data security

North Korean Hackers

October 11th, 2017

South Korean ruling party lawmaker Lee Cheol-hee said that North Korean hackers have stole 235 GB of data from South Korea’s Defense Integrated Data Center which includes operational plans created by Seoul and Washington for all-out war with North Korea.

The data includes plans for “decapitating” the North Korean leadership if war breaks out. It also includes contingency plan.

“The Ministry of National Defense has yet to find out about the content of 182 GB of the total [stolen] data,” he said.

As per the Pentagon spokesman Colonel Rob Manning, all key information remains secure. “I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea,” he said.

“We’ll continue to work closely with our partners in the international community in identifying, tracking and countering any cyber threats,” Manning added.

As per the AlienVault threat engineer Chris Doman, hacker group responsible for the attacks is possibly a subgroup of the attackers behind WannaCry, the Sony breach, and the SWIFT hacks. “They are very active, and I continue to see new malware samples from them every week,” he said.

“In Ukraine, the number of cyber attacks, and their level of sophistication, rose with fighting on the ground,” Comodo senior research scientist Kenneth Geers said. “The threat of sudden decapitation via cyber and traditional strikes may force Kim Jong-un into making desperate moves.”

“Cyber is more unpredictable than traditional weaponry, because you may lose control of your assets before you know it,” Geers added. “Given that the risk is international nuclear war, there are no limits on what both sides might do in cyberspace to prepare the battlespace, in an effort to improve the prospects of victory for their side.”

Geers also mentioned that North Korean hackers may plan sabotage operations in case of war. “It is possible that North Korea might receive cyber help from Russia and/or China, who may perceive an interest in undermining U.S. geopolitical goals, as well as testing national cyber capabilities,” he said.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

APT33 Attacks US companies

September 29th, 2017

As per the FireEye researchers, Iranian government hacking group is using phishing attacks to target companies in the U.S., Saudi Arabia and South Korea. The group is named as APT33.

In the past year,  the group is able to access to many U.S. organization in the energy sector. It also targeted refining and petrochemicals in South Korean and aviation business in Saudi Arabia.

“We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia’s military aviation capabilities to enhance Iran’s domestic aviation capabilities or to support Iran’s military and strategic decision-making vis a vis Saudi Arabia,” the researchers wrote.

“Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities,” FireEye director of intelligence analysis John Hultquist said in a statement. “Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world.”

STEALTHbits Technologies CTO Jonathan Sander told eSecurity Planet that this is changing the face of cyber attacks.”When a cyber attack occurs, most still envision some young man in a hoodie or loner in a basement,” he said. “However, most of the bad guys today are professionals working for governments, organized crime, or even private [firms] in countries with lax laws that let cybercrime be a middle-class profession.”

“Organizations tend to focus defense on attacks that would exfiltrate data,” he said. “Many use the common notion that we’ve all been penetrated already as an excuse to only worry about defending against the last stage of most attacks where that data is stolen. When the motivation is destruction, though, the part where the data leaves never happens, and the trap is never sprung.”

Virsec Systems co-founder and COO Ray DeMeo mentioned there is no surprise in such groups. “We’ve seen clear evidence for some time that nation-state funded groups are using systematic, methodical, and innovative techniques to find weaknesses in networks and critical infrastructure systems,” he said.

“Expect ongoing cyber warfare to be the new normal, and it’s critical that all organizations take security much more seriously, improve their detection and protection capabilities, and train all employees to protect their credentials against theft,” DeMeo added.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

SEC Breach Calls for Broader Use of Encryption

September 27th, 2017

U.S. Securities and Exchange Commission (SEC) chairman Jay Clayton recently mentioned that software vulnerability in its Electronic Data Gathering, Analysis and Retrieval (EDGAR) system “was exploited and resulted in access to nonpublic information”.

He added it “may have provided the basis for illicit gain through trading.”

Hackers gain access to the system last year but till August 2017 commission determined that the data may have been available for illegal trading.

AsTech Consulting chief security strategist Nathan Wenzler mentioned that hackers can sell non-sensitive data as well. “Many of them are looking for specific types of information which they can leverage as an advantage in business deals, stock trades, investments and other financial activities for huge profits,” he said.

Wenzler added, “It’s imperative that monitoring and detection for the inappropriate use of this kind of data be a standard layer of defense for organizations right alongside patching vulnerabilities, encrypting data and enforcing strong access controls.”

Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies mentioned that the hackers may have been inspired by other data breach. ”Protecting information that will be made public but has to remain private for some period of time is very difficult to govern,” he said.

“This is not an area most organizations have shown competence in, and for any publicly traded company it is an area that they must be proficient in — but until then, expect this will not be the last such insider trading hack,” he said.

Jason Hart, vice president and CTO for data protection at Gemalto mentioned that stopping such threats is unrealistic goal “A better starting point is for organizations to truly know what they are trying to protect and then putting the right safeguards like encryption in place,” he said. “Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1 percent used encryption to render the information useless.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Superfish Privacy Claims Settled by Lenovo

September 24th, 2017

PC vendor Lenovo admitted that adware is known as ‘Superfish’ was pre-installed on their system. These PCs were sold in the U.S. Now, Lenovo and the U.S. Federal Trade Commission (FTC) and a coalition of 32 state attorneys have settled the case. The FTC claimed that Superfish Adware was violating consumer privacy and filed the legal complaint in 2014.

“Lenovo compromised consumers’ privacy when it pre-loaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” Acting FTC Chairman Maureen K. Ohlhausen said in a statement. “This conduct is even more serious because the software compromised online security protections that consumers rely on.”

Earlier Lenovo denied the claim and added that there is no evidence to say that systems have security concerns. In early 2015, company changing it stance admitted that the adware has security risks.

The main issue with Superfish is that it installed a security certificate which allowed – ‘it work as a man-in-the-middle (MiTM) and intercept traffic between the user and the intended location’.

“To date, we are not aware of any actual instances of a third-party exploiting the vulnerabilities to gain access to a user’s communications,” Lenovo stated. “Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today. “

As per the settlement between two parties, Lenovo mentioned that it will stop misrepresenting preloaded software. It also agreed to implement a comprehensive security program for next 20 years. The program is subject to third-party audit.

Lenovo has agreed to security risks but remains firm that there is no violation of privacy of customers.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection. 

Cybrary raises Series A Funding

September 22nd, 2017

Cybrary raised $3.5 million in a Series A round of funding led by Arthur Ventures. Tenable Network Security’s founder, Ron Gula also got involved in a new round.

The Greenbelt, Md. provider of cybersecurity training services is planning to use the funds for content catalogue and grow its online learning and testing technology platform. Millions of people till date has acquired knowledge of cyber security on the Cybrary.

The offerings include web application penetration testing, Metasploit penetration testing software and ethical hacking.

There is growing number of data breaches which is amplified due to lack of skilled security experts. Last week Equifax disclosed a data breach which affected names, addresses, driver’s license numbers, birthdates and social security numbers—valuable personal identifiable information that can facilitate identity theft.

“Beyond addressing core cybersecurity and IT skills, the material available on Cybrary focuses in on specialized areas that are lacking across industries such as incident response, technical project management, malware analysis, and penetration testing,” said Ralph Sita, co-Founder and CEO.

“Cybrary brings together people, companies, content, and technology to create an ever-growing catalogue of online courses and experiential learning tools that provide IT and cyber security learning opportunities to anyone, anytime, anywhere, continued Sita.

“With free video courses, the platform works to bridge the skills gap by providing access to tools professionals need to be competent and confident,” he said. “The open-source model fosters this ecosystem of information sharing in order to create a frictionless environment where those professionals can learn at their own pace and assess their skills while interacting with the community of over 1.2 million users.”

There is more to the offerings.

“Cybrary’s course catalogue will be the world’s largest portfolio of courses and tutorials covering unique products, industry best practices, skills-based certifications, career-based learning paths, and more. We’ve seen a huge demand for topics like data science, secure coding, enterprise risk assessment, and software development,” said Sita. “Be on the lookout for those additions in the near future.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Kaspersky Software Banned in U.S. Government

September 19th, 2017

U.S. Acting Secretary of Homeland Security Elaine Duke issued a directive to Departments and agencies to stop using Kaspersky software in stipulated timeline citing security risks.

As per the Department of Homeland Security (DHS), “based on the information security risks presented by the use of Kaspersky products on federal information systems,” particularly since Kaspersky products generally provide broad access to files and elevated privileges on the computers on which they’re installed.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS mentioned. 

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS added.

Kapsersky replied that it has no inappropriate ties with any government, and said the DHS allegations regarding ties to Russian intelligence and other agencies are “completely unfounded.”

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” Kaspersky said. “The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.”

Christopher Krebs, a senior DHS official asked Kaspersky to prove in 90 days that it do not possess any risk. “We’ve determined that [the software] poses an unacceptable amount of risk based on our assessment,” he said. “If they want to provide additional information or mitigation strategies, our door is open.”

Kaspersky Lab founder Eugene Kaspersky mentioned, “When they say we have strong ties with Russian espionage it’s not true.”

“We cooperate with many law enforcement agencies around the world — in the past with the U.S. as well,” Kaspersky added.

“U.S. government officials are pressuring software companies to implement encryption backdoors because they think it will help them catch potential terrorists,” Venafi CEO Jeff Hudson said.

“At the same time, they banned security software from a Russian company for use in the U.S. government because they are concerned about security backdoors,” Hudson added. “They want to have it both ways, which is understandable.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Cloud Security Error Affects Half a Million Voters

September 16th, 2017

Kromtech researchers recently found a misconfigured CouchDB database which affected information of 593,328 Alaskan voters.

“When the database was configured, administrators bypassed important security settings that were set to ‘public’ instead of ‘private,’ allowing anyone with an Internet connection to gain access [to] the repository,” Kromtech chief security communications officer Bob Diachenko wrote in a blog post analyzing the breach.

TargetSmart CEO Tom Bonier mentioned that the breach was due to the third party. “We’ve learned that Equals3, an AI software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database approximately 593,000 Alaska voters appears to have been inadvertently exposed, but not accessed by anyone other than the security researchers on our team and the team that identified the exposure,” he said.

Kromtech vice president of strategic alliances Alex Kernishniuk said that system needs to be updated”This is yet another wakeup call for companies, governments, and political organizations to audit their networks, servers and storage devices and ensure they take the proper security precautions,” he said.

Kromtech also discovered another breach where it affected 3,065,805 WWE fans’ personal information and 48,000 Indian citizens’ personal data.

Dome9 co-founder and CEO Zohar Alon told eSecurity Planet by email that it’s more important than ever for companies to define strict controls and practices for the handling of sensitive data.

“Attackers are looking for two things: repositories with data of value to organizations, and weak security practices,” he said.

“As more data makes its way to the public cloud and security practices around CouchDB become more standardized and robust, attackers will shift their attention to other low-hanging fruit, and exploit commonly known security gaps such as misconfigurations,” Alon added.

“With 2017 having already set new records in terms of the magnitude of cyber attacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields,” Bitdefender Senior eThreat Analyst Bogdan Botezatu said in a statement.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

New Cyber Security Strategy – Deceiving the Deceivers

September 5th, 2017

New cyber security battle is fought in a new way. Deception is the old strategy used in business, warfare and politics. It is now implemented in IT security.

Cyber criminals are long using deception policy to gain information. Now, new generation start-ups are using the same idea to avoid them. They are confusing the attackers by masking the real system.

“The idea is to mask real high-value assets in a sea of fake attack surfaces,” said Ori Bach, VP of products and marketing at TrapX Security. “By doing so, attackers are disoriented.”

Once attackers enter the system through malicious ways, they are free to roam inside. As per the Gartner analyst Lawrence Pingree, attackers must “trust” the environment that they insert malware into.

“Deception exploits their trust and tempts the attacker toward alarms,” said Pingree. “Deception also can be used to move an attacker away from sensitive assets and focus their efforts on fake assets – burning their time and the attacker’s investment.”

The main aspect is to manage real user endpoint lures.

“Distributed deception platforms (DDP) are solutions that create faked systems (often real operating systems, but used as sacrificial machines), lures (such as fake drive maps and browser histories) and honeytokens (fake credentials) on real end-user systems to entice and mislead the attacker to faked assets in order to enhance detection and to delay their actions as they attack those decoy assets,” wrote Pingree.

Experts believe that deceptive technology must not only create honeypots but a whole system to make it real.

“Ideally, organizations can use DDP solutions to create ‘intimate threat intelligence’ and use that to enrich their other tools to enhance prevention at the network and other security defensive layers,” said Pingree.

“Since you never know where you might be attacked, the ideal deception strategy should cover as many layers of the network and as many types of assets as possible,” said Bach. “For a deception tool to be effective in an enterprise environment, it must be integrated with the infrastructure (e.g. Active Directory, the networking infrastructure) and the security ecosystem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Attack on Critical Infrastructure

September 2nd, 2017

Symantec researchers recently investigated and published findings of new cyber attacks which targeted the energy sector in Europe and North America. Attack group is known as Dragonfly which is involved in such activities since 2011.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the Symantec researchers wrote in a blog post.

Symantec cyber security researcher Eric Chien mentioned Reuters that many of companies have been targeted which few based in U.S.

“As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software,” the researchers mentioned.

Attackers were trying to gain remote access to the system.

“Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks,” the researchers wrote. “This custom malware is not available on the black market, and has not been observed being used by any other known attack groups.”

RiskVision CEO Joe Fantuzzi mentioned that there is a rise in the attack on the energy sector. “Critical infrastructure is clearly becoming more of a target for hackers as it provides access not only to sensitive information but the ability to dramatically impact and/or harm large numbers of people,” he said.

Fantuzzi added that energy sector company should do risk analysis. “Unfortunately, security defenses protecting these systems have often been neglected or routinely deprioritized, and as a result, are substandard or completely outdated, thus giving cyber criminals an easy entry into these networks,” he said.

 ___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Current State of IOT

August 30th, 2017

As per the recent reports, a list of IP addresses and login credentials for more than 8,000 telnet-accessible Internet of Things (IoT) devices was posted on Pastebin. GDI Foundation chairman Victor Gevers mentioned that out of 8,233 devices only 144 has different login credentials. He also mentioned that the common credentials are root:[blank] (782 instances), admin:admin (634), root:root (320), admin:default (21), and default:.

Varonis technical evangelist Brian Vecci told that a leak as big as this one opens the door to a wide variety of infections and exploits. “Not only do consumers need to be mindful of what they put on their network and do what they can to secure their devices, but manufacturers have an obligation to make security an essential part of the design with IoT products,” he said.

Vecci said that defaults settings is an open invitation for attackers.

“Device manufacturers need to build better security into the design of their products and services to ensure that even if a consumer doesn’t take the time to customize the device, it’s not accessible and inviting abuse,” Vecci added. “Some manufacturers, for example, are beginning to minimize the risk of devices being hacked by randomizing factory default credentials and disabling remote access by default.”

As per the recent Irdeto survey, 90 percent mentioned that the cyber security should be inbuilt in IOT devices.

“Today’s connected world needs consumers to be vigilant about security threats,” Irdeto director of IoT security Mark Hearn said in a statement. “On the device manufacturer side, there must be a better ‘defense-in-depth’ approach to cyber security that integrates multiple layers of security into a system. This approach, combined with ongoing security updates to protect against the latest threats, is critical to mitigate attacks targeting IoT technologies.”

New IoT Cybersecurity Improvement Act of 2017 was introduced in the US to tackle security issues.

“My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products,” bill co-sponsor Sen. Mark Warner said at the time.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.