberGRX CEO Fred Kneip mentioned that hackers are targeting Amazon’s third-party ecosystem for financial gain.

“Amazon is a high-profile example of how increasingly connected businesses have become, but organizations across the world in every industry are undergoing a similar transformation as outsourcing, globalization and the digitization of business expand their digital ecosystems exponentially,” he said.

“Whether it’s one of the world’s largest retailers or a small business, companies need to approach third-party cyber risk as a real threat to their business that needs to be continuously managed,” Kneip added.

AlienVault security advocate Javvad Malik mentioned that third party vendors should look for their own security.

“It is therefore, important that all companies of all sizes have at least a basic level of threat detection controls in place that can alert when unexpected changes occur, or when systems start behaving in an unusual manner,” he said.

“Compromised credentials are the leading attack vectors in cyber breaches, as hackers target networks through trusted third-party suppliers and contractors who likely have less rigorous security than the ultimate target,” Centrify senior director of products and marketing Corey Williams said.

“This certainly won’t be the last time we see third parties being hacked — organizations need to up the security stakes with multi-factor authentication, which requires more than one method of authentication to verify the user’s identity for a login or other transaction, in order to stop the use of stolen credentials,” Williams added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Keeping sensitive information from leaks

April 11th, 2017

Today companies needs to keep the data very secure due to need of protecting corporate data and  also regulations which require consumer data to be protected. EU General Data Protection Regulation (GDPR) are increasing the fines for non compliance. It is daunting task for companies to comply with regulations.

“I can see the difference from before GDPR and after GDPR,” he said of companies scrambling to shore up data leaks. “Even if I have a tiny office somewhere, I need to check for confidential data.” And automating this scrutiny is the only way to effectively manage it.” said Angel Serrano, senior manager of advanced risk and compliance analytics at PwC UK in London.

What is DLP?

ISACA mention it “data leak prevention”.

Gartner calls it “data loss protection” or “data loss prevention”.

It prevents unauthorized users from sending sensitive data.

“DLP is not one thing, like a tomato,” GBT Technologies co-founder Uzi Yair said, referring to GBT’s enterprise suite of products. In addition to more traditional practices such as scanning endpoints, network and storage as well as policy management and workflow tools, it includes an information rights management (IRM) policy server that applies file-level control over who has access to what, where – it might be solely on-premises – and when.

Recent reports on DLP has below highlights:

  • An average of 20 data loss incidents occur every day all around the world
  • Eighty three percent of organisations have security solutions but still thirty three percent suffer from data loss
  • DLP detects incidents and has regular expressions, dictionary-based rules, and unstructured data for breach detection.
  • Many facilities use DLP only for email instead of full business applications

DLP takes two forms:

  • Agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery
  • Integrated DLP products that may offer more limited functionality

“All these web applications like Google Drive and Office 365 are integrating with other satellite applications,” said Krishna Narayanaswamy, founder and chief scientist at Netskope.” Salesforce uses Google Drive as a place to store files. DocuSign can put documents in Google Drive. You need to be at all the points where data is going into these applications. You need to be able to inspect that data at rest and determine who uploaded that data. Also inspect and apply policies to outgoing email.”

Many companies do not use new ways.

“The new generation considers email a dinosaur. They go to social media – Twitter, LinkedIn, Facebook – you have to cover those as well. More and more communication is coming via SSL, and that’s a big blank spot that many DLP vendors have not considered,” Narayanaswamy said.

“When you look at the web, there are many reasons for sending data from inside to the outside,” Narayanaswamy said. “Modern applications constantly post information about how users are using the application, response times, and so forth, to improve user experience. When you look at every post transaction, there’s a potential for many false positives,” which have been the bane of DLP.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.